Content area

Abstract

Translate

This manuscript introduces MPSD (Malicious PowerShell Script Detector), an advanced tool to protect Windows systems from malicious PowerShell commands and scripts commonly used in fileless malware attacks. These scripts are often hidden in Office document macros or downloaded remotely via PowerShell, posing significant threats to corporate networks. A 2018 report revealed that 77% of successful cyberattacks involved fileless malware, with PowerShell being the primary attack method, as highlighted in Red Canary’s 2022 report. To counter these threats, MPSD leverages the Antimalware Scan Interface (AMSI) to intercept and analyze real-time PowerShell scripts, preventing their execution. It further utilizes VirusTotal to filter out malicious scripts. Unlike traditional methods that rely on direct access to scripts, MPSD detects them before execution, addressing the challenge of hidden or obfuscated scripts. Experimental results show that MPSD outperforms well-known antivirus engines, with a low false-negative rate of 1.83%. MPSD is highly effective against evasion techniques like concatenation, encoding, and reordering, making it a robust tool in the cybersecurity landscape.

Details

1009240
Subject
Scripts;
Machine learning;
Threats;
Malware;
Cybersecurity;
Defense mechanisms;
Threat evaluation;
Natural language processing;
Engines;
Real time;
Anti-virus software;
Robustness
Business indexing term
Company / organization
Name:
Red Canary
NAICS:
313310
Identifier / keyword
Windows security; PowerShell commands; malware detection; Antimalware Scan Interface; VirusTotal
Title
MPSD: A Robust Defense Mechanism against Malicious PowerShell Scripts in Windows Systems
Author
Min-Hao, Wu 1   VIAFID ORCID Logo  ; Fu-Hau Hsu 2   VIAFID ORCID Logo  ; Jian-Hong Hunag 2 ; Wang, Keyuan 2   VIAFID ORCID Logo  ; Yen-Yu, Liu 2 ; Chen, Jian-Xin 2 ; Wang, Hao-Jyun 2 ; Hao-Tsung, Yang 2 

 Department of Artificial Intelligence College, Xiamen City University, Xiamen 361000, China; [email protected] 
 Department of Computer Science and Information Engineering, National Central University, Taoyuan 32001, Taiwan; [email protected] (J.-H.H.); [email protected] (K.W.); [email protected] (Y.-Y.L.); [email protected] (J.-X.C.); [email protected] (H.-J.W.); [email protected] (H.-T.Y.) 
Publication title
Electronics; Basel
Volume
13
Issue
18
First page
3717
Publication year
2024
Publication date
2024
Publisher
MDPI AG
Place of publication
Basel
Country of publication
Switzerland
Publication subject
Electronics
e-ISSN
20799292
Source type
Scholarly Journal
Language of publication
English
Document type
Journal Article
Publication history
 
 
Online publication date
2024-09-19
Milestone dates
2024-08-15 (Received); 2024-09-14 (Accepted)
Publication history
 
 
   First posting date
19 Sep 2024
DOI
https://doi.org/10.3390/electronics13183717
ProQuest document ID
3110458187
Document URL
https://www.proquest.com/scholarly-journals/mpsd-robust-defense-mechanism-against-malicious/docview/3110458187/se-2?accountid=208611
Copyright
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.
Last updated
2024-09-28
Database
ProQuest One Academic