SPARSE: A Hybrid System to Detect Malcode-Bearing Documents
作者: Salvatore Stolfo , Wei-Jen Li
DOI: 10.7916/D8FJ2QNJ
关键词:
摘要: Embedding malcode within documents provides a convenient means of penetrating systems which may be unreachable by network-level service attacks. Such attacks can very targeted and difficult to detect compared the typical network worm threat due multitude document-exchange vectors. Detecting embedded in document is owing complexity modern formats that provide ample opportunity embed code myriad ways. We focus on Microsoft Word as carriers case study this paper. introduce hybrid system integrates static dynamic techniques presence location malware documents. The designed automatically update its detection models improve accuracy over time. overall with learning feedback loop demonstrated achieve 99.27% rate 3.16% false positive corpus 6228
columbia.edu
vxheaven.org参考文章(24)
Nick Cercone, Tony Abou-Assaleh, Vlado Keselj, Ray Sweidan, Detection of New Malicious Code Using N-grams Signatures. conference on privacy, security and trust. pp. 193- 196 ,(2004)
Kevin Larson, Kumar Chellapilla, Mary Czerwinski, Patrice Y. Simard, Computers beat Humans at Single Character Recognition in Reading based Human Interaction Proofs (HIPs) conference on email and anti-spam. ,(2005)
Andrew J. Noga, A Visual Data Hash Method ,(2004)
Oleg Kolesnikov, Wenke Lee, Advanced Polymorphic Worms: Evading IDS by Blending in with Normal Traffic Georgia Institute of Technology. ,(2005)
Fabrice Bellard, QEMU, a fast and portable dynamic translator usenix annual technical conference. pp. 41- 41 ,(2005)
Ke Wang, Janak J. Parekh, Salvatore J. Stolfo, Anagram: A Content Anomaly Detector Resistant to Mimicry Attack Lecture Notes in Computer Science. pp. 226- 248 ,(2006) , 10.1007/11856214_12
Christopher Kruegel, Darren Mutz, Fredrik Valeur, Giovanni Vigna, On the detection of anomalous system call arguments european symposium on research in computer security. pp. 326- 343 ,(2003) , 10.1007/978-3-540-39650-5_19
Engin Kirda, Christopher Kruegel, Darren Mutz, Giovanni Vigna, William Robertson, Automating mimicry attacks using static binary analysis usenix security symposium. pp. 11- 11 ,(2005)
Opher Dubrovsky, Saher Esmeir, John Dunagan, Helen J. Wang, Charles Reis, BrowserShield: vulnerability-driven filtering of dynamic HTML operating systems design and implementation. pp. 61- 74 ,(2006) , 10.5555/1298455.1298462
Vesselin Bontchev, Refereed paper: Macro virus identification problems Computers & Security. ,vol. 17, pp. 69- 89 ,(1998) , 10.1016/S0167-4048(97)80275-1