{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T14:25:25Z","timestamp":1742912725789,"version":"3.40.3"},"publisher-location":"Cham","reference-count":19,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783031212796"},{"type":"electronic","value":"9783031212802"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-21280-2_14","type":"book-chapter","created":{"date-parts":[[2022,11,18]],"date-time":"2022-11-18T08:30:15Z","timestamp":1668760215000},"page":"252-267","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Evaluating the\u00a0Possibility of\u00a0Evasion Attacks to\u00a0Machine Learning-Based Models for\u00a0Malicious PowerShell Detection"],"prefix":"10.1007","author":[{"given":"Yuki","family":"Mezawa","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4323-9911","authenticated-orcid":false,"given":"Mamoru","family":"Mimura","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,11,19]]},"reference":[{"key":"14_CR1","doi-asserted-by":"publisher","first-page":"54360","DOI":"10.1109\/ACCESS.2019.2913439","volume":"7","author":"B Chen","year":"2019","unstructured":"Chen, B., Ren, Z., Yu, C., Hussain, I., Liu, J.: Adversarial examples for cnn-based malware detectors. IEEE Access 7, 54360\u201354371 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2913439","journal-title":"IEEE Access"},{"key":"14_CR2","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1016\/j.cose.2017.11.007","volume":"73","author":"S Chen","year":"2018","unstructured":"Chen, S., Xue, M., Fan, L., Hao, S., Xu, L., Zhu, H., Li, B.: Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach. Comput. Secur. 73, 326\u2013344 (2018). https:\/\/doi.org\/10.1016\/j.cose.2017.11.007","journal-title":"Comput. Secur."},{"key":"14_CR3","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1016\/j.neucom.2021.03.117","volume":"448","author":"Y Fang","year":"2021","unstructured":"Fang, Y., Zhou, X., Huang, C.: Effective method for detecting malicious powershell scripts based on hybrid features. Neurocomputing 448, 30\u201339 (2021). https:\/\/doi.org\/10.1016\/j.neucom.2021.03.117","journal-title":"Neurocomputing"},{"key":"14_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"62","DOI":"10.1007\/978-3-319-66399-9_4","volume-title":"Computer Security \u2013 ESORICS 2017","author":"K Grosse","year":"2017","unstructured":"Grosse, K., Papernot, N., Manoharan, P., Backes, M., McDaniel, P.: Adversarial examples for malware detection. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 62\u201379. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66399-9_4"},{"key":"14_CR5","doi-asserted-by":"publisher","unstructured":"Hendler, D., Kels, S., Rubin, A.: Detecting malicious powershell commands using deep neural networks. In: Kim, J., Ahn, G., Kim, S., Kim, Y., L\u00f3pez, J., Kim, T. (eds.) Proceedings of the 2018 on Asia Conference on Computer and Communications Security, AsiaCCS 2018, Incheon, Republic of Korea, 04\u201308 June 2018, pp. 187\u2013197. ACM (2018). https:\/\/doi.org\/10.1145\/3196494.3196511","DOI":"10.1145\/3196494.3196511"},{"key":"14_CR6","doi-asserted-by":"publisher","unstructured":"Hendler, D., Kels, S., Rubin, A.: Amsi-based detection of malicious powershell code using contextual embeddings. In: Sun, H., Shieh, S., Gu, G., Ateniese, G. (eds.) ASIA CCS 2020: The 15th ACM Asia Conference on Computer and Communications Security, Taipei, Taiwan, 5\u20139 October 2020, pp. 679\u2013693. ACM (2020). https:\/\/doi.org\/10.1145\/3320269.3384742","DOI":"10.1145\/3320269.3384742"},{"key":"14_CR7","unstructured":"Japkowicz, N.: The class imbalance problem: significance and strategies. In: Proceedings of the 2000 International Conference on Artificial Intelligence (ICAI), pp. 111\u2013117 (2000)"},{"key":"14_CR8","unstructured":"Le, Q.V., Mikolov, T.: Distributed representations of sentences and documents. In: Proceedings of the 31th International Conference on Machine Learning, ICML 2014, Beijing, China, 21\u201326 June 2014, JMLR Workshop and Conference Proceedings, vol. 32, pp. 1188\u20131196. JMLR.org (2014). https:\/\/proceedings.mlr.press\/v32\/le14.html"},{"key":"14_CR9","doi-asserted-by":"publisher","unstructured":"Li, Z., Chen, Q.A., Xiong, C., Chen, Y., Zhu, T., Yang, H.: Effective and light-weight deobfuscation and semantic-aware attack detection for powershell scripts. