{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,8]],"date-time":"2026-05-08T16:10:50Z","timestamp":1778256650704,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":87,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3670310","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"4539-4553","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":4,"title":["PowerPeeler: A Precise and General Dynamic Deobfuscation Method for PowerShell Scripts"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-4456-3271","authenticated-orcid":false,"given":"Ruijie","family":"Li","sequence":"first","affiliation":[{"name":"Southeast University & QI-ANXIN Technology Research Institute, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-0076-863X","authenticated-orcid":false,"given":"Chenyang","family":"Zhang","sequence":"additional","affiliation":[{"name":"Fudan University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-0369-3728","authenticated-orcid":false,"given":"Huajun","family":"Chai","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7445-9103","authenticated-orcid":false,"given":"Lingyun","family":"Ying","sequence":"additional","affiliation":[{"name":"QI-ANXIN Technology Research Institute & Tsinghua University-QI-ANXIN Group JCNS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0083-733X","authenticated-orcid":false,"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Tsinghua University & Tsinghua University-QI-ANXIN Group JCNS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3052-3828","authenticated-orcid":false,"given":"Jun","family":"Tao","sequence":"additional","affiliation":[{"name":"Southeast University, Nanjing, China"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2022. XGBoost Documentation. https:\/\/xgboost.readthedocs.io\/en\/stable\/."},{"key":"e_1_3_2_1_2_1","unstructured":"2023. Command and Scripting Interpreter: PowerShell. https:\/\/attack.mitre.org\/t echniques\/T1059\/001\/."},{"key":"e_1_3_2_1_3_1","unstructured":"2023. Obfuscated Files or Information. https:\/\/attack.mitre.org\/techniques\/T102 7\/."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3098954.3107009"},{"key":"e_1_3_2_1_5_1","volume-title":"andWojdan BinSaeedan","author":"Alahmadi Amal","year":"2022","unstructured":"Amal Alahmadi, Norah Alkhraan, andWojdan BinSaeedan. 2022. MPSAutodetect: A Malicious Powershell Script Detection Model Based on Stacked Denoising Auto-Encoder. In Computers and Security."},{"key":"e_1_3_2_1_6_1","unstructured":"Zac Amos. 2023. How Ransomware Can Evade Antivirus Software. https: \/\/gca.isa.org\/blog\/how-ransomware-can-evade-antivirus-software."},{"key":"e_1_3_2_1_7_1","volume-title":"Dynamic analysis of malicious code. Journal in Computer Virology","author":"Bayer Ulrich","year":"2006","unstructured":"Ulrich Bayer, Andreas Moser, Christopher Kruegel, and Engin Kirda. 2006. Dynamic analysis of malicious code. Journal in Computer Virology (2006)."},{"key":"e_1_3_2_1_8_1","unstructured":"Daniel Bohannon and Lee Holmes. 2020. PowerShellCorpus. https:\/\/aka.ms\/Pow erShellCorpus."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW59333.2023.00027"},{"key":"e_1_3_2_1_10_1","unstructured":"HuaJun Chai. 2023. Evaluation scripts of Invoke-Deobfuscation. https:\/\/gitee.co m\/snowroll\/invoke-deobfuscation\/tree\/main\/Evaluation."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN53405.2022.00039"},{"key":"e_1_3_2_1_12_1","unstructured":"Raj Chandel. 2022. A Detailed Guide on AMSI Bypass. https:\/\/www.hackingartic les.in\/a-detailed-guide-on-amsi-bypass\/."},{"key":"e_1_3_2_1_13_1","volume-title":"SIFAST: An Efficient Unix Shell Embedding Framework for Malicious Detection. In International Conference on Information Security. Springer.","author":"Chen Songyue","year":"2023","unstructured":"Songyue Chen, Rong Yang, Hong Zhang, HongweiWu, Yanqin Zheng, Xingyu Fu, and Qingyun Liu. 2023. SIFAST: An Efficient Unix Shell Embedding Framework for Malicious Detection. In International Conference on Information Security. Springer."},{"key":"e_1_3_2_1_14_1","volume-title":"MalAder: Decision-Based Black-Box Attack Against API Sequence Based Malware Detectors. In 2023 53rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN).","author":"Chen Xiaohui","year":"2023","unstructured":"Xiaohui Chen, Lei Cui, Hui Wen, Zhi Li, Hongsong Zhu, Zhiyu Hao, and Limin Sun. 2023. MalAder: Decision-Based Black-Box Attack Against API Sequence Based Malware Detectors. In 2023 53rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)."},{"key":"e_1_3_2_1_15_1","unstructured":"Sarah Jones Steve Miller Christopher Glyer Dan Perez. 2020. This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. https:\/\/www.fireeye.com\/blog\/threat-research\/2020\/03\/apt41-initiatesglobal-intrusion-campaign-using-multiple-exploits.html."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598054"},{"key":"e_1_3_2_1_17_1","volume-title":"MALWARE DETECTION : EVASION TECHNIQUES. https: \/\/www.cyfirma.com\/outofband\/malware-detection-evasion-techniques\/.","year":"2023","unstructured":"Cyfirma. 2023. MALWARE DETECTION : EVASION TECHNIQUES. https: \/\/www.cyfirma.com\/outofband\/malware-detection-evasion-techniques\/."},{"key":"e_1_3_2_1_18_1","volume-title":"2022 International Conference on Neural Information Processing (ICONIP).","author":"Dedek Michal","year":"2022","unstructured":"Michal Dedek and Rafal Scherer. 2022. Transformer-Based Original Content Recovery from Obfuscated PowerShell Scripts. In 2022 International Conference on Neural Information Processing (ICONIP)."},{"key":"e_1_3_2_1_19_1","unstructured":"Matthew Dunwoody. 2017. Dissecting One of APT29?s Fileless WMI and Power-Shell Backdoors (POSHSPY). https:\/\/www.fireeye.com\/blog\/threat-research\/201 7\/03\/dissecting_one_ofap.html."},{"key":"e_1_3_2_1_20_1","unstructured":"EmpireProject. 2019. Empire. https:\/\/github.com\/EmpireProject\/Empire."},{"key":"e_1_3_2_1_21_1","unstructured":"Daniel Bohannon et al. 2019. Invoke-Obfuscation. https:\/\/github.com\/danielboh annon\/Invoke-Obfuscation."},{"key":"e_1_3_2_1_22_1","unstructured":"Matthieu Faou and Romain Dumont. 2019. A dive into Turla PowerShell usage. https:\/\/www.welivesecurity.com\/2019\/05\/29\/turla-powershell-usage\/."},{"key":"e_1_3_2_1_23_1","volume-title":"Caffeine monkey: Automated collection, detection and analysis of malicious javascript. Black Hat USA","author":"Feinstein Ben","year":"2007","unstructured":"Ben Feinstein, Daniel Peck, and I SecureWorks. 2007. Caffeine monkey: Automated collection, detection and analysis of malicious javascript. Black Hat USA (2007)."},{"key":"e_1_3_2_1_24_1","volume-title":"Revisiting the Big Picture: Macro-level ATT&CK Updates for","author":"Fetterman Ryan","year":"2023","unstructured":"Ryan Fetterman. 2023. Revisiting the Big Picture: Macro-level ATT&CK Updates for 2023. https:\/\/www.splunk.com\/en_us\/blog\/security\/revisiting-the-big-pictur e-macro-level-att-ck-updates-for-2023.html."