1/1/2024 0 Comments Malicious pdf attributesMalicious PDF document detection based on mixed feature. ALDOCX: Detection of Unknown Malicious Microsoft Office Documents Using Designated Active Learning Methods Based on New Structural Feature Extraction Methodology. Malicious documents detection for business process management based on multi-layer abstract model. In Proceedings of the IEEE INFOCOM 2017-IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Atlanta, GA, USA, 1–. A image texture and BP neural network basec malicious files detection technique for cloud storage systems. Available online: (accessed on 16 December 2021). FBI: BEC Scams Accounted for Half of the Cyber-Crime Losses in 2019|ZDNet.Trojan.TrickBot|Malwarebytes Labs|Detections.Analyzing Malicious PDFs-Infosec Resources.Malicious PDFs|Revealing the Techniques behind the Attacks.Israeli Defence Computer Hacked Via Tainted Email-Cyber Firm|Reuters.Doctoral Dissertation, Xidian University, Xi’an, China, 2017. Research on Maliciousness Detection Algorithm of Word and PDF Documents. Parsing the OLE object of the embedded TabStrip control can cause memory corruption. This vulnerability can be used to trigger problems such as remote code execution. For example, when the OLE object of the TreeView control is embedded in a RTF file, this control causes a stack overflow problem when parsing the data in the \objdata section. The exploit can be used to execute malicious code. Various vulnerabilities might be triggered when these OLE objects are parsed. RTF documents can contain a variety of OLE objects, and the embedded OLE objects are parsed when the document are opened. The experimental results verify that the proposed method achieved good performance in terms of the detection accuracy, runtime, and scalability. Moreover, the average document detection time of the proposed method was found to be 0.5926 s, which was very close to that of McAfee (0.4887 s), and shorter than that of Kaspersky. The results of experiments demonstrated that the proposed framework achieved better detection performance than Kaspersky, NOD32, and McAfee antivirus software. ![]() In addition, the proposed framework was found to achieve better results on other types of documents the average F1-score of all these types of documents was 0.9902. Therefore, good detection rates were achieved for the two main document types of PDF and Word, and the FPR was within 1%. The F1-score of malicious PDF detection of the proposed method was 0.9956, that of malicious DOC detection was 0.9845, and that of DOCX detection was 0.9834. The proposed method was verified on two datasets, and was compared with Kaspersky, NOD32, and McAfee antivirus software. Malicious document attacks not only bring huge risks to individuals, but also seriously threaten the security of enterprises. In December 2018, a threat report from the security company MalwareBytes warned that the banking Trojan/download/botnet and its common complicity, Trickbot, mainly use email to distribute malicious Office documents that use PowerShell to download malware. Just opening the PDF file could exploit a vulnerability. Attackers can induce people to open malicious documents by sending emails with malicious attachments. Many attacks try to abuse this flaw via the use of social engineering or by hosting malicious PDF files on the Internet. In some kinds of malicious PDF attacks, the PDF reader itself contains a vulnerability or flaw that allows a file to execute malicious code. In January 2014, an attacker launched an attack by disguising a malicious PDF document as a document of the Israeli Ministry of Defense, and then sending the PDF as an attachment to an email. The average F1-score of all types of documents is found to be 0.99, and the average detection time of a document is 0.5926 s, which is at the same level as the compared antivirus software. The experimental results demonstrate that the proposed method achieves good performance in terms of the detection accuracy, runtime, and scalability. The proposed method is verified on two datasets, and is compared with Kaspersky, NOD32, and McAfee antivirus software. The generalized features include specification check errors, the structure path, code keywords, and the number of objects. A universal static detection framework for malicious documents based on feature generalization is then proposed. Malicious PDF and Word document features are abstracted and extended, which can be used to detect other types of documents. In this study, Portable Document Format (PDF), Word, Excel, Rich Test format (RTF) and image documents are taken as the research objects to study a static and fast method by which to detect malicious documents.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |