Malicious PowerShell Detection Using Attention against Adversarial Attacks

Malicious PowerShell Detection Using Attention against Adversarial Attacks

Currently, hundreds of thousands of new malicious files are created daily. Existing pattern-based antivirus solutions face difficulties in detecting such files. In addition, malicious PowerShell files are currently being used for fileless attacks. To prevent these problems, artificial intelligence-b...

Full description

Bibliographic Details
Main Author: Sunoh Choi
Format: Article
Language:English
Published: MDPI AG 2020-11-01
Series:Electronics
Subjects:
Malicious PowerShell detection
adversarial attack
GAN
Online Access:https://www.mdpi.com/2079-9292/9/11/1817
Description
Summary:Currently, hundreds of thousands of new malicious files are created daily. Existing pattern-based antivirus solutions face difficulties in detecting such files. In addition, malicious PowerShell files are currently being used for fileless attacks. To prevent these problems, artificial intelligence-based detection methods have been suggested. However, methods that use a generative adversarial network (GAN) to avoid AI-based detection have been proposed recently. Attacks that use such methods are called adversarial attacks. In this study, we propose an attention-based filtering method to prevent adversarial attacks. Using the attention-based filtering method, we can obtain restored PowerShell data from fake PowerShell data generated by GAN. First, we show that the detection rate of the fake PowerShell data generated by GAN in an existing malware detector is 0%. Subsequently, we show that the detection rate of the restored PowerShell data generated by attention-based filtering is 96.5%.
ISSN:2079-9292

Similar Items