},{"key":"e_1_3_2_1_25_1","unstructured":"Joel GM. 2023. Invoke-Stealth. https:\/\/github.com\/JoelGMSec\/Invoke-Stealth."},{"key":"e_1_3_2_1_26_1","unstructured":"Joe Granneman. 2013. Antivirus evasion techniques show ease in avoiding antivirus detection. https:\/\/www.techtarget.com\/searchsecurity\/feature\/Antivi rus-evasion-techniques-show-ease-in-avoiding-antivirus-detection."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196511"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384742"},{"key":"e_1_3_2_1_29_1","unstructured":"Alex Holland. 2019. Tricks and COMfoolery: How Ursnif Evades Detection. https:\/\/www.bromium.com\/how-ursnif-evades-detection\/."},{"key":"e_1_3_2_1_30_1","unstructured":"IRon7. 2022. ConvertTo-Expression. https:\/\/github.com\/iRon7\/ConvertTo-Expression."},{"key":"e_1_3_2_1_31_1","unstructured":"Hossein Jazi. 2021. Kimsuky APT continues to target South Korean government using AppleSeed backdoor. https:\/\/blog.malwarebytes.com\/threatanalysis\/ 2021\/06\/kimsuky-apt-continues-to-target-south-korean-governmentusing-appleseed-backdoor\/."},{"key":"e_1_3_2_1_32_1","volume-title":"APT attacks on industrial organizations in H2","year":"2022","unstructured":"kaspersky. 2023. APT attacks on industrial organizations in H2 2022. https:\/\/ics-cert.kaspersky.com\/publications\/reports\/2023\/03\/24\/apt-attacks-onindustrial-organizations-in-h2--2022\/."},{"key":"e_1_3_2_1_33_1","unstructured":"KlezVirus. 2023. Chameleon. https:\/\/github.com\/klezVirus\/chameleon."},{"key":"e_1_3_2_1_34_1","volume-title":"AMSI unchained: Review of known AMSI bypass techniques and introducing a new one. Blackhat Asia","author":"Korkos Maor","year":"2022","unstructured":"Maor Korkos. 2022. AMSI unchained: Review of known AMSI bypass techniques and introducing a new one. Blackhat Asia (2022)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"Alexander K\u00fcchler Alessandro Mantovani Yufei Han Leyla Bilge and Davide Balzarotti. 2021. Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes. In NDSS.","DOI":"10.14722\/ndss.2021.24475"},{"key":"e_1_3_2_1_36_1","unstructured":"Ruijie Li Chenyang Zhang Huajun Chai Lingyun Ying Haixin Duan and Jun Tao. 2024. PowerPeeler: A Precise and General Dynamic Deobfuscation Method for PowerShell Scripts. arXiv:2406.04027 [cs.CR]"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363187"},{"key":"e_1_3_2_1_38_1","volume-title":"PSDEM: A Feasible De-Obfuscation Method for Malicious PowerShell Detection. In 2018 IEEE Symposium on Computers and Communications (ISCC).","author":"Liu Chao","year":"2018","unstructured":"Chao Liu, Bin Xia, Min Yu, and Yunzheng Liu. 2018. PSDEM: A Feasible De-Obfuscation Method for Malicious PowerShell Detection. In 2018 IEEE Symposium on Computers and Communications (ISCC)."},{"key":"e_1_3_2_1_39_1","volume-title":"Automatic Simplification of Obfuscated JavaScript Code: A Semantics-Based Approach. In 2012 IEEE Sixth International Conference on Software Security and Reliability.","author":"Lu Gen","year":"2022","unstructured":"Gen Lu and Saumya Debray. 2022. Automatic Simplification of Obfuscated JavaScript Code: A Semantics-Based Approach. In 2012 IEEE Sixth International Conference on Software Security and Reliability."},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the Italian Conference on Cybersecurity, ITASEC","author":"Malandrone Giuseppe Mario","year":"2021","unstructured":"Giuseppe Mario Malandrone, Virdis Giovanni, Giorgio Giacinto, Davide Maiorca, et al. 2021. Powerdecode: a Powershell Script Decoder Dedicated to Malware Analysis. In Proceedings of the Italian Conference on Cybersecurity, ITASEC 2021."