{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T17:23:37Z","timestamp":1775496217758,"version":"3.50.1"},"reference-count":50,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100004663","name":"Ministry of Science and Technology, Taiwan","doi-asserted-by":"publisher","award":["110-2221-E-002-073-MY2"],"award-info":[{"award-number":["110-2221-E-002-073-MY2"]}],"id":[{"id":"10.13039\/501100004663","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2023]]},"DOI":"10.1109\/access.2022.3232505","type":"journal-article","created":{"date-parts":[[2022,12,26]],"date-time":"2022-12-26T19:19:55Z","timestamp":1672082395000},"page":"256-270","source":"Crossref","is-referenced-by-count":13,"title":["PowerDP: De-Obfuscating and Profiling Malicious PowerShell Commands With Multi-Label Classifiers"],"prefix":"10.1109","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0636-4716","authenticated-orcid":false,"given":"Meng-Han","family":"Tsai","sequence":"first","affiliation":[{"name":"Graduate Institute of Electrical Engineering, National Taiwan University, Taipei, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2779-6486","authenticated-orcid":false,"given":"Chia-Ching","family":"Lin","sequence":"additional","affiliation":[{"name":"Graduate Institute of Electrical Engineering, National Taiwan University, Taipei, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zheng-Gang","family":"He","sequence":"additional","affiliation":[{"name":"Graduate Institute of Electrical Engineering, National Taiwan University, Taipei, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Wei-Chieh","family":"Yang","sequence":"additional","affiliation":[{"name":"Graduate Institute of Electrical Engineering, National Taiwan University, Taipei, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9011-5025","authenticated-orcid":false,"given":"Chin-Laung","family":"Lei","sequence":"additional","affiliation":[{"name":"Graduate Institute of Electrical Engineering, National Taiwan University, Taipei, Taiwan"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infoandorg.2019.04.001"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/eCRS.2013.6805778"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3231053.3231097"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1186\/s42400-019-0043-x"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00047"},{"key":"ref6","first-page":"1","article-title":"The Tao of .NET and powershell malware analysis","volume-title":"Proc. Virus Bull. Conf.","author":"Pontiroli"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/j.csi.2020.103443"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/BWCCA.2010.85"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/11604938_15"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3077295"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102501"},{"key":"ref12","article-title":"Hijacking .NET to defend PowerShell","author":"Rousseau","year":"2017","journal-title":"arXiv:1709.07508"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2022.301404"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC.2018.8538691"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-22038-9_12"},{"key":"ref16","volume-title":"Pulling back the curtains on encodedcommand PowerShell attacks","author":"White","year":"2017"},{"key":"ref17","volume-title":"Practical Behavioral Profiling of Powershell Scripts Through Static Analysis (Part 1\u2014Part 3)","year":"2019"},{"key":"ref18","first-page":"1","article-title":"Revoke-obfuscation: PowerShell obfuscation detection using science","volume-title":"Proc. Black Hat USA","author":"Bohannon"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2866319"},{"key":"ref20","first-page":"905","article-title":"ATTACK2VEC: Leveraging temporal word embeddings to understand the evolution of cyberattacks","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Shen"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1049\/trit.2020.0026"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3278496"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363187"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/j.neucom.2021.03.117"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.4218\/etrij.2020-0215"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/DSN53405.2022.00039"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196511"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384742"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.iot.2021.100404"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3471858"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.3390\/app11146429"},{"key":"ref32","volume-title":"Invoke-obfuscation: PowerShell obFUsk8tion Techniques & How to (Try to) D e\u2018Tec\u2018T\u2019th\u2018+\u2019em\u2019","author":"Bohannon","year":"2016"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/3290353"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.2979701"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/3243127.3243132"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3011744"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.4018\/jdwm.2007070101"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2946392"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00094"},{"key":"ref40","article-title":"Automatic malware description via attribute tagging and similarity embedding","author":"Ducau","year":"2019","journal-title":"arXiv:1905.06262"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/3411508.3421373"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.48550\/arXiv.1201.0490"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-25159-2_49"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v30i1.10139"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/WCRE.2006.18"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/SPIRE.2000.878178"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/TPAMI.2007.1078"},{"key":"ref48","first-page":"649","article-title":"Character-level convolutional networks for text classification","volume-title":"Proc. Adv. Neural Inf. Process. Syst. (NIPS)","volume":"28","author":"Zhang"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1145\/135239.135244"},{"issue":"2","key":"ref50","first-page":"1188","article-title":"Distributed representations of sentences and documents","volume-title":"Proc. 31st Int. Conf. Mach. Learn. (ICML)","volume":"32","author":"Le"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/10005208\/09999441.pdf?arnumber=9999441","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,14]],"date-time":"2024-03-14T03:49:16Z","timestamp":1710388156000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9999441\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"references-count":50,"URL":"https:\/\/doi.org\/10.1109\/access.2022.3232505","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]}}}