2021
DOI: 10.4218/etrij.2020-0215
|View full text |Cite
|
Sign up to set email alerts
|

Evaluations of AI‐based malicious PowerShell detection with feature optimizations

Abstract: Cyberattacks are often difficult to identify with traditional signature‐based detection, because attackers continually find ways to bypass the detection methods. Therefore, researchers have introduced artificial intelligence (AI) technology for cybersecurity analysis to detect malicious PowerShell scripts. In this paper, we propose a feature optimization technique for AI‐based approaches to enhance the accuracy of malicious PowerShell script detection. We statically analyze the PowerShell script and preprocess… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
4
0

Year Published

2021
2021
2025
2025

Publication Types

Select...
7
1

Relationship

0
8

Authors

Journals

citations
Cited by 16 publications
(5 citation statements)
references
References 7 publications
1
4
0
Order By: Relevance
“…Some antivirus specifically mentions that the file is a backdoor generated by the Metasploit Framework (Figure 6). The results of this study indicate that the level of evasion achieved through the utilization of the Python obfuscation framework and PowerShell is consistent with previous studies [12,16,17,4]. The obfuscated Python payload could successfully bypass the Bitdefender antivirus.…”
Section: Results and Analysis 31 Test Results Using The Virustotal We...supporting
confidence: 88%
See 1 more Smart Citation
“…Some antivirus specifically mentions that the file is a backdoor generated by the Metasploit Framework (Figure 6). The results of this study indicate that the level of evasion achieved through the utilization of the Python obfuscation framework and PowerShell is consistent with previous studies [12,16,17,4]. The obfuscated Python payload could successfully bypass the Bitdefender antivirus.…”
Section: Results and Analysis 31 Test Results Using The Virustotal We...supporting
confidence: 88%
“…Nevertheless, in its development, the obfuscation technique is also very effective in avoiding antivirus detection [3]. The growing attacks of fileless malware that do not exist in the file system indicate that the attackers have used the technology developed by the vendors to find their own security vulnerabilities, such as the PowerShell script provided by Microsoft [4,5]. PowerShell script has been used to exploit hidden information on images by embedding malicious commands using techniques such as invoke-PSImage [6].…”
Section: Introductionmentioning
confidence: 99%
“…A potential avenue for future research is the exploration and analysis of discrepancies between the Extent and EndBlock ASTs. The analysis can be performed by machine learning and would analyze the patterns and structures of ASTs as well as the relationships between different nodes in the tree [25][26][27][28]. By leveraging machine learning algorithms, it may be possible to develop predictive models that can identify previously unseen techniques like ScriptBlock Smuggling.…”
Section: Future Workmentioning
confidence: 99%
“…Using the novel idea with DL, they successfully identify common intrinsic patterns of PowerShell codes and distinguish malware families. Song et al [25] try to optimize feature selection with a mixture of token-based and AST-based keyword extraction. By combining the vocabulary and structure of PowerShell code, the performance in detecting malicious PowerShell is increased.…”
Section: A Detection Of Malicious Powershellmentioning
confidence: 99%