},{"key":"e_1_3_2_1_41_1","unstructured":"Alessandro Mascellino. 2023. \"PowerDrop\" PowerShell Malware Targets US Aerospace Industry. https:\/\/www.infosecurity-magazine.com\/news\/powerdropmalware-targets-us-4\/."},{"key":"e_1_3_2_1_42_1","volume-title":"Qualys and Ross Brittain","author":"Dani Praetorian Mayuresh","year":"2023","unstructured":"Praetorian Mayuresh Dani, Qualys and Ross Brittain. 2023. Examples of Power-Shell Malware in Real World. https:\/\/attack.mitre.org\/techniques\/T1059\/001\/."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-45933-7_13"},{"key":"e_1_3_2_1_44_1","unstructured":"Microsoft. 2019. AMSI. https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/amsi\/ antimalware-scan-interface-portal."},{"key":"e_1_3_2_1_45_1","unstructured":"Microsoft. 2023. About Pipeline. https:\/\/learn.microsoft.com\/en-us\/powershel l\/module\/microsoft.powershell.core\/about\/about_pipelines?view=powershell-7.3."},{"key":"e_1_3_2_1_46_1","unstructured":"Microsoft. 2023. Command-line syntax key. https:\/\/learn.microsoft.com\/enus\/ windows-server\/administration\/windows-commands\/command-linesyntax-key."},{"key":"e_1_3_2_1_47_1","unstructured":"Microsoft. 2023. Differences between Windows PowerShell 5.1 and PowerShell 7.x. https:\/\/learn.microsoft.com\/en-us\/powershell\/scripting\/whats-new\/differe nces-from-windows-powershell?view=powershell-7.3."},{"key":"e_1_3_2_1_48_1","unstructured":"Microsoft. 2023. Get-Process. https:\/\/learn.microsoft.com\/en-us\/powershell\/mo dule\/microsoft.powershell.management\/get-process?view=powershell-7.4."},{"key":"e_1_3_2_1_49_1","unstructured":"Microsoft. 2023. Invoke-Expression. https:\/\/learn.microsoft.com\/en-us\/powersh ell\/module\/microsoft.powershell.utility\/invoke-expression?view=powershell-7.4."},{"key":"e_1_3_2_1_50_1","unstructured":"Microsoft. 2023. Invoke-Formatter. https:\/\/learn.microsoft.com\/en-us\/powershel l\/module\/psscriptanalyzer\/invoke-formatter?view=ps-modules."},{"key":"e_1_3_2_1_51_1","unstructured":"Microsoft. 2023. .NET Framework documentation. https:\/\/learn.microsoft.com\/ en-us\/dotnet\/framework\/."},{"key":"e_1_3_2_1_52_1","unstructured":"Microsoft. 2023. PowerShell Support Lifecycle. https:\/\/learn.microsoft.com\/enus\/ powershell\/scripting\/install\/powershell-support-lifecycle?view=powershel l-7.4."},{"key":"e_1_3_2_1_53_1","unstructured":"Microsoft. 2023. PSObject.ToString Method. https:\/\/learn.microsoft.com\/enus\/ dotnet\/api\/system.management.automation.psobject.tostring?view=powers hellsdk-7.4.0."},{"key":"e_1_3_2_1_54_1","unstructured":"Microsoft. 2024. Microsoft Defender Antivirus in Windows. https:\/\/learn.micros oft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/microsoft-defenderantivirus-windows?view=o365-worldwide."},{"key":"e_1_3_2_1_55_1","unstructured":"Microsoft. 2024. What is dotnet. https:\/\/dotnet.microsoft.com\/en-us\/learn\/dotne t\/what-is-dotnet."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"crossref","unstructured":"Mamoru Mimura and Yui Tajiri. 2021. Static detection of malicious PowerShell based on word embeddings. In Internet of Things.","DOI":"10.1016\/j.iot.2021.100404"},{"key":"e_1_3_2_1_57_1","unstructured":"Digit Oktavianto. 2021. Malicious Powershell Deobfuscation Using CyberChef. https:\/\/medium.com\/mii-cybersec\/malicious-powershell-deobfuscatio n-using-cyberchef-dfb9faff29f."