Home

A Study of Malcode-Bearing Documents

Wei-Jen Li; Salvatore Stolfo; Angelos Stavrou; Elli Androulaki; Angelos D. Keromytis

Title:
A Study of Malcode-Bearing Documents
Author(s):
Li, Wei-Jen
Stolfo, Salvatore
Stavrou, Angelos
Androulaki, Elli
Keromytis, Angelos D.
Date:
Type:
Articles
Department:
Computer Science
Permanent URL:
Part Number:
4579
Book/Journal Title:
Detection of Intrusions and Malware, and Vulnerability Assessment: 4th International Conference, DIMVA 2007, Lucerne, Switzerland, July 12-13, 2007: Proceedings
Book Author:
Hämmerli, Bernhard M.
Publisher:
Springer
Publisher Location:
New York
Abstract:
By exploiting the object-oriented dynamic composability of modern document applications and formats, malcode hidden in otherwise inconspicuous documents can reach third-party applications that may harbor exploitable vulnerabilities otherwise unreachable by network-level service attacks. Such attacks can be very selective and difficult to detect compared to the typical network worm threat, owing to the complexity of these applications and data formats, as well as the multitude of document-exchange vectors. As a case study, this paper focuses on Microsoft Word documents as malcode carriers. We investigate the possibility of detecting embedded malcode in Word documents using two techniques: static content analysis using statistical models of typical document content, and run-time dynamic tests on diverse platforms. The experiments demonstrate these approaches can not only detect known malware, but also most zero-day attacks. We identify several problems with both approaches, representing both challenges in addressing the problem and opportunities for future research.
Subject(s):
Computer science
Publisher DOI:
http://dx.doi.org/10.1007/978-3-540-73614-1_14
Item views:
59
Metadata:
text | xml

In Partnership with the Center for Digital Research and Scholarship at Columbia University Libraries/Information Services | Terms of Use