{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T15:01:36Z","timestamp":1776783696361,"version":"3.51.2"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031459320","type":"print"},{"value":"9783031459337","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-45933-7_13","type":"book-chapter","created":{"date-parts":[[2023,11,20]],"date-time":"2023-11-20T09:02:37Z","timestamp":1700470957000},"page":"207-224","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["AST2Vec: A Robust Neural Code Representation for\u00a0Malicious PowerShell Detection"],"prefix":"10.1007","author":[{"given":"Han","family":"Miao","sequence":"first","affiliation":[]},{"given":"Huaifeng","family":"Bao","sequence":"additional","affiliation":[]},{"given":"Zixian","family":"Tang","sequence":"additional","affiliation":[]},{"given":"Wenhao","family":"Li","sequence":"additional","affiliation":[]},{"given":"Wen","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Huashan","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Feng","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Yanhui","family":"Sun","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"13_CR1","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1016\/j.neucom.2021.03.117","volume":"448","author":"Y Fang","year":"2021","unstructured":"Fang, Y., Zhou, X., Huang, C.: Effective method for detecting malicious PowerShell scripts based on hybrid features. Neurocomputing 448, 30\u201339 (2021)","journal-title":"Neurocomputing"},{"key":"13_CR2","doi-asserted-by":"crossref","unstructured":"Hendler, D., Kels, S., Rubin, A.: Detecting malicious PowerShell commands using deep neural networks. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security (2018)","DOI":"10.1145\/3196494.3196511"},{"key":"13_CR3","doi-asserted-by":"crossref","unstructured":"Chai, H., Ying, L., Duan, H., Zha, D.: Invoke-deobfuscation: AST-based and semantics-preserving deobfuscation for PowerShell scripts. In: 2022 52nd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 295\u2013306 (2022)","DOI":"10.1109\/DSN53405.2022.00039"},{"key":"13_CR4","doi-asserted-by":"crossref","unstructured":"Li, Z., Chen, Q.A., Xiong, C., Chen, Y., Zhu, T., Yang, H.: Effective and light-weight deobfuscation and semantic-aware attack detection for PowerShell scripts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (2019)","DOI":"10.1145\/3319535.3363187"},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Blake, A., David, M.: Identifying encrypted malware traffic with contextual flow data. In: Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, AISec 2016, pp. 35\u201346 (2016)","DOI":"10.1145\/2996758.2996768"},{"key":"13_CR6","doi-asserted-by":"crossref","unstructured":"Hendler, D., Kels, S., Rubin, A.: AMSI-based detection of malicious PowerShell code using contextual embeddings. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (2019)","DOI":"10.1145\/3320269.3384742"},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Zhang, J., Wang, X., Zhang, H., Sun, H., Wang, K., Liu, X.: A novel neural source code representation based on abstract syntax tree. In: Proceedings of the 41st International Conference on Software Engineering, pp. 783\u2013794. IEEE Press (2019)","DOI":"10.1109\/ICSE.2019.00086"},{"key":"13_CR8","doi-asserted-by":"crossref","unstructured":"Mou, L., Li, G., Zhang, L., Wang, T., Jin, Z.: Convolutional neural networks over tree structures for programming language processing (2015)","DOI":"10.1609\/aaai.v30i1.10139"},{"key":"13_CR9","unstructured":"Mikolov, T., Karafi\u00e1t, M., Burget, L., Cernock, J., Khudanpur, S.: Recurrent neural network based language model. In: Interspeech, Conference of the International Speech Communication Association, Makuhari, Chiba, Japan, September (2015)"},{"key":"13_CR10","unstructured":"ISTR Living off the land fileless attack techniques. https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/security-center\/whitepapers\/istr-living-off-the-land-and-fileless-attack-techniques-en.pdf. Accessed 11 Apr 2023"},{"key":"13_CR11","unstructured":"karttoon, psencmds (2019). https:\/\/github.com\/pan-unit42\/iocs\/commits\/master\/psencmds. Accessed 13 Dec 2019"},{"key":"13_CR12","unstructured":"MalwareBazaar. https:\/\/bazaar.abuse.ch\/"},{"key":"13_CR13","unstructured":"Bohannon, D.: Invoke-obfuscation - powershell obfuscator. https:\/\/github.com\/danielbohannon\/Invoke-Obfuscation"},{"key":"13_CR14","unstructured":"Powersploit - a powershell post-exploitation framework. https:\/\/github.com\/PowerShellMafia\/PowerSploit"},{"key":"13_CR15","unstructured":"Empire - a PowerShell and python post-exploitation agent. https:\/\/github.com\/EmpireProject\/Empire"},{"key":"13_CR16","doi-asserted-by":"crossref","unstructured":"Tang, D., Qin, B., Liu, T.: Document modeling with gated recurrent neural network for sentiment classification. In: Proceedings of the 2015 Conference on Empirical Methods in Natural Language Processing, pp. 1422\u20131432 (2015)","DOI":"10.18653\/v1\/D15-1167"},{"key":"13_CR17","unstructured":"Bahdanau, D., Cho, K., Bengio, Y.: Neural machine translation by jointly learning to align and translate. arXiv preprint arXiv:1409.0473 (2014)"},{"key":"13_CR18","doi-asserted-by":"crossref","unstructured":"Wei, H.