},{"key":"e_1_3_2_1_58_1","unstructured":"OpenAI. 2023. tiktoken. https:\/\/github.com\/openai\/tiktoken."},{"key":"e_1_3_2_1_59_1","unstructured":"OpenAI. 2024. GPT-4. https:\/\/openai.com\/gpt-4."},{"key":"e_1_3_2_1_60_1","unstructured":"OpenAI. 2024. Gpt-4 and GPT-4 Turbo. https:\/\/platform.openai.com\/docs\/model s\/gpt-4-and-gpt-4-turbo."},{"key":"e_1_3_2_1_61_1","unstructured":"OpenAI. 2024. New models and developer products announced at DevDay."},{"key":"e_1_3_2_1_62_1","unstructured":"OpenAI. 2024. Rate limits of ChatGPT API. https:\/\/platform.openai.com\/docs\/g uides\/rate-limits."},{"key":"e_1_3_2_1_63_1","unstructured":"Lindsey ODonnell-Welch. 2022. APT35 Executes PowerShell-Based Malware in Log4j Flaw Attacks. https:\/\/duo.com\/decipher\/apt35-deploys-powershell-basedmalware-in-log4j-flaw-attacks."},{"key":"e_1_3_2_1_64_1","unstructured":"Sathwik Ram Prakki. 2023. Operation RusticWeb targets Indian Govt: From Rust-based malware to Web-service exfiltration. https: \/\/www.seqrite.com\/blog\/operation-rusticweb-targets-indian-govt-fromrust-based-malware-to-web-service-exfiltration\/."},{"key":"e_1_3_2_1_65_1","volume-title":"TransAST: A Machine Translation-Based Approach for Obfuscated Malicious JavaScript Detection. In 2023 53rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN).","author":"Qin Yan","year":"2023","unstructured":"Yan Qin, Weiping Wang, Zixian Chen, Hong Song, and Shigeng Zhang. 2023. TransAST: A Machine Translation-Based Approach for Obfuscated Malicious JavaScript Detection. In 2023 53rd Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN)."},{"key":"e_1_3_2_1_66_1","unstructured":"R3MRUM. 2020. PSDecode - PowerShell Script for Deobfuscating Encoded PowerShell Scripts. https:\/\/github.com\/R3MRUM\/PSDecode."},{"key":"e_1_3_2_1_67_1","unstructured":"Jonathan Reed. 2023. All about PowerShell attacks: The no. 1 ATT&CK technique. https:\/\/securityintelligence.com\/articles\/all-about-powershell-attacks\/."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN58367.2023.00041"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3278496"},{"key":"e_1_3_2_1_70_1","unstructured":"sdwheeler. 2022. About Objects. https:\/\/learn.microsoft.com\/en-us\/powershell\/ module\/microsoft.powershell.core\/about\/about_objects?view=powershell-7.4."},{"key":"e_1_3_2_1_71_1","unstructured":"Joe Slowik. 2018. Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. https:\/\/www.dragos.com\/wp-content\/uploads\/CRASHOVERRIDE2018.pd f."},{"key":"e_1_3_2_1_72_1","unstructured":"Tom Spring. 2023. Obfuscation tool BatCloak evades 80% of AV engines. https: \/\/www.scmagazine.com\/news\/obfuscation-batcloak-80-percent-av-engines."},{"key":"e_1_3_2_1_73_1","unstructured":"Svent. 2015. jsdetox: A Javascript malware analysis tool. https:\/\/github.com\/sve nt\/jsdetox."},{"key":"e_1_3_2_1_74_1","volume-title":"Shuckworm: Inside Russias Relentless Cyber Campaign Against Ukraine. https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligen ce\/shuckworm-russia-ukraine-military.","year":"2023","unstructured":"Symantec. 2023. Shuckworm: Inside Russias Relentless Cyber Campaign Against Ukraine. https:\/\/symantec-enterprise-blogs.security.com\/blogs\/threat-intelligen ce\/shuckworm-russia-ukraine-military."},{"key":"e_1_3_2_1_75_1","volume-title":"Detection of Malicious PowerShell Using Word-Level Language Models. In 15th International Workshop on Security (IWSEC).","author":"Tajiri Yui","year":"2020","unstructured":"Yui Tajiri and Mamoru Mimura. 