{"id":"https://openalex.org/W7131092364","doi":"https://doi.org/10.48550/arxiv.2602.18285","title":"Detecting Fileless Cryptojacking in PowerShell Using AST-Enhanced CodeBERT Models","display_name":"Detecting Fileless Cryptojacking in PowerShell Using AST-Enhanced CodeBERT Models","publication_year":2026,"publication_date":"2026-02-20","ids":{"openalex":"https://openalex.org/W7131092364","doi":"https://doi.org/10.48550/arxiv.2602.18285"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.18285","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"article","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5126596485","display_name":"Said Varlioglu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Varlioglu, Said","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126610011","display_name":"Nelly Elsayed","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Elsayed, Nelly","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121947355","display_name":"Murat Ozer","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ozer, Murat","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126589897","display_name":"Zag ElSayed","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"ElSayed, Zag","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5031863054","display_name":"John M. Emmert","orcid":"https://orcid.org/0000-0002-6074-535X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Emmert, John M.","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.22309207,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.48750001192092896,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.48750001192092896,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.36809998750686646,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.06199999898672104,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/scripting-language","display_name":"Scripting language","score":0.6158000230789185},{"id":"https://openalex.org/keywords/syntax","display_name":"Syntax","score":0.46709999442100525},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.45399999618530273},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.3650999963283539},{"id":"https://openalex.org/keywords/precision-and-recall","display_name":"Precision and recall","score":0.36239999532699585},{"id":"https://openalex.org/keywords/recall","display_name":"Recall","score":0.35109999775886536},{"id":"https://openalex.org/keywords/social-engineering","display_name":"Social engineering (security)","score":0.35010001063346863},{"id":"https://openalex.org/keywords/identity-theft","display_name":"Identity theft","score":0.31529998779296875}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7577000260353088},{"id":"https://openalex.org/C61423126","wikidata":"https://www.wikidata.org/wiki/Q187432","display_name":"Scripting language","level":2,"score":0.6158000230789185},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5081999897956848},{"id":"https://openalex.org/C60048249","wikidata":"https://www.wikidata.org/wiki/Q37437","display_name":"Syntax","level":2,"score":0.46709999442100525},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.45399999618530273},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.4020000100135803},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.3650999963283539},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.36239999532699585},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.35749998688697815},{"id":"https://openalex.org/C100660578","wikidata":"https://www.wikidata.org/wiki/Q18733","display_name":"Recall","level":2,"score":0.35109999775886536},{"id":"https://openalex.org/C70118762","wikidata":"https://www.wikidata.org/wiki/Q376934","display_name":"Social engineering (security)","level":2,"score":0.35010001063346863},{"id":"https://openalex.org/C522325796","wikidata":"https://www.wikidata.org/wiki/Q471880","display_name":"Identity theft","level":2,"score":0.31529998779296875},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.3089999854564667},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.305400013923645},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.3003999888896942},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.295199990272522},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.29120001196861267},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.28459998965263367},{"id":"https://openalex.org/C113174947","wikidata":"https://www.wikidata.org/wiki/Q2859736","display_name":"Tree (set theory)","level":2,"score":0.2712000012397766},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.2671000063419342},{"id":"https://openalex.org/C58646249","wikidata":"https://www.wikidata.org/wiki/Q127380","display_name":"Abstract syntax tree","level":3,"score":0.260699987411499},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.258899986743927},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.2540999948978424},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.25040000677108765}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.18285","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.18285","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.18285","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.18285","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5780177116394043,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"With":[0],"the":[1,99,102],"emergence":[2],"of":[3,101,104],"remote":[4],"code":[5],"execution":[6],"(RCE)":[7],"vulnerabilities":[8],"in":[9,38],"ubiquitous":[10],"libraries":[11],"and":[12,47,107],"advanced":[13],"social":[14],"engineering":[15],"techniques,":[16],"threat":[17],"actors":[18],"have":[19,28],"started":[20],"conducting":[21],"widespread":[22],"fileless":[23,80],"cryptojacking":[24,81],"attacks.":[25],"These":[26],"attacks":[27,44],"become":[29],"effective":[30],"with":[31,73],"stealthy":[32],"techniques":[33],"based":[34],"on":[35,55,77],"PowerShell-based":[36,79],"exploitation":[37],"Windows":[39],"OS":[40],"environments.":[41],"Even":[42],"if":[43],"are":[45],"detected":[46],"malicious":[48],"scripts":[49],"removed,":[50],"processes":[51],"may":[52],"remain":[53],"operational":[54],"victim":[56],"endpoints,":[57],"creating":[58],"a":[59,74,94],"significant":[60],"challenge":[61],"for":[62,111],"detection":[63],"mechanisms.":[64],"In":[65],"this":[66],"paper,":[67],"we":[68],"conducted":[69],"an":[70],"experimental":[71],"study":[72],"collected":[75],"dataset":[76],"detecting":[78],"scripts.":[82],"The":[83],"results":[84],"showed":[85],"that":[86],"Abstract":[87],"Syntax":[88],"Tree":[89],"(AST)-based":[90],"fine-tuned":[91,108],"CodeBERT":[92],"achieved":[93],"high":[95],"recall":[96],"rate,":[97],"proving":[98],"importance":[100],"use":[103],"AST":[105],"integration":[106],"pre-trained":[109],"models":[110],"programming":[112],"language.":[113]},"counts_by_year":[],"updated_date":"2026-07-15T18:14:33.161393","created_date":"2026-02-24T00:00:00"}
