Skip to search form Skip to main content Skip to account menu You are currently offline. Some features of the site may not work correctly. We demonstrate its effectiveness on a data corpus containing about , real-world malicious and… Expand. View Paper. Save to Library Save. Create Alert Alert. Share This Paper. Background Citations. Methods Citations. Results Citations. The widespread adoption of the PDF format for document exchange has given rise to the use of PDF files as a prime vector for malware propagation.
As vulnerabilities in the major PDF viewers keep surfacing, effective detection of malicious PDF documents remains an important issue. In this paper we pr In this paper we present MDScan, a standalone malicious document scanner that combines static document analysis and dynamic code execution to detect previously unknown PDF threats. Our evaluation shows that MDScan can detect a broad range of malicious PDF documents, even when they have been extensively obfuscated.
Automatic hooking for forensic analysis of document-based code injection attacks: Techniques and empirical analyses by Kevin Z.
Document-based code injection attacks, where-in malicious code coined shellcode is embedded in a document, have quickly replaced network-service based exploits as the pre-ferred method of attack. In this paper, we present a new tech-nique to aid in forensic and diagnostic analysis of malicious doc Abstract - Cited by 1 0 self - Add to MetaCart Document-based code injection attacks, where-in malicious code coined shellcode is embedded in a document, have quickly replaced network-service based exploits as the pre-ferred method of attack.
In this paper, we present a new tech-nique to aid in forensic and diagnostic analysis of malicious documents detected using dynamic code analysis techniques — namely, automated API call hooking and simulation. Our approach provides an API call trace of a shellcode in a few milliseconds. We also present the results of a large empirical analysis of malicious PDFs collected in the wild over the last few years. We also observed a heavy-tailed distribution of API call sequences used by contemporary shellcode.
With targeted attacks rising over the recent past, exploring a new detection and mitigation paradigm becomes mandatory. Abstract - Add to MetaCart Abstract. The use of malicious PDF files that exploit vulnerabilities in well-known PDF readers has become a popular vector for targeted at-tacks, for which few efficient approaches exist.
Although simple in theory, parsing followed by analysis of such files is resource-intensive and may even be impossible due to several obfuscation and reader-specific arti-facts. Our paper describes a new approach for detecting such malicious payloads that leverages machine learning techniques and an efficient fea-ture selection mechanism for rapidly detecting anomalies.
We assess our approach on a large selection of malicious files and report the experi-mental performance results for the developed prototype. In spite of a series of a security patches issued by Adobe and other vendors, many users still have vulnerableclientsoftwareinstalledontheircomputers.
The expressiv Abstract - Add to MetaCart Malicious PDF files remain a real threat, in practice, to masses of computer users, even after several high-profile security incidents. In this paper, we propose a highly performant static method for detection of malicious PDF documents which, instead of analyzing JavaScript or any other content, makes use of essential differences in the structuralpropertiesofmaliciousandbenignPDFfiles. Additionally, we present the first comparative evaluation of several learning setupswithregardtoresistanceagainstadversarialevasion andshowthatourmethodisreasonablyresistanttosophisticated attack scenarios.
Article :. Need Help? To overcome the above limitations, we propose the no manual feature dictionary detection model NFDD. We introduce a neural network based on word embedding and combine it with dynamic analysis that can capture behavioral information of unknown samples. Also, we have implemented traditional models based on feature dictionary for comparison. Experiments show that NFDD can effectively improve the accuracy to NFDD can detect unknown samples that cannot be detected by traditional methods.
Skip to main content. This service is more advanced with JavaScript available. Advertisement Hide. Conference paper First Online: 09 September Keywords Malicious document Dynamic analysis Feature dictionary Neural network. This is a preview of subscription content, log in to check access. SonicWall: sonicwall cyber threat report Laskov, P.
Lin, J. Lu, X.
0コメント