Amal A. Alahmadi, Norah Alkhraan, Wojdan BinSaeedan,
PowerShell is an important tool used to automate administrative tasks. It is an open-source tool that ... on many other operating systems. Administrators generally utilize PowerShell to carry out a range of typical management ... find user information. However, researchers recently found that PowerShell was used to execute various attacks. These attacks leveraged PowerShell’s vast number of properties to access privileged ... is costly and difficult. Here, we present Malicious PowerShell Script Autodetect (MPSAutodetect), a detection model that relies ...
Tópico(s): Anomaly Detection Techniques and Applications
2022 - Elsevier BV | Computers & Security
Yong Fang, Xiangyu Zhou, Cheng Huang,
... the attack methods of hackers are changing steadily. PowerShell is a programming language based on the command ... functions and good compatibility. Therefore, hackers often use PowerShell malicious scripts to attack the victims in APT attacks. When these malicious PowerShell scripts are executed, hackers can control the victim’ ... In this paper, a detection model of malicious PowerShell scripts based on hybrid features is proposed, we ... the abstract syntax tree. Firstly, the script of PowerShell is embedded by FastText. Then the textual features, ...
Tópico(s): Text and Document Classification Technologies
2021 - Elsevier BV | Neurocomputing
... resides in memory to evade traditional detection methods. PowerShell which is a legitimate management tool used by ... there are a few studies for detecting malicious PowerShell. Previous studies proposed methods of detecting malicious PowerShell with deep neural networks. Previous methods require decoding ... we propose a static method of detecting malicious PowerShell based on word embeddings. In our method, PowerShell scripts are separated into words, and these words ...
Tópico(s): Network Security and Intrusion Detection
2021 - Elsevier BV | Internet of Things
Denis Ugarte, Davide Maiorca, Fabrizio Cara, Giorgio Giacinto,
PowerShell is nowadays a widely-used technology to administrate and manage Windows-based operating systems. However, it ... Similarly to other scripting languages used by malware, PowerShell attacks are challenging to analyze due to the ... static and dynamic multi-stage de-obfuscator for PowerShell attacks. PowerDrive instruments the PowerShell code to progressively de-obfuscate it by showing ... We used PowerDrive to successfully analyze thousands of PowerShell attacks extracted from various malware vectors and executables. ...
Tópico(s): Software Testing and Debugging Techniques
2019 - Springer Science+Business Media | Lecture notes in computer science
Jihyeon Song, Jung Tae Kim∥, Sunoh Choi, Jonghyun Kim, Ikkyun Kim,
... AI) technology for cybersecurity analysis to detect malicious PowerShell scripts. In this paper, we propose a feature ... based approaches to enhance the accuracy of malicious PowerShell script detection. We statically analyze the PowerShell script and preprocess it with a method based ... AST represent the vocabulary and structure of the PowerShell script, respectively. Performance evaluations with optimized features yield ...
Tópico(s): Advanced Malware Detection Techniques
2021 - Electronics and Telecommunications Research Institute | ETRI Journal
Meng-Han Tsai, Chia-Ching Lin, Zheng-Gang He, Wei-Chieh Yang, Chin‐Laung Lei,
In recent years, PowerShell has become the common tool that helps attackers launch targeted attacks using living-off-the-land tactics and fileless attack techniques. Unfortunately, malware-derived PowerShell Commands (PSCmds) have typically been obfuscated to hide ... combines deep learning and program analysis for automatic PowerShell De-obfuscation and behavioral Profiling (PowerDP) through multi- ...
Tópico(s): Network Security and Intrusion Detection
2022 - Institute of Electrical and Electronics Engineers | IEEE Access
... increase in the number of malicious files. Recently, powershell scripts and Windows portable executable (PE) files have ... was recently introduced. Here, we propose a malicious powershell detection method using a GCN. To use the ... similarity. In addition, we show that the malicious powershell detection rate is increased by approximately 8.2% ...
