Stegomalware detection through structural analysis of media files

Proceedings of the 15th International Conference on Availability, Reliability and Security Pub Date : 2020-08-25 DOI:10.1145/3407023.3409187

Damian Puchalski, L. Caviglione, R. Kozik, A. Marzecki, Sławomir Krawczyk, M. Choraś

{"title":"Stegomalware detection through structural analysis of media files","authors":"Damian Puchalski, L. Caviglione, R. Kozik, A. Marzecki, Sławomir Krawczyk, M. Choraś","doi":"10.1145/3407023.3409187","DOIUrl":null,"url":null,"abstract":"The growing diffusion of malware is causing non-negligible economic and social costs. Unfortunately, modern attacks evolve and adapt to defensive mechanisms, and many threats are designed for the optimal exploitation of the traits of the victims. Thus, phenomena such as mobile malware, fileless malware or stegomalware are becoming widespread and represent the next variations of malicious attacks that have to be faced. In particular, the massive amount of digital content shared on the Internet is increasingly more often being used by attackers for the injection of malicious code to bypass security tools or prevent detection. Therefore, in this paper we present an approach to reveal malware and other unwanted content appended to digital images. Specifically, we address the case of pictures compressed with the Graphics Interchange Format. Since such files are based on a well-defined standard, the anomalous data can be isolated by locating the end of the file. The advantage of this approach is its simplicity, allowing to have a scalable implementation for handling huge volumes of data.","PeriodicalId":121225,"journal":{"name":"Proceedings of the 15th International Conference on Availability, Reliability and Security","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 15th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3407023.3409187","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

The growing diffusion of malware is causing non-negligible economic and social costs. Unfortunately, modern attacks evolve and adapt to defensive mechanisms, and many threats are designed for the optimal exploitation of the traits of the victims. Thus, phenomena such as mobile malware, fileless malware or stegomalware are becoming widespread and represent the next variations of malicious attacks that have to be faced. In particular, the massive amount of digital content shared on the Internet is increasingly more often being used by attackers for the injection of malicious code to bypass security tools or prevent detection. Therefore, in this paper we present an approach to reveal malware and other unwanted content appended to digital images. Specifically, we address the case of pictures compressed with the Graphics Interchange Format. Since such files are based on a well-defined standard, the anomalous data can be isolated by locating the end of the file. The advantage of this approach is its simplicity, allowing to have a scalable implementation for handling huge volumes of data.

查看原文本刊更多论文

通过媒体文件的结构分析进行隐写软件检测

恶意软件的日益扩散正在造成不可忽视的经济和社会成本。不幸的是，现代攻击不断发展并适应防御机制，许多威胁的设计都是为了最佳地利用受害者的特征。因此，诸如移动恶意软件、无文件恶意软件或隐写恶意软件等现象正变得越来越普遍，并代表了必须面对的下一个恶意攻击变体。特别是，互联网上共享的大量数字内容越来越多地被攻击者用来注入恶意代码，以绕过安全工具或阻止检测。因此，在本文中，我们提出了一种方法来显示附加在数字图像中的恶意软件和其他不需要的内容。特别地，我们处理用图形交换格式压缩图片的情况。由于此类文件基于定义良好的标准，因此可以通过定位文件末尾来隔离异常数据。这种方法的优点是简单，允许使用可扩展的实现来处理大量数据。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 15th International Conference on Availability, Reliability and Security

自引率

0.00%

发文量