Detection of malicious PowerShell: Approaches and Techniques

Abstract

Abstract :

PowerShell is a powerful automation and scripting language that is extensively used across several platforms, which has resulted in a surge in the number of malicious scripts written using it, since it has many capabilities that aid in obfuscating scripts and evading standard detection techniques. In this thesis, we will compare several ways made by researchers to identify dangerous scripts using various methodologies. We will go over each paperŠs approach and discuss pros and disadvantages before concluding with a comparison table with various metrics. We concluded that recent research in the security Ąeld focused on using machine and deep learning techniques that improved detection. The most common techniques included NLP-based approaches with different twists, as well as completely new techniques like the GCN (Graph Convolution Network). We also noted the importance of detecting obfuscated scripts because they are the most frequently used to bypass classic detection techniques, and we noted the importance of detecting obfuscated scripts because they are the most frequently used to bypass classic detection techniques.