Repositori institucional URV
Español Català English
TITLE:
Invoice #31415 attached: Automated analysis of malicious Microsoft Office documents - imarina:9246549

URV's Author/s:Casino Cembellín, Francisco José
Author, as appears in the article.:Koutsokostas, V; Lykousas, N; Apostolopoulos, T; Orazi, G; Ghosal, A; Casino, F; Conti, M; Patsakis, C
Author's mail:franciscojose.casino@urv.cat
Author identifier:0000-0003-4296-2876
Journal publication year:2022
Publication Type:Journal Publications
APA:Koutsokostas, V; Lykousas, N; Apostolopoulos, T; Orazi, G; Ghosal, A; Casino, F; Conti, M; Patsakis, C (2022). Invoice #31415 attached: Automated analysis of malicious Microsoft Office documents. Computers & Security, 114(), -. DOI: 10.1016/j.cose.2021.102582
Papper original source:Computers & Security. 114
Abstract:Microsoft Office may be by far the most widely used suite for processing documents, spreadsheets, and presentations. Due to its popularity, it is continuously utilised to carry out malicious campaigns. Threat actors, exploiting the platform's dynamic features, use it to launch their attacks and penetrate millions of hosts in their campaigns.This work explores the modern landscape of malicious Microsoft Office documents, exposing the means that malware authors use. We leverage a taxonomy of the tools used to weaponise Microsoft Office documents and explore the modus operandi of malicious actors. Moreover, we generated and publicly shared a specially crafted dataset, which relies on incorporating benign and malicious documents containing many dynamic features such as VBA macros and DDE. The latter is crucial for a fair and realistic analysis, an open issue in the current state of the art. This allows us to draw safe conclusions on the malicious features and behaviour. More precisely, we extract the necessary features with an automated analysis pipeline to efficiently and accurately classify a document as benign or malicious using machine learning with an F-1 score above 0.98, outperforming the current state of the art detection algorithms. (C) 2021 The Authors. Published by Elsevier Ltd.
Article's DOI:10.1016/j.cose.2021.102582
Link to the original source:https://www.sciencedirect.com/science/article/pii/S0167404821004053?via%3Dihub
Papper version:info:eu-repo/semantics/publishedVersion
licence for use:https://creativecommons.org/licenses/by/3.0/es/
Department:Enginyeria Informàtica i Matemàtiques
Licence document URL:https://repositori.urv.cat/ca/proteccio-de-dades/
Thematic Areas:Administração pública e de empresas, ciências contábeis e turismo
Ciência da computação
Ciências agrárias i
Ciencias sociales
Computer science (all)
Computer science (miscellaneous)
Computer science, information systems
Engenharias iv
General computer science
Law
Keywords:Lolbas
Macro malware
Malware
Office documents
Powershell
Entity:Universitat Rovira i Virgili
Record's date:2024-10-12
Search your record at:

Available files
FileDescriptionFormat
DocumentPrincipalDocumentPrincipalapplication/pdf

Information

© 2011 Universitat Rovira i Virgili