1 |
S. Albelwi and A. Mahmood, "A frame work for designing the architectures of deep convolutional neural networks," Entropy, vol. 19, no. 6, pp. 242-263, May 2017
DOI
|
2 |
D. Bohannon, "Invoke-obfuscation: powershell obfusk8tion techniques & how to (try to) d""etect 'th'+'em," DerbyCon, Sep. 2016
|
3 |
D. Bohannon and L. Holmes, "Revokeobfuscation: powershell obfuscation de tection and evasion using science," Blackhat USA, July 2017
|
4 |
F.A. Gers, J. Schmidhuber, and F. Cummins, "Learning to forget: continua l prediction with LSTM," 9th International Conference on Artificial Neural Networks, pp. 850-855, Sep. 1999
|
5 |
D. Hendler, S. Kels, and A. Rubin, "Detecting malicious powershell comman ds using deep neural networks," Proceedings of the 2018 on Asia Conference on Computer and Communications Security. ACM, pp. 187-197, June 2018
|
6 |
R. Kazanciyan and M. Hastings, "Investigating powershell attacks," BlackHat USA, Aug. 2014
|
7 |
D.P. Kingma and J.L. Ba, "Adam: a method for stochastic optimization," arXiv preprint arXiv:1412.6980v9, Jan. 2017
|
8 |
N. Mittal, "AMSI: how windows 10 plans to stop script-based attacks and how well it does it," Blackhat USA, Aug. 2016
|
9 |
V. Nair and G.E. Hinton, "Rectified linear units improve restricted boltzma nn machines," Proceedings of the 27th international conference on machine learning, pp. 807-814, June 2010
|
10 |
S.M. Pontiroli and F.R. Martinez, "The tao of .NET and powershell malware analysis," Virus Bulletin Conference, Sep. 2015
|
11 |
A. Rousseau, "Hijacking .NET to defend powershell," arXiv preprint arXiv:1709.07508, Sep. 2017
|
12 |
N. Srivastava, G. Hinton, A. Krizhevsky, I. Sutskever, and R. Salakhutdinov, "Dropout: a simple way to prevent neural networks from overfitting," The Journal of Machine Learning Research, vol. 15, no. 1, pp. 1929-1958, June 2014
|
13 |
S. Tanda, "Powershell inside out: applied .NET hacking for enhanced visibility," Code Blue, Nov. 2017
|
14 |
D. Tran, H. Mac, V. Tong, H.A. Tran, and L.G. Nguyen, "A LSTM based framework for handling multiclass imbalance in DGA botnet detection," Neurocomputing, vol. 275, pp. 2401-2413, Jan. 2018
DOI
|
15 |
McAfee, "McAfee labs threats report march 2018," McAfee, Mar. 2018
|
16 |
Microsoft, "Antimalware scan interface," https://docs.microsoft.com/en-us/windows/desktop/AMSI/antimalware-scan-interface-portal
|
17 |
Symantec, "Increased use of powershell in attacks," Symantec, 2016
|
18 |
https://aka.ms/PowerShellCorpus
|
19 |
FireEye, "Malicious powershell detection via machine learning," https://www.fireeye.com/blog/threat-research/2018/07/malicious-powershell-detection-via-machine-learning.html
|
20 |
Microsoft, "PowerShell," https://docs.microsoft.com/en-us/powershell/scripting/powershell-scripting
|
21 |
Microsoft, "Installing windows powershell," https://docs.microsoft.com/en-us/powershell/scripting/setup/installingwindows-powershell
|
22 |
Microsoft, "Script tracing and logging," https://docs.microsoft.com/en-us/powershell/wmf/5.0/audit_script
|
23 |
Palo Alto Networks, "Pulling back the curtains on encodedcommand powershell attacks," https://researchcenter.paloaltonetworks.com/2017/03/unit42-pulling-back-the-curtains-on-encodedcommand-powershell-attacks/
|
24 |
GitHub, "DotNetHooking," https://github.com/tandasat/DotNetHooking
|