2020. Detection of Malicious PowerShell Using Word-Level Language Models. In 15th International Workshop on Security (IWSEC)."},{"key":"e_1_3_2_1_76_1","unstructured":"Pang-Ning Tan Michael Steinbach and Vipin Kumar. 2005. Introduction to Data Mining. Pearson."},{"key":"e_1_3_2_1_77_1","unstructured":"PowerShell Team. 2024. PowerShell. https:\/\/github.com\/PowerShell\/PowerShell."},{"key":"e_1_3_2_1_78_1","volume-title":"PowerDP: De-Obfuscating and Profiling Malicious PowerShell Commands With Multi-Label Classifiers","author":"Tsai Menghan","unstructured":"Menghan Tsai, Chiaching Lin, Zhenggang He,Weichieh Yang, and Chinlaung Lei. 2023. PowerDP: De-Obfuscating and Profiling Malicious PowerShell Commands With Multi-Label Classifiers. In IEEE Access."},{"key":"e_1_3_2_1_79_1","volume-title":"Power-Drive: Accurate De-obfuscation and Analysis of PowerShell Malware","author":"Ugarte Denis","unstructured":"Denis Ugarte, Davide Maiorca, Fabrizio Cara, and Giorgio Giacinto. 2019. Power-Drive: Accurate De-obfuscation and Analysis of PowerShell Malware. In Springer DIMVA."},{"key":"e_1_3_2_1_80_1","volume-title":"Attention is all you need. Advances in neural information processing systems","author":"Vaswani Ashish","year":"2017","unstructured":"Ashish Vaswani, Noam Shazeer, Niki Parmar, Jakob Uszkoreit, Llion Jones, Aidan N Gomez, Lukasz Kaiser, and Illia Polosukhin. 2017. Attention is all you need. Advances in neural information processing systems (2017)."},{"key":"e_1_3_2_1_81_1","volume-title":"Technique of javascript code obfuscation based on control flow tansformations. Applied Mechanics and Materials","author":"Wang Zhi Yue","year":"2014","unstructured":"Zhi Yue Wang and Wei Min Wu. 2014. Technique of javascript code obfuscation based on control flow tansformations. Applied Mechanics and Materials (2014)."},{"key":"e_1_3_2_1_82_1","unstructured":"Jeff White. 2017. Pulling Back the Curtains on EncodedCommand PowerShell Attacks. https:\/\/unit42.paloaltonetworks.com\/unit42-pulling-back-the-curtainson-encodedcommand-powershell-attacks\/."},{"key":"e_1_3_2_1_83_1","unstructured":"Benjamin Wiley and the Falcon OverWatch Team. 2021. OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt. https:\/\/www.crowdstrike.com\/blog\/overwatch-exposes-aqua tic-panda-in-possession-of-log-4-shell-exploit-tools\/."},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"crossref","unstructured":"Chunlin Xiong Zhenyuan Li Yan Chen Tiantian Zhu Jian Wang Hai Yang and Wei Ruan. 2022. Generic efficient and effective deobfuscation and semanticaware attack detection for PowerShell scripts. In Frontiers of Information Technology & Electronic Engineering.","DOI":"10.1631\/FITEE.2000436"},{"key":"e_1_3_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2012.6461002"},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417291"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2022.acl-short.45"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670310","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3670310","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:17:15Z","timestamp":1755843435000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670310"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":87,"alternative-id":["10.1145\/3658644.3670310","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3670310","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}