Hidden Message Detection in MS-Word File by Analyzing Abnormal File Structure

Abstract

Messages can be concealed by exploiting the internal structural features of MS-Word (docx) files, which are saved as ZIP files. In the MS-Word file which is stored based on ZIP structure, messages can be hidden through structural forgery and modification process. This can also be applied to JPG and PNG images included in OOXML-based internal files. Therefore, it is necessary to analyze forgery and alteration of digital document through internal structure analysis of MS-Word file. In this paper, we examine the vulnerability of OOXML-based MS-Word file structure, and analyze how data can be concealed in MS-Word file. As a detection mechanism, we implemented a software to identify hidden message on MS-Word file efficiently for responding forgery attacks.