{"title":"基于抽象语法树转换的PowerShell混淆技术研究","authors":"Xiaomeng Xu, S. Liu, Pu Yu, Yuntian Zhao","doi":"10.1109/ISCTIS51085.2021.00032","DOIUrl":null,"url":null,"abstract":"In recent years, PowerShell scripts can be easily obfuscated and widely used due to its usability and flexibility. However, anti-obfuscation tools such as PowerShellProfiler and CyberChef also developed rapidly. In order to improve the security of scripts, this paper proposes a PowerShell obfuscation technology based on abstract syntax tree transformation. Firstly, this technology performs the equivalent replacement of the grammatical structure in the script. In addition, it also changes the sequence of the child nodes of the abstract syntax tree. Finally,it obfuscates the PSToken in the script. Thus, this technology can make up for the defects of the traditional obfuscation technology, and hide the program logic better to improve the concealment of the script. The experimental results show that the use of this technology proposed in this paper can improve the strength of obfuscation over 82.7% on average, which is 16% higher than traditional obfuscation technology. Moreover, this method is more effective against anti-obfuscation tools.","PeriodicalId":403102,"journal":{"name":"2021 International Symposium on Computer Technology and Information Science (ISCTIS)","volume":"41 6","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Research on PowerShell Obfuscation Technology Based on Abstract Syntax Tree Transformation\",\"authors\":\"Xiaomeng Xu, S. Liu, Pu Yu, Yuntian Zhao\",\"doi\":\"10.1109/ISCTIS51085.2021.00032\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, PowerShell scripts can be easily obfuscated and widely used due to its usability and flexibility. However, anti-obfuscation tools such as PowerShellProfiler and CyberChef also developed rapidly. In order to improve the security of scripts, this paper proposes a PowerShell obfuscation technology based on abstract syntax tree transformation. Firstly, this technology performs the equivalent replacement of the grammatical structure in the script. In addition, it also changes the sequence of the child nodes of the abstract syntax tree. Finally,it obfuscates the PSToken in the script. Thus, this technology can make up for the defects of the traditional obfuscation technology, and hide the program logic better to improve the concealment of the script. The experimental results show that the use of this technology proposed in this paper can improve the strength of obfuscation over 82.7% on average, which is 16% higher than traditional obfuscation technology. Moreover, this method is more effective against anti-obfuscation tools.\",\"PeriodicalId\":403102,\"journal\":{\"name\":\"2021 International Symposium on Computer Technology and Information Science (ISCTIS)\",\"volume\":\"41 6\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Symposium on Computer Technology and Information Science (ISCTIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCTIS51085.2021.00032\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Symposium on Computer Technology and Information Science (ISCTIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCTIS51085.2021.00032","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Research on PowerShell Obfuscation Technology Based on Abstract Syntax Tree Transformation
In recent years, PowerShell scripts can be easily obfuscated and widely used due to its usability and flexibility. However, anti-obfuscation tools such as PowerShellProfiler and CyberChef also developed rapidly. In order to improve the security of scripts, this paper proposes a PowerShell obfuscation technology based on abstract syntax tree transformation. Firstly, this technology performs the equivalent replacement of the grammatical structure in the script. In addition, it also changes the sequence of the child nodes of the abstract syntax tree. Finally,it obfuscates the PSToken in the script. Thus, this technology can make up for the defects of the traditional obfuscation technology, and hide the program logic better to improve the concealment of the script. The experimental results show that the use of this technology proposed in this paper can improve the strength of obfuscation over 82.7% on average, which is 16% higher than traditional obfuscation technology. Moreover, this method is more effective against anti-obfuscation tools.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
