利用单侧分类器改进恶意办公文档的检测

2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC) Pub Date : 2019-09-01 DOI:10.1109/SYNASC49474.2019.00041

S. Vitel, Gheorghe Balan, Dumitru-Bogdan Prelipcean

{"title":"利用单侧分类器改进恶意办公文档的检测","authors":"S. Vitel, Gheorghe Balan, Dumitru-Bogdan Prelipcean","doi":"10.1109/SYNASC49474.2019.00041","DOIUrl":null,"url":null,"abstract":"The current threat landscape is diverse and has lately been shifting from the binary executable application to a more light-coded and data-oriented approach. Considering this, the use of Microsoft Office documents in attacks has increased. The number of malicious samples is high and the complexity of evasion techniques is also challenging. The VBA macros are highly used in enterprise environments with benign purposes, so, in terms of detection, the number of false alarms should be close to zero. In this paper we discuss and propose a solution which focuses on keeping the rate of false positives as low as possible and, at the same time, maximizes the detection rate.","PeriodicalId":102054,"journal":{"name":"2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Improving Detection of Malicious Office Documents Using One-Side Classifiers\",\"authors\":\"S. Vitel, Gheorghe Balan, Dumitru-Bogdan Prelipcean\",\"doi\":\"10.