標題: | Shellcode Detector for Malicious Document Hunting |
作者: | Chen, Chong-Kuan Lan, Shen-Chieh Shieh, Shiuhpyng Winston 資訊工程學系 Department of Computer Science |
關鍵字: | malicious documents;malware;shellcode |
公開日期: | 1-Jan-2017 |
摘要: | Advanced Persistent Threat (APT) attacks became a major network threat in recent years. Among APT attack techniques, sending a phishing email with malicious documents attached is considered one of the most effective ones. Although many users have the impression that documents are harmless, a malicious document may in fact contain shellcode to attack victims. To cope with the problem, we design and implement a malicious document detector called Forensor to differentiate malicious documents. Forensor integrates several open-source tools and methods. It first introspects file format to retrieve objects inside the documents, and then automatically decrypts simple encryption methods, e.g., XOR, rot and shift, commonly used in malware to discover potential shellcode. The emulator is used to verify the presence of shellcode. If shellcode is discovered, the file is considered malicious. The experiment used 9,000 benign files and more than 10,000 malware samples from a well-known sample sharing website. The result shows no false negative and only 2 false positives. |
URI: | http://hdl.handle.net/11536/150833 |
期刊: | 2017 IEEE CONFERENCE ON DEPENDABLE AND SECURE COMPUTING |
起始頁: | 527 |
結束頁: | 528 |
Appears in Collections: | Conferences Paper |