Detection of Malicious Images in Production-Quality Scenarios with the SIMARGL Toolkit

Abstract

An increasing trend exploits steganography to conceal payloads in digital images, e.g., to drop malicious executables or to retrieve configuration files. Due to the very attack-specific nature of the exploited hiding mechanisms, developing general detection methods is a hard task. An effective approach concerns the creation of ad-hoc solutions to be integrated within general toolkits, also to holistically face unknown threats. Therefore, this paper discusses the integration of a tool for detecting malicious contents hidden in digital images via the Invoke-PSImage technique within the Secure Intelligent Methods for Advanced Recognition of Malware and Stegomalware framework. Since the real impact of images embedding steganographic threats and the behavior of ad-hoc solutions in realistic scenarios are still unknown territories, this work also showcases a performance evaluation conducted in a nation-wide telecommunication provider. Results demonstrated the effectiveness of the approach and also support the need of modular architectures to face the emerging wave of highly-specialized threats.