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, London, UK, 11\u201315 November 2019, pp. 1831\u20131847. ACM (2019). https:\/\/doi.org\/10.1145\/3319535.3363187","DOI":"10.1145\/3319535.3363187"},{"key":"14_CR10","doi-asserted-by":"publisher","unstructured":"Liu, C., Xia, B., Yu, M., Liu, Y.: PSDEM: a feasible de-obfuscation method for malicious powershell detection. In: 2018 IEEE Symposium on Computers and Communications, ISCC 2018, Natal, Brazil, 25\u201328 June 2018, pp. 825\u2013831. IEEE (2018). https:\/\/doi.org\/10.1109\/ISCC.2018.8538691","DOI":"10.1109\/ISCC.2018.8538691"},{"key":"14_CR11","doi-asserted-by":"publisher","unstructured":"Maiorca, D., Biggio, B., Giacinto, G.: Towards adversarial malware detection: Lessons learned from pdf-based attacks. ACM Comput. Surv. 52(4), 78:1\u201378:36 (2019). https:\/\/doi.org\/10.1145\/3332184","DOI":"10.1145\/3332184"},{"key":"14_CR12","doi-asserted-by":"crossref","unstructured":"Mimura, M., Tajiri, Y.: Static detection of malicious powershell based on word embeddings. Internet Things 15, 100404 (2021). https:\/\/www.sciencedirect.com\/science\/article\/pii\/S2542660521000482","DOI":"10.1016\/j.iot.2021.100404"},{"key":"14_CR13","doi-asserted-by":"publisher","unstructured":"Rusak, G., Al-Dujaili, A., O\u2019Reilly, U.: Ast-based deep learning for detecting malicious powershell. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, 15\u201319 October 2018, pp. 2276\u20132278. ACM (2018). https:\/\/doi.org\/10.1145\/3243734.3278496","DOI":"10.1145\/3243734.3278496"},{"key":"14_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"39","DOI":"10.1007\/978-3-030-58208-1_3","volume-title":"Advances in Information and Computer Security","author":"Y Tajiri","year":"2020","unstructured":"Tajiri, Y., Mimura, M.: Detection of malicious powershell using word-level language models. In: Aoki, K., Kanaoka, A. (eds.) IWSEC 2020. LNCS, vol. 12231, pp. 39\u201356. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58208-1_3"},{"key":"14_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1007\/978-3-030-22038-9_12","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"D Ugarte","year":"2019","unstructured":"Ugarte, D., Maiorca, D., Cara, F., Giacinto, G.: PowerDrive: accurate de-obfuscation and analysis of powershell malware. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds.) DIMVA 2019. LNCS, vol. 11543, pp. 240\u2013259. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-22038-9_12"},{"key":"14_CR16","doi-asserted-by":"crossref","unstructured":"WatchGuard Technologies: Internet Security Report - Q4 2020 (2021). https:\/\/www.watchguard.com\/wgrd-resource-center\/security-report-q4-2020. Accessed 21 July 2021","DOI":"10.1016\/S1353-4858(20)30039-8"},{"key":"14_CR17","unstructured":"White, J.: Practical behavioral profiling of powershell scripts through static analysis (part 1). https:\/\/unit42.paloaltonetworks.com\/practical-behavioral-profiling-of-powershell-scripts-through-static-analysis-part-1\/. Accessed 20 Aug 2021"},{"key":"14_CR18","unstructured":"White, J.: Pulling back the curtains on encodedcommand powershell attacks. https:\/\/unit42.paloaltonetworks.com\/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks\/. Accessed 20 Aug 2021"},{"key":"14_CR19","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/978-981-16-5301-8_4","volume-title":"Soft Computing for Security Applications","author":"R Yamamoto","year":"2022","unstructured":"Yamamoto, R., Mimura, M.: On the possibility of evasion attacks with macro malware. In: Ranganathan, G., Fernando, X., Shi, F., El Allioui, Y. (eds.) Soft Computing for Security Applications. AISC, vol. 1397, pp. 43\u201359. Springer, Singapore (2022). https:\/\/doi.org\/10.1007\/978-981-16-5301-8_4"}],"container-title":["Lecture Notes in Computer Science","Information Security Practice and Experience"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-21280-2_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,11,18]],"date-time":"2022-11-18T08:33:27Z","timestamp":1668760407000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-21280-2_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031212796","9783031212802"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-21280-2_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"19 November 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISPEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security Practice and Experience","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Taipei","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Taiwan","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 November 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 November 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ispec2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ispec2022.ndhu.edu.tw\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"87","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"38% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2 invited papers","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}