Cyberattacks are often difficult to identify with traditional signature-based detection, because attackers continually find ways to bypass the detection methods. Therefore, researchers have introduced artificial intelligence (AI) technology for cybersecurity analysis to detect malicious PowerShell scripts. In this paper, we propose a feature optimization technique for AI-based approaches to enhance the accuracy of malicious PowerShell script detection. We statically analyze the PowerShell script and preprocess it with a method based on the tokens and abstract syntax tree (AST) for feature selection. Here, tokens and AST represent the vocabulary and structure of the PowerShell script, respectively. Performance evaluations with optimized features yield detection rates of 98% in both machine learning (ML) and deep learning (DL) experiments. Among them, the ML model with the 3-gram of selected five tokens and the DL model with experiments based on the AST 3-gram deliver the best performance.

中文翻译：

---

基于 AI 的恶意 PowerShell 检测与功能优化的评估

网络攻击通常难以通过传统的基于签名的检测来识别，因为攻击者不断寻找绕过检测方法的方法。因此，研究人员引入了人工智能 (AI) 技术进行网络安全分析，以检测恶意 PowerShell 脚本。在本文中，我们为基于 AI 的方法提出了一种特征优化技术，以提高恶意 PowerShell 脚本检测的准确性。我们静态分析 PowerShell 脚本并使用基于标记和抽象语法树 (AST) 的方法对其进行预处理以进行特征选择。这里，tokens 和 AST 分别代表 PowerShell 脚本的词汇和结构。在机器学习 (ML) 和深度学习 (DL) 实验中，具有优化特征的性能评估产生 98% 的检测率。