{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T07:28:29Z","timestamp":1742974109541,"version":"3.40.3"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030582074"},{"type":"electronic","value":"9783030582081"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58208-1_3","type":"book-chapter","created":{"date-parts":[[2020,8,26]],"date-time":"2020-08-26T09:03:28Z","timestamp":1598432608000},"page":"39-56","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Detection of Malicious PowerShell Using Word-Level Language Models"],"prefix":"10.1007","author":[{"given":"Yui","family":"Tajiri","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4323-9911","authenticated-orcid":false,"given":"Mamoru","family":"Mimura","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,8,26]]},"reference":[{"key":"3_CR1","unstructured":"GitHub. https:\/\/github.co.jp\/"},{"key":"3_CR2","unstructured":"Hybrid Analysis. https:\/\/www.hybrid-analysis.com\/"},{"key":"3_CR3","unstructured":"Powerdrive. https:\/\/github.com\/denisugarte\/PowerDrive"},{"key":"3_CR4","unstructured":"Virus Total. https:\/\/www.virustotal.com\/"},{"issue":"1","key":"3_CR5","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001). https:\/\/doi.org\/10.1023\/A:1010933404324","journal-title":"Mach. Learn."},{"key":"3_CR6","doi-asserted-by":"publisher","first-page":"27:1","DOI":"10.1145\/1961189.1961199","volume":"2","author":"C Chang","year":"2011","unstructured":"Chang, C., Lin, C.: LIBSVM: a library for support vector machines. ACM Trans. Intell. Syst. Technol. 2, 27:1\u201327:27 (2011). https:\/\/doi.org\/10.1145\/1961189.1961199","journal-title":"ACM Trans. Intell. Syst. Technol."},{"key":"3_CR7","doi-asserted-by":"publisher","unstructured":"Chen, T., Guestrin, C.: XGBoost: a scalable tree boosting system. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco, CA, USA, August 13\u201317, 2016, pp. 785\u2013794 (2016). https:\/\/doi.org\/10.1145\/2939672.2939785","DOI":"10.1145\/2939672.2939785"},{"issue":"6","key":"3_CR8","doi-asserted-by":"publisher","first-page":"391","DOI":"10.1002\/(SICI)1097-4571(199009)41:6<391::AID-ASI1>3.0.CO;2-9","volume":"41","author":"SC Deerwester","year":"1990","unstructured":"Deerwester, S.C., Dumais, S.T., Landauer, T.K., Furnas, G.W., Harshman, R.A.: Indexing by latent semantic analysis. JASIS 41(6), 391\u2013407 (1990). https:\/\/doi.org\/10.1002\/(SICI)1097-4571(199009)41:6<391::AID-ASI1>3.0.CO;2-9","journal-title":"JASIS"},{"key":"3_CR9","doi-asserted-by":"publisher","unstructured":"Hendler, D., Kels, S., Rubin, A.: Detecting malicious PowerShell commands using deep neural networks. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security, AsiaCCS 2018, Incheon, Republic of Korea, June 04\u201308, 2018, pp. 187\u2013197 (2018). https:\/\/doi.org\/10.1145\/3196494.3196511","DOI":"10.1145\/3196494.3196511"},{"key":"3_CR10","doi-asserted-by":"crossref","unstructured":"Ito, R., Mimura, M.: Detecting unknown malware from ASCII strings with natural language processing techniques. In: 2019 14th Asia Joint Conference on Information Security (AsiaJCIS), pp. 1\u20138 (2019)","DOI":"10.1109\/AsiaJCIS.2019.00-12"},{"key":"3_CR11","unstructured":"Le, Q.V., Mikolov, T.: Distributed representations of sentences and documents. In: Proceedings of the 31th International Conference on Machine Learning, ICML 2014, Beijing, China, 21\u201326 June 2014, pp. 1188\u20131196 (2014). http:\/\/proceedings.mlr.press\/v32\/le14.html"},{"key":"3_CR12","doi-asserted-by":"crossref","unstructured":"McAfee: McAfee labs threats report August 2019 (August 2019). https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/reports\/rp-quarterly-threats-aug-2019.pdf","DOI":"10.1016\/S1361-3723(19)30004-1"},{"key":"3_CR13","unstructured":"Mikolov, T., Chen, K., Corrado, G., Dean, J.: Efficient estimation of word representations in vector space. In: 1st International Conference on Learning Representations, ICLR 2013, Scottsdale, Arizona, USA, May 2\u20134, 2013, Workshop Track Proceedings (2013). http:\/\/arxiv.org\/abs\/1301.3781"},{"key":"3_CR14","doi-asserted-by":"crossref","unstructured":"Mimura, M., Suga, Y.: Filtering malicious JavaScript code with doc2vec on an imbalanced dataset. In: 2019 14th Asia Joint Conference on Information Security (AsiaJCIS), pp. 24\u201331 (2019)","DOI":"10.1109\/AsiaJCIS.2019.000-9"},{"key":"3_CR15","doi-asserted-by":"publisher","first-page":"555","DOI":"10.2197\/ipsjjip.27.555","volume":"27","author":"M Mimura","year":"2019","unstructured":"Mimura, M., Miura, H.: Detecting unseen malicious VBA macros with NLP techniques. JIP 27, 555\u2013563 (2019). https:\/\/doi.org\/10.2197\/ipsjjip.27.555","journal-title":"JIP"},{"key":"3_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1007\/978-3-030-26834-3_10","volume-title":"Advances in Information and Computer Security","author":"M Mimura","year":"2019","unstructured":"Mimura, M., Ohminami, T.: Towards efficient detection of malicious VBA macros with LSI. In: Attrapadung, N., Yagi, T. (eds.) IWSEC 2019. LNCS, vol. 11689, pp. 168\u2013185. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-26834-3_10"},{"key":"3_CR17","doi-asserted-by":"crossref","unstructured":"Mimura, M., Ohminami, T.: Using LSI to detect unknown malicious VBA macros. J. Inf. Process. 28 (2020)","DOI":"10.2197\/ipsjjip.28.493"},{"key":"3_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-99807-7_1","volume-title":"Information Security Practice and Experience","author":"H Miura","year":"2018","unstructured":"Miura, H., Mimura, M., Tanaka, H.: Macros finder: do you remember LOVELETTER? In: Su, C., Kikuchi, H. (eds.) ISPEC 2018. LNCS, vol. 11125, pp. 3\u201318. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-99807-7_1"},{"key":"3_CR19","doi-asserted-by":"publisher","first-page":"105721","DOI":"10.1016\/j.asoc.2019.105721","volume":"84","author":"S Ndichu","year":"2019","unstructured":"Ndichu, S., Kim, S., Ozawa, S., Misu, T., Makishima, K.: A machine learning approach to detection of JavaScript-based attacks using AST features and paragraph vectors. Appl. Soft Comput. 84, 105721 (2019). https:\/\/doi.org\/10.1016\/j.asoc.2019.105721","journal-title":"Appl. Soft Comput."},{"key":"3_CR20","first-page":"2825","volume":"12","author":"F Pedregosa","year":"2011","unstructured":"Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825\u20132830 (2011). http:\/\/dl.acm.org\/citation.cfm?id=2078195","journal-title":"J. Mach. Learn. Res."},{"key":"3_CR21","unstructured":"Rubin, A., Kels, S., Hendler, D.: AMSI-based detection of malicious PowerShell code using contextual embeddings. arXiv e-prints arXiv:1905.09538 (May 2019)"},{"key":"3_CR22","doi-asserted-by":"publisher","unstructured":"Rusak, G., Al-Dujaili, A., O\u2019Reilly, U.: AST-based deep learning for detecting malicious PowerShell. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, October 15\u201319, 2018, pp. 2276\u20132278 (2018). https:\/\/doi.org\/10.1145\/3243734.3278496","DOI":"10.1145\/3243734.3278496"},{"key":"3_CR23","unstructured":"Symantec: Symantec 2019 Internet security threat report (February 2019). https:\/\/docs.broadcom.com\/docs\/istr-24-2019-en"},{"key":"3_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1007\/978-3-030-22038-9_12","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"D Ugarte","year":"2019","unstructured":"Ugarte, D., Maiorca, D., Cara, F., Giacinto, G.: PowerDrive: accurate de-obfuscation and analysis of PowerShell malware. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds.) DIMVA 2019. LNCS, vol. 11543, pp. 240\u2013259. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-22038-9_12"}],"container-title":["Lecture Notes in Computer Science","Advances in Information and Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58208-1_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T05:58:15Z","timestamp":1619243895000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58208-1_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030582074","9783030582081"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58208-1_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"26 August 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IWSEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Workshop on Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Fukui","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Japan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iwsec2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.iwsec.org\/2020\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"47","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"15","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"32% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.9","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4.9","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}