Shellcode detector for malicious document hunting

Chong Kuan Chen, Shen Chieh Lan, Shiuhpyng Shieh

研究成果: Conference contribution同行評審

3 引文 斯高帕斯(Scopus)

摘要

Advanced Persistent Threat (APT) attacks became a major network threat in recent years. Among APT attack techniques, sending a phishing email with malicious documents attached is considered one of the most effective ones. Although many users have the impression that documents are harmless, a malicious document may in fact contain shellcode to attack victims. To cope with the problem, we design and implement a malicious document detector called Forensor to differentiate malicious documents. Forensor integrates several open-source tools and methods. It first introspects file format to retrieve objects inside the documents, and then automatically decrypts simple encryption methods, e.g., XOR, rot and shift, commonly used in malware to discover potential shellcode. The emulator is used to verify the presence of shellcode. If shellcode is discovered, the file is considered malicious. The experiment used 9,000 benign files and more than 10,000 malware samples from a well-known sample sharing website. The result shows no false negative and only 2 false positives.

原文English
主出版物標題2017 IEEE Conference on Dependable and Secure Computing
發行者Institute of Electrical and Electronics Engineers Inc.
頁面527-528
頁數2
ISBN(電子)9781509055692
DOIs
出版狀態Published - 18 10月 2017
事件2017 IEEE Conference on Dependable and Secure Computing - Taipei, 台灣
持續時間: 7 8月 201710 8月 2017

出版系列

名字2017 IEEE Conference on Dependable and Secure Computing

Conference

Conference2017 IEEE Conference on Dependable and Secure Computing
國家/地區台灣
城市Taipei
期間7/08/1710/08/17

指紋

深入研究「Shellcode detector for malicious document hunting」主題。共同形成了獨特的指紋。

引用此