Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Towards Blockchain-Enabled Intrusion Detection for Vehicular Navigation Map System Kapitel lesen Erstes Kapitel lesen

2022 | OriginalPaper | Buchkapitel

Detection of MSOffice-Embedded Malware: Feature Mining and Short- vs. Long-Term Performance

verfasst von : Silviu Viţel, Marilena Lupaşcu, Dragoş Teodor Gavriluţ, Henri Luchian

Erschienen in: Information Security Practice and Experience

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This paper presents a study on the detection performance of MSOffice-embedded malware; the detection models were trained and tested using a very large database of malicious and benign MSOffice documents (1.8 million files), collected over a long period of time (1995–2021). The time-wise comprehensive database allowed us to shed a light on perishability (evolution of feature relevance) and detection performance of anti-malware classifiers. For the latter, we look into proactivity (short-term detection efficiency against future malware) and endurance (long-term detection robustness); aspects of the co-evolution of malware and security products are also discussed.
Along the various training and testing timewidths available in the database, our experiments indicate that, on average, neural networks reach higher levels of accuracy in MSOffice-embedded malware detection, while Random Forest achieves lower false-positive rates.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Detect Compiler Inserted Run-time Security Checks in Binary Software
Nächstes Kapitel PriApp-Install: Learning User Privacy Preferences on Mobile Apps’ Installation
Fußnoten
3
Code obfuscation is the intended modification of the original code aimed at making it unreadable/unparsable, without altering its functionality.
 
4
See “in-the-wild” description from http://​www.​wildlist.​org/​CurrentList.​txt.
 
6
The Operating System/application updates may change the entire set of binaries.
 
7
Despite the fact that Microsoft introduced security measures aimed at preventing the execution of malicious macros, attackers often managed to convince unsuspecting users to open infected documents, by disguising their origin or describing the enabling of macros as a necessary step to access a document’s data.
 
13
In the whole database D, ignoring the time stamps.
 
14
Precision = TP/(TP + FP); recall = TP/(TP + FN), where: TP - true positive; FP - false positive; FN - false negative.
 
16
Term Frequency.
 
17
Term Frequency - Inverse Document Frequency.
 
18
Bag of Words.
 
19
Latent Semantic Indexing.
 
20
Sparse Composite Document Vectors.
 
21
Area Under the ROC Curve.
 
Literatur
1.
Aboud, E., O’Brien, D.: Detection of malicious VBA macros using machine learning methods (2018)
2.
Azeez, N.A., Odufuwa, O.E., Misra, S., Oluranti, J., Damaševičius, R.: Windows PE malware detection using ensemble learning. Informatics 8(1) (2021)
3.
Bearden, R., Lo, D.C.T.: Automated Microsoft office macro malware detection using machine learning. In: 2017 IEEE International Conference on Big Data (2017)
4.
Casino, F., Totosis, N., Apostolopoulos, T., Lykousas, N., Patsakis, C.: Analysis and correlation of visual evidence in campaigns of malicious office documents (2021)
5.
Cohen, A., Nissim, N., Rokach, L., Elovici, Y.: SFEM: structural feature extraction methodology for the detection of malicious office documents using machine learning methods. Expert Syst. Appl. 63 (2016)
6.
Collberg, C., Thomborson, C.: A taxonomy of obfuscating transformations (1997)
7.
Ertaul, L., Venkatesh, S.: JHide-a tool kit for code obfuscation. In: IASTED Conference on Software Engineering and Applications, pp. 133–138 (2004)
8.
Ertaul, L., Venkatesh, S.: Novel obfuscation algorithms for software security. In: Proceedings of the 2005 International Conference on Software Engineering Research and Practice, SERP, vol. 5. Citeseer (2005)
9.
10.
Huneault-Leblanc, S., Talhi, C.: P-code based classification to detect malicious VBA macro. In: 2020 International Symposium on Networks, Computers and Communications (ISNCC), pp. 1–6. IEEE (2020)
11.
Iwamoto, K., Wasaki, K.: A method for shellcode extraction from malicious document files using entropy and emulation (2015)
12.
Kim, S., Hong, S., Oh, J., Lee, H.: Obfuscated VBA macro detection using machine learning. In: DSN, pp. 490–501. IEEE Computer Society (2018)
13.
Koutsokostas, V., et al.: Invoice# 31415 attached: automated analysis of malicious Microsoft office documents. Comput. Secur. 114, 102582 (2022)CrossRef
14.
Li, W., Stolfo, S., Stavrou, A., Androulaki, E., Keromytis, A.: A study of malcode-bearing documents (2007)
15.
16.
17.
Mimura, M.: An improved method of detecting macro malware on an imbalanced dataset. IEEE Access 8, 204709–204717 (2020)CrossRef
18.
Mimura, M.: Using fake text vectors to improve the sensitivity of minority class for macro malware detection (2020)
19.
Mimura, M., Miura, H.: Detecting unseen malicious VBA macros with NLP techniques. J. Inf. Process. 27, 555–563 (2019)
20.
Moubarak, J., Feghali, T.: Comparing machine learning techniques for malware detection. In: ICISSP (2020)
21.
Nissim, N., Cohen, A., Elovici, Y.: ALDOCX: detection of unknown malicious Microsoft office documents using designated active learning methods based on new structural feature extraction methodology (2016)
22.
Otsubo, Y.: O-checker: detection of malicious documents through deviation from file format specifications (2016)
23.
Ravi, V., Gururaj, S., Vedamurthy, H., Nirmala, M.: Analysing corpus of office documents for macro-based attacks using machine learning (2022)
24.
Rudd, E.M., Harang, R.E., Saxe, J.: MEADE: towards a malicious email attachment detection engine. CoRR abs/1804.08162 (2018)
25.
De los Santos, S., Torres, J.: Macro malware detection using machine learning techniques-a new approach. In: ICISSP, pp. 295–302 (2017)
26.
Schreck, T., Berger, S., Göbel, J.: BISSAM: automatic vulnerability identification of office documents (2012)
27.
Smutz, C., Stavrou, A.: Preventing exploits in Microsoft office documents through content randomization (2015)
28.
29.
Tzermias, Z., Sykiotakis, G., Polychronakis, M., Markatos, E.: Combining static and dynamic analysis for the detection of malicious documents (2011)
30.
Wael, D., Sayed, S.G., Abdelbaki, N.: Enhanced approach to detect malicious VBScript files based on data mining techniques. In: Shakshuki, E.M., Yasar, A.U.H. (eds.) EUSPN/ICTH. Procedia Computer Science, vol. 141, pp. 552–558 (2018)
31.
Yang, S., Chen, W., Li, S., Xu, Q.: Approach using transforming structural data into image for detection of malicious MS-doc files based on deep learning models. In: 2019 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA ASC), pp. 28–32 (2019)
32.
You, I., Yim, K.: Malware obfuscation techniques: a brief survey. In: 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, pp. 297–300. IEEE (2010)
33.
Yu, M., et al.: A unified malicious documents detection model based on two layers of abstraction (2019)
Metadaten
Titel
Detection of MSOffice-Embedded Malware: Feature Mining and Short- vs. Long-Term Performance
verfasst von
Silviu Viţel
Marilena Lupaşcu
Dragoş Teodor Gavriluţ
Henri Luchian
Copyright-Jahr
2022
Buch
Information Security Practice and Experience

Print ISBN: 978-3-031-21279-6

Electronic ISBN: 978-3-031-21280-2

Copyright-Jahr: 2022

DOI
https://doi.org/10.1007/978-3-031-21280-2_16

Premium Partner

    Bildnachweise