• PDF / 579,331 Bytes
• 9 Pages / 439.37 x 666.142 pts Page_size
• 76 Downloads / 217 Views

DOWNLOAD

REPORT

Abstract Malware attacks that use document files like PDF and HWP have been rapidly increasing lately. Particularly, social engineering cases of infection by document based malware that has been transferred through Web/SNS posting or spam mail that pretends to represent political/cultural issues or a work colleague has greatly increased. The threat of document malware is expected to increase as most PC users routinely access document files and the rate of this type of malware being detected by commercial vaccine programs is not that high. Therefore, this paper proposes an automatic document malware analysis system that automatically performs the static/dynamic analysis of document files like PDF and HWP and provides the result. The static analysis of document based malware identifies the existence of the script and the shell code that is generating the malicious behavior and extracts it. It also detects obfuscated codes or the use of reportedly vulnerable functions. The dynamic analysis monitors the behavior of the kernel level and generates the log. The log is then compared with the malicious behavior rule to detect the suspicious malware. In the performance test that used the actual document malware sample, the system demonstrated an outstanding detection performance. Keywords Document


Malware
Automatic analysis system

H.-K. Kang (&)
J.-S. Kim
B.-I. Kim
H.-C. Jeong Team of Security R&D, Korea Internet and Security Agency, 78, Garak-dong, Seoul, Songpa-gu, South Korea e-mail: [email protected] J.-S. Kim e-mail: [email protected] B.-I. Kim e-mail: [email protected] H.-C. Jeong e-mail: [email protected]

K. J. Kim and K.-Y. Chung (eds.), IT Convergence and Security 2012, Lecture Notes in Electrical Engineering 215, DOI: 10.1007/978-94-007-5860-5_1, Ó Springer Science+Business Media Dordrecht 2013

3

4

H.-K. Kang et al.

1 Introduction Malware attacks like Advanced Persistent Threat (APT) and spam mail using a document file have been rapidly increasing lately. These attacks are mostly used in the social engineering method, which uses a Web/SNS posting containing political and cultural issues, to induce the users download the malware, or that pretends to be a work colleague and that sends spam mail with document malware attached to it to infect the users with malware [1, 2]. Since most PC users routinely use document files, they are more vulnerable to document based malware than the existing types of PE (Portable Executable) malware. Moreover, the rate of this type of malware being detected by commercial vaccine programs is not that high. Since the commercial vaccine programs use the signature based detection method, which has a low rate of detecting document malware, the threat of document malware is expected to continue to increase [3, 4]. Therefore, this paper proposes an automatic document malware analysis system that will automatically perform the static/dynamic analyses of document files like PDF and HWP and that will provide the result. The static analysis of document malware identifies the exi

Recommend Documents

Automatic Malware Analysis An Emulator Based Approach

306 120 1MB

Automatic Document Data Storage System Based on Machine Learning

170 15 59MB

Development of an Automatic Perturbator for Dynamic Posturographic Analysis

154 66 60MB

An automatic histogram detection and information extraction from document images

184 61 1MB

GMDA: An Automatic Data Analysis System for Industrial Production

180 29 54MB

Automatic Schema Generation for Document-Oriented Systems

164 91 31MB

Malware Analysis Lab Setup

210 41 50MB

Design and Development of Photovoltaic Power Automatic System

180 100 80MB

Automatic document screening of medical literature using word and text embeddings in an active learning setting

178 80 2MB

Design and Analysis of Smart Automatic Street Light System

166 45 15MB

A Comparative Analysis of Malware Anomaly Detection

391 66 33MB

Development of an Intelligent Parking Aid System

167 41 26MB