Tópico(s): Spam and Phishing Detection
2021 - Multidisciplinary Digital Publishing Institute | Applied Sciences
... difficulties in detecting such files. In addition, malicious PowerShell files are currently being used for fileless attacks. ... attention-based filtering method, we can obtain restored PowerShell data from fake PowerShell data generated by GAN. First, we show that the detection rate of the fake PowerShell data generated by GAN in an existing malware ... show that the detection rate of the restored PowerShell data generated by attention-based filtering is 96. ...
Tópico(s): Digital and Cyber Forensics
2020 - Multidisciplinary Digital Publishing Institute | Electronics
... computers for cyberattacks. In particular, the use of PowerShell provided by Microsoft has been increasing every year ... In previous studies, a method to detect malicious PowerShell commands using character-level deep learning was proposed. ... This paper proposes a method to classify unknown PowerShell without dynamic analysis. Our method uses feature vectors extracted from malicious and benign PowerShell scripts using word-level language models for classification. The datasets were generated from benign and malicious PowerShell scripts obtained from Hybrid Analysis, and benign PowerShell ...
Tópico(s): Spam and Phishing Detection
2020 - Springer Science+Business Media | Lecture notes in computer science
... undoubtedly the most blue-chip concept in Windows PowerShell (PS).It creates a significant difference between PowerShell and DOS.The working process of the pipeline ...
Tópico(s): Embedded Systems and FPGA Design
2020 - | International Journal of Emerging Trends in Engineering Research
... exploitation by combining deep reinforcement learning and the PowerShell Empire, which is famous as a post-exploitation ... Our reinforcement learning agents select one of the PowerShell Empire modules as an action. The state of ...
Tópico(s): Digital and Cyber Forensics
2020 - Elsevier BV | Computers & Security
Sherif Saad, Farhan Mahmood, William Briguglio, Haytham Elmiligi,
... attacks in the wild take advantage of MS PowerShell, however, fileless malware are not limited to MS PowerShell. In this paper, we designed and implemented a ...
Tópico(s): Security and Verification in Computing
2019 - Springer Science+Business Media | Lecture notes in computer science
Ruidong Han, Chao Yang, Jianfeng Ma, Siqi Ma, Yunbo Wang, Feng Li,
Windows proposes the PowerShell shell command line to substitute the traditional CMD. However, it is often utilized by the attacker to invade the ... In this paper, we investigate an attack combined PowerShell and image steganography. Compared with the traditional method, ... to check external links before the execution of PowerShell script. IMShell-Dec trains a machine learning classifier ...
Tópico(s): Digital and Cyber Forensics
2020 - Springer Science+Business Media | IFIP advances in information and communication technology
Chunlin Xiong, Zhenyuan Li, Yan Chen, Tiantian Zhu, Jian Wang, Hai Bin Yang, Wei Ruan,
Tópico(s): Network Security and Intrusion Detection
2022 - Springer Science+Business Media | Frontiers of Information Technology & Electronic Engineering
P. Kumaresan, Senthilkumar Mohan, Jaroslav Frnda, B D Parameshachari,
... deployed and VM performance is monitored using the PowerShell script. Tableau is used to evaluate the physical ...
Tópico(s): Cloud Data Security Solutions
2022 - Springer Nature | Journal of Cloud Computing Advances Systems and Applications
V Ravi, S.P. Gururaj, H.K. Vedamurthy, M.B. Nirmala,
... more accurately as a downloader, dropper malware, shellcode, PowerShell exploits, etc. Experimental results show that proposed method ...
Tópico(s): Spam and Phishing Detection
2022 - Elsevier BV | Global Transitions Proceedings
... windows applications and system administration tools such as PowerShell and Windows Management Instrumentation (WMI) to execute and ...
Tópico(s): Digital and Cyber Forensics
2020 - International Research Publication House | International Journal of Engineering Research and
Xinyu Wang, Işıl Dillig, Rishabh Singh,
... specific synthesizer that is now deployed in Microsoft PowerShell. In the context of matrix manipulations, we compare ...
Tópico(s): Logic, programming, and type systems
2017 - Association for Computing Machinery | Proceedings of the ACM on Programming Languages
... that's already on the machine – such as PowerShell – as a way of achieving their ends. And ...
Tópico(s): Information and Cyber Security
2017 - Elsevier BV | Network Security
Oleksandr Polozov, Sumit Gulwani,
... are deployed in several industrial products, including Microsoft PowerShell 3.0 for Windows 10, Azure Operational Management ...
Tópico(s): Software Testing and Debugging Techniques
2015 - Association for Computing Machinery | ACM SIGPLAN Notices
Kristopher A. Hunt, James P. Folsom, Reed L. Taffs, Ross P. Carlson,
... using an EFMA software package (EFMTool) and Windows PowerShell on a 50 node Microsoft high performance computing ...
Tópico(s): Biofuel production and bioconversion
2014 - Oxford University Press | Bioinformatics
Farheen S. Shaikh, Ruby J. Siegel, Aayush Srivastava, David A. Fox, Salahuddin Ahmed,
... review, we used an open-source programming language- PowerShell, to scan the massive number of existing primary ...
Tópico(s): Cancer-related molecular mechanisms research
2024 - Frontiers Media | Frontiers in Immunology
Wei Ren, Wan Dong, Huifeng Zhu, Fangfang Liu, Greg Mirt, Fan Xu,
Tópico(s): Anomaly Detection Techniques and Applications
2020 - Springer Nature | International Journal of Information Technology
Muhammd Mudassar Yamin, Basel Katt,
... access to multiple powerful system administration tools like PowerShell and WMIC. In an ideal scenario, access to ...
Tópico(s): Network Security and Intrusion Detection
2019 - Springer Science+Business Media | Lecture notes in computer science
In cyber attacks, PowerShell has become a convenient tool for attackers. A previous study proposed a classification method for PowerShell scripts that combines natural language processing (NLP) techniques ... adversarial input, no evaluation has been reported for PowerShell classification. In this study, we evaluated the possibility ... to the machine learning-based model for malicious PowerShell detection. In addition to Bag-of-Words, Latent ... we confirmed that evasion attacks are possible in PowerShell. In particular, the models using Doc2Vec decreased the ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2022 - Springer Science+Business Media | Lecture notes in computer science
Yassene Mohammed, Magnus Palmblad,
... recent, object-oriented command shell and scripting language, PowerShell, has many attractive features: an object-oriented interactive ... as bash, and object-oriented ones, such as PowerShell, is that in the latter the result of ... rather than a simple stream of characters. Conveniently, PowerShell is included in all new releases of Microsoft ... script portable. In this chapter we demonstrate how PowerShell in particular allows easy interaction with mass spectrometry ... as formatted text or graphics. These features make PowerShell much more than "yet another scripting language."
Tópico(s): Genomics and Phylogenetic Studies
2019 - Springer Science+Business Media | Methods in molecular biology
Andreas Schaffhauser, Wojciech Mazurczyk, Luca Caviglione, Marco Zuppelli, Julio Hernandez‐Castro,
... Experimental results collected by considering real-world malicious PowerShell scripts showcase that Mavis can detect attacks with ...
Tópico(s): Advanced Steganography and Watermarking Techniques
2022 - Hindawi Publishing Corporation | Security and Communication Networks
Wataru Matsuda, Mariko Fujimoto, Takuho Mitsunaga,
... Agency (CISA), tools such as China Chopper, Mimikatz, PowerShell Empire, and HUC Packet Transmitter are used in ...
Tópico(s): Digital and Cyber Forensics
2020 - | Journal of Information Processing
... actors is to repudiate as legitimate software like PowerShell and Windows Management Instrumentation.By using these tools, ...
Tópico(s): User Authentication and Security Systems
2019 - | Indian Journal of Computer Science and Engineering
... system services and resources not limited to RDP, PowerShell, Windows accessibility backdoor and DNS tunneling. Results show ...
Tópico(s): Internet Traffic Analysis and Secure E-voting
2017 - | Zambia ICT Journal