MPSD: A Robust Defense Mechanism against Malicious PowerShell Scripts in Windows Systems
Guardado en:
| Publicado en: | Electronics vol. 13, no. 18 (2024), p. 3717 |
|---|---|
| Autor principal: | |
| Otros Autores: | , , , , , , |
| Publicado: |
MDPI AG
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text + Graphics Full Text - PDF |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3110458187 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 2079-9292 | ||
| 024 | 7 | |a 10.3390/electronics13183717 |2 doi | |
| 035 | |a 3110458187 | ||
| 045 | 2 | |b d20240101 |b d20241231 | |
| 084 | |a 231458 |2 nlm | ||
| 100 | 1 | |a Min-Hao, Wu |u Department of Artificial Intelligence College, Xiamen City University, Xiamen 361000, China; <email>mhwu@csie.ncu.edu.tw</email> | |
| 245 | 1 | |a MPSD: A Robust Defense Mechanism against Malicious PowerShell Scripts in Windows Systems | |
| 260 | |b MDPI AG |c 2024 | ||
| 513 | |a Journal Article | ||
| 520 | 3 | |a This manuscript introduces MPSD (Malicious PowerShell Script Detector), an advanced tool to protect Windows systems from malicious PowerShell commands and scripts commonly used in fileless malware attacks. These scripts are often hidden in Office document macros or downloaded remotely via PowerShell, posing significant threats to corporate networks. A 2018 report revealed that 77% of successful cyberattacks involved fileless malware, with PowerShell being the primary attack method, as highlighted in Red Canary’s 2022 report. To counter these threats, MPSD leverages the Antimalware Scan Interface (AMSI) to intercept and analyze real-time PowerShell scripts, preventing their execution. It further utilizes VirusTotal to filter out malicious scripts. Unlike traditional methods that rely on direct access to scripts, MPSD detects them before execution, addressing the challenge of hidden or obfuscated scripts. Experimental results show that MPSD outperforms well-known antivirus engines, with a low false-negative rate of 1.83%. MPSD is highly effective against evasion techniques like concatenation, encoding, and reordering, making it a robust tool in the cybersecurity landscape. | |
| 610 | 4 | |a Red Canary | |
| 653 | |a Scripts | ||
| 653 | |a Machine learning | ||
| 653 | |a Threats | ||
| 653 | |a Malware | ||
| 653 | |a Cybersecurity | ||
| 653 | |a Defense mechanisms | ||
| 653 | |a Threat evaluation | ||
| 653 | |a Natural language processing | ||
| 653 | |a Engines | ||
| 653 | |a Real time | ||
| 653 | |a Anti-virus software | ||
| 653 | |a Robustness | ||
| 700 | 1 | |a Fu-Hau Hsu |u Department of Computer Science and Information Engineering, National Central University, Taoyuan 32001, Taiwan; <email>109522059@cc.ncu.edu.tw</email> (J.-H.H.); <email>sixkwnp@ee.ncu.edu.tw</email> (K.W.); <email>109552021@cc.ncu.edu.tw</email> (Y.-Y.L.); <email>opp556687@g.ncu.edu.tw</email> (J.-X.C.); <email>alan.wang388@g.ncu.edu.tw</email> (H.-J.W.); <email>htyang@ncu.edu.tw</email> (H.-T.Y.) | |
| 700 | 1 | |a Jian-Hong Hunag |u Department of Computer Science and Information Engineering, National Central University, Taoyuan 32001, Taiwan; <email>109522059@cc.ncu.edu.tw</email> (J.-H.H.); <email>sixkwnp@ee.ncu.edu.tw</email> (K.W.); <email>109552021@cc.ncu.edu.tw</email> (Y.-Y.L.); <email>opp556687@g.ncu.edu.tw</email> (J.-X.C.); <email>alan.wang388@g.ncu.edu.tw</email> (H.-J.W.); <email>htyang@ncu.edu.tw</email> (H.-T.Y.) | |
| 700 | 1 | |a Wang, Keyuan |u Department of Computer Science and Information Engineering, National Central University, Taoyuan 32001, Taiwan; <email>109522059@cc.ncu.edu.tw</email> (J.-H.H.); <email>sixkwnp@ee.ncu.edu.tw</email> (K.W.); <email>109552021@cc.ncu.edu.tw</email> (Y.-Y.L.); <email>opp556687@g.ncu.edu.tw</email> (J.-X.C.); <email>alan.wang388@g.ncu.edu.tw</email> (H.-J.W.); <email>htyang@ncu.edu.tw</email> (H.-T.Y.) | |
| 700 | 1 | |a Yen-Yu, Liu |u Department of Computer Science and Information Engineering, National Central University, Taoyuan 32001, Taiwan; <email>109522059@cc.ncu.edu.tw</email> (J.-H.H.); <email>sixkwnp@ee.ncu.edu.tw</email> (K.W.); <email>109552021@cc.ncu.edu.tw</email> (Y.-Y.L.); <email>opp556687@g.ncu.edu.tw</email> (J.-X.C.); <email>alan.wang388@g.ncu.edu.tw</email> (H.-J.W.); <email>htyang@ncu.edu.tw</email> (H.-T.Y.) | |
| 700 | 1 | |a Chen, Jian-Xin |u Department of Computer Science and Information Engineering, National Central University, Taoyuan 32001, Taiwan; <email>109522059@cc.ncu.edu.tw</email> (J.-H.H.); <email>sixkwnp@ee.ncu.edu.tw</email> (K.W.); <email>109552021@cc.ncu.edu.tw</email> (Y.-Y.L.); <email>opp556687@g.ncu.edu.tw</email> (J.-X.C.); <email>alan.wang388@g.ncu.edu.tw</email> (H.-J.W.); <email>htyang@ncu.edu.tw</email> (H.-T.Y.) | |
| 700 | 1 | |a Wang, Hao-Jyun |u Department of Computer Science and Information Engineering, National Central University, Taoyuan 32001, Taiwan; <email>109522059@cc.ncu.edu.tw</email> (J.-H.H.); <email>sixkwnp@ee.ncu.edu.tw</email> (K.W.); <email>109552021@cc.ncu.edu.tw</email> (Y.-Y.L.); <email>opp556687@g.ncu.edu.tw</email> (J.-X.C.); <email>alan.wang388@g.ncu.edu.tw</email> (H.-J.W.); <email>htyang@ncu.edu.tw</email> (H.-T.Y.) | |
| 700 | 1 | |a Hao-Tsung, Yang |u Department of Computer Science and Information Engineering, National Central University, Taoyuan 32001, Taiwan; <email>109522059@cc.ncu.edu.tw</email> (J.-H.H.); <email>sixkwnp@ee.ncu.edu.tw</email> (K.W.); <email>109552021@cc.ncu.edu.tw</email> (Y.-Y.L.); <email>opp556687@g.ncu.edu.tw</email> (J.-X.C.); <email>alan.wang388@g.ncu.edu.tw</email> (H.-J.W.); <email>htyang@ncu.edu.tw</email> (H.-T.Y.) | |
| 773 | 0 | |t Electronics |g vol. 13, no. 18 (2024), p. 3717 | |
| 786 | 0 | |d ProQuest |t Advanced Technologies & Aerospace Database | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3110458187/abstract/embedded/7BTGNMKEMPT1V9Z2?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text + Graphics |u https://www.proquest.com/docview/3110458187/fulltextwithgraphics/embedded/7BTGNMKEMPT1V9Z2?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text - PDF |u https://www.proquest.com/docview/3110458187/fulltextPDF/embedded/7BTGNMKEMPT1V9Z2?source=fedsrch |