View in EDS

Performance evaluations of AI‐based obfuscated and encrypted malicious script detection with feature optimization.

Saved in:
Bibliographic Details
Title: Performance evaluations of AI‐based obfuscated and encrypted malicious script detection with feature optimization.
Authors: Kim, Kookjin, Shin, Jisoo, Park, Jong‐Geun, Kim, Jung‐Tae
Source: ETRI Journal; Aug2025, Vol. 47 Issue 4, p753-770, 18p
Subject Terms: ARTIFICIAL intelligence, MACHINE learning, SECURITY management, APPLIED sciences, MALWARE, DATA encryption, DETECTION algorithms
Abstract: In the digital security environment, the obfuscation and encryption of malicious scripts are primary attack methods used to evade detection. These scripts—easily spread through websites, emails, and file downloads—can be automatically executed on users' systems, posing serious security threats. To overcome the limitations of signature‐based detection methods, this study proposed a methodology for real‐time detection of obfuscated and encrypted malicious scripts using ML/DL models with feature optimization techniques. The obfuscated script datasets were analyzed to identify the unique characteristics, classified into 16 feature sets, to evaluate the optimal features for the best detection accuracy. Although the detection accuracy of these datasets was < 20%, when tested with commercial antivirus services, the experimental results using ML and DL models demonstrated that the proposed light gradient boosting model (LGBM) could achieve the best detection accuracy and processing speed. The LGBM outperformed other artificial intelligence models by achieving 97% accuracy and the minimum processing time in the decoded, obfuscated, and encrypted dataset cases. [ABSTRACT FROM AUTHOR]
Copyright of ETRI Journal is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Complementary Index
Description
Abstract:In the digital security environment, the obfuscation and encryption of malicious scripts are primary attack methods used to evade detection. These scripts—easily spread through websites, emails, and file downloads—can be automatically executed on users' systems, posing serious security threats. To overcome the limitations of signature‐based detection methods, this study proposed a methodology for real‐time detection of obfuscated and encrypted malicious scripts using ML/DL models with feature optimization techniques. The obfuscated script datasets were analyzed to identify the unique characteristics, classified into 16 feature sets, to evaluate the optimal features for the best detection accuracy. Although the detection accuracy of these datasets was < 20%, when tested with commercial antivirus services, the experimental results using ML and DL models demonstrated that the proposed light gradient boosting model (LGBM) could achieve the best detection accuracy and processing speed. The LGBM outperformed other artificial intelligence models by achieving 97% accuracy and the minimum processing time in the decoded, obfuscated, and encrypted dataset cases. [ABSTRACT FROM AUTHOR]
ISSN:12256463
DOI:10.4218/etrij.2024-0255