-H., Li, M.: Supervised deep features for software functional clone detection by exploiting lexical and syntactical information in source code. In: Proceedings of the 26th International Joint Conference on Artificial Intelligence, pp. 3034\u20133040. AAAI Press (2017)","DOI":"10.24963\/ijcai.2017\/423"},{"key":"13_CR19","doi-asserted-by":"crossref","unstructured":"Rusak, G., Al-Dujaili, A., O\u2019Reilly, U.M.: AST-based deep learning for detecting malicious PowerShell. In: ACM CCS (2018)","DOI":"10.1145\/3243734.3278496"},{"key":"13_CR20","doi-asserted-by":"crossref","unstructured":"Liu, C., Xia, B., Yu, M., Liu, Y.: PSDEM: a feasible de-obfuscation method for malicious PowerShell detection. In: IEEE ISCC (2018)","DOI":"10.1109\/ISCC.2018.8538691"},{"key":"13_CR21","unstructured":"Psdecode - PowerShell script for deobfuscating encoded PowerShell scripts. https:\/\/github.com\/R3MRUM\/PSDecode"},{"key":"13_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"240","DOI":"10.1007\/978-3-030-22038-9_12","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"D Ugarte","year":"2019","unstructured":"Ugarte, D., Maiorca, D., Cara, F., Giacinto, G.: PowerDrive: accurate de-obfuscation and analysis of PowerShell malware. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds.) DIMVA 2019. LNCS, vol. 11543, pp. 240\u2013259. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-22038-9_12"},{"key":"13_CR23","unstructured":"Malandrone, G.M., Virdis, G., Giacinto, G., Maiorca, D.: PowerDecode: a PowerShell script decoder dedicated to malware analysis. In: ITASEC (2021)"},{"key":"13_CR24","doi-asserted-by":"publisher","unstructured":"Gao, Y., Peng, G., Yang, X.: PowerShell malicious code family classification based on deep learning. J. Wuhan Univ. (Nat. Sci. Ed.) 68(1), 8\u201316 (2022). https:\/\/doi.org\/10.14188\/j.1671-8836","DOI":"10.14188\/j.1671-8836"},{"key":"13_CR25","unstructured":"Mikolov, T., Sutskever, I., Chen, K., Corrado, G.S., Dean, J.: Distributed representations of words and phrases and their compositionality. In: Advances in Neural Information Processing Systems, pp. 3111\u20133119 (2013)"},{"key":"13_CR26","unstructured":"Bohannon, D., Holmes, L.: Revoke-Obfuscation: PowerShell Obfuscation Detection Using Science (2017). https:\/\/www.fireeye.com\/blog\/threatresearch\/2017\/07\/revoke-obfuscation-powershell.html"},{"key":"13_CR27","unstructured":"VirusTotal. https:\/\/www.virustotal.com\/"},{"key":"13_CR28","doi-asserted-by":"crossref","unstructured":"Ruaro, N., Pagani, F., Ortolani, S., Kruegel, C., Vigna, G.: SYMBEXCEL: automated analysis and understanding of malicious excel 4.0 macros. In: 43rd IEEE Symposium on Security and Privacy, SP 2022, San Francisco, CA, USA, 22\u201326 May 2022, pp. 1066\u20131081. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833765"},{"key":"13_CR29","unstructured":"LLVM. https:\/\/www.llvm.org\/"},{"key":"13_CR30","doi-asserted-by":"crossref","unstructured":"Cozzi, E., Graziano, M., Fratantonio, Y., Balzarotti, D.: Understanding Linux malware. In: 2018 IEEE Symposium on Security and Privacy (S &P), pp. 161\u2013175 (2018)","DOI":"10.1109\/SP.2018.00054"}],"container-title":["Lecture Notes in Computer Science","Science of Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-45933-7_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,2]],"date-time":"2024-11-02T06:55:51Z","timestamp":1730530551000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-45933-7_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031459320","9783031459337"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-45933-7_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"21 November 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SciSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Science of Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Melbourne, VIC","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Australia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 July 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"scisec2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/scisec.org\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"60","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}