Articles producció científica> Enginyeria Informàtica i Matemàtiques

Invoice #31415 attached: Automated analysis of malicious Microsoft Office documents

  • Datos identificativos

    Identificador: imarina:9246549
    Autores:
    Koutsokostas, VLykousas, NApostolopoulos, TOrazi, GGhosal, ACasino, FConti, MPatsakis, C
    Resumen:
    Microsoft Office may be by far the most widely used suite for processing documents, spreadsheets, and presentations. Due to its popularity, it is continuously utilised to carry out malicious campaigns. Threat actors, exploiting the platform's dynamic features, use it to launch their attacks and penetrate millions of hosts in their campaigns.This work explores the modern landscape of malicious Microsoft Office documents, exposing the means that malware authors use. We leverage a taxonomy of the tools used to weaponise Microsoft Office documents and explore the modus operandi of malicious actors. Moreover, we generated and publicly shared a specially crafted dataset, which relies on incorporating benign and malicious documents containing many dynamic features such as VBA macros and DDE. The latter is crucial for a fair and realistic analysis, an open issue in the current state of the art. This allows us to draw safe conclusions on the malicious features and behaviour. More precisely, we extract the necessary features with an automated analysis pipeline to efficiently and accurately classify a document as benign or malicious using machine learning with an F-1 score above 0.98, outperforming the current state of the art detection algorithms. (C) 2021 The Authors. Published by Elsevier Ltd.
  • Otros:

    Autor según el artículo: Koutsokostas, V; Lykousas, N; Apostolopoulos, T; Orazi, G; Ghosal, A; Casino, F; Conti, M; Patsakis, C
    Departamento: Enginyeria Informàtica i Matemàtiques
    Autor/es de la URV: Casino Cembellín, Francisco José
    Palabras clave: Lolbas Macro malware Malware Office documents Powershell
    Resumen: Microsoft Office may be by far the most widely used suite for processing documents, spreadsheets, and presentations. Due to its popularity, it is continuously utilised to carry out malicious campaigns. Threat actors, exploiting the platform's dynamic features, use it to launch their attacks and penetrate millions of hosts in their campaigns.This work explores the modern landscape of malicious Microsoft Office documents, exposing the means that malware authors use. We leverage a taxonomy of the tools used to weaponise Microsoft Office documents and explore the modus operandi of malicious actors. Moreover, we generated and publicly shared a specially crafted dataset, which relies on incorporating benign and malicious documents containing many dynamic features such as VBA macros and DDE. The latter is crucial for a fair and realistic analysis, an open issue in the current state of the art. This allows us to draw safe conclusions on the malicious features and behaviour. More precisely, we extract the necessary features with an automated analysis pipeline to efficiently and accurately classify a document as benign or malicious using machine learning with an F-1 score above 0.98, outperforming the current state of the art detection algorithms. (C) 2021 The Authors. Published by Elsevier Ltd.
    Áreas temáticas: Administração pública e de empresas, ciências contábeis e turismo Ciência da computação Ciências agrárias i Ciencias sociales Computer science (all) Computer science (miscellaneous) Computer science, information systems Engenharias iv General computer science Law
    Acceso a la licencia de uso: https://creativecommons.org/licenses/by/3.0/es/
    Direcció de correo del autor: franciscojose.casino@urv.cat
    Identificador del autor: 0000-0003-4296-2876
    Fecha de alta del registro: 2024-10-12
    Versión del articulo depositado: info:eu-repo/semantics/publishedVersion
    Enlace a la fuente original: https://www.sciencedirect.com/science/article/pii/S0167404821004053?via%3Dihub
    Referencia al articulo segun fuente origial: Computers & Security. 114
    Referencia de l'ítem segons les normes APA: Koutsokostas, V; Lykousas, N; Apostolopoulos, T; Orazi, G; Ghosal, A; Casino, F; Conti, M; Patsakis, C (2022). Invoice #31415 attached: Automated analysis of malicious Microsoft Office documents. Computers & Security, 114(), -. DOI: 10.1016/j.cose.2021.102582
    URL Documento de licencia: https://repositori.urv.cat/ca/proteccio-de-dades/
    DOI del artículo: 10.1016/j.cose.2021.102582
    Entidad: Universitat Rovira i Virgili
    Año de publicación de la revista: 2022
    Tipo de publicación: Journal Publications
  • Palabras clave:

    Computer Science (Miscellaneous),Computer Science, Information Systems,Law
    Lolbas
    Macro malware
    Malware
    Office documents
    Powershell
    Administração pública e de empresas, ciências contábeis e turismo
    Ciência da computação
    Ciências agrárias i
    Ciencias sociales
    Computer science (all)
    Computer science (miscellaneous)
    Computer science, information systems
    Engenharias iv
    General computer science
    Law
  • Documentos:

  • Cerca a google

    Search to google scholar