Flash：基于联邦图学习的工业信息物理系统恶意Bash脚本检测

The industrial cyber–physical system brings profound revolutions to traditional industries, such as rail transportation, healthcare, and power generation. Linux has been the most widely used operating system for intelligent devices. It empowers efficient management while incurring vulnerability exploited attacks from cyberspace. Existing approaches mainly focus on modeling and detecting Linux malware binary files and pay little attention to preventing attacks from bash scripts. In this work, we identify two key attributions including automation and scalable and cross-domain joint for malicious bash script detection methods within industrial cyber–physical systems and present a federated graph learning-based detection architecture, namely, Flash. It first extracts command flow graphs from bash scripts by employing static analysis. Then, it adopts word embedding techniques to encode semantic information for bash commands. Next, it employs a graph attention network to generate graph embeddings. Finally, the horizontal federated learning stage could be deployed after the extraction of graph embeddings. We conduct comprehensive experiments on bash script benchmarks, which consist of 11 k malicious and 7 k normal bash script files. Experimental results show that the accuracy rate of Flash reaches 98.9% .