標題: Shellcode Detector for Malicious Document Hunting
作者: Chen, Chong-Kuan
Lan, Shen-Chieh
Shieh, Shiuhpyng Winston
資訊工程學系
Department of Computer Science
關鍵字: malicious documents;malware;shellcode
公開日期: 1-一月-2017
摘要: Advanced Persistent Threat (APT) attacks became a major network threat in recent years. Among APT attack techniques, sending a phishing email with malicious documents attached is considered one of the most effective ones. Although many users have the impression that documents are harmless, a malicious document may in fact contain shellcode to attack victims. To cope with the problem, we design and implement a malicious document detector called Forensor to differentiate malicious documents. Forensor integrates several open-source tools and methods. It first introspects file format to retrieve objects inside the documents, and then automatically decrypts simple encryption methods, e.g., XOR, rot and shift, commonly used in malware to discover potential shellcode. The emulator is used to verify the presence of shellcode. If shellcode is discovered, the file is considered malicious. The experiment used 9,000 benign files and more than 10,000 malware samples from a well-known sample sharing website. The result shows no false negative and only 2 false positives.
URI: http://hdl.handle.net/11536/150833
期刊: 2017 IEEE CONFERENCE ON DEPENDABLE AND SECURE COMPUTING
起始頁: 527
結束頁: 528
顯示於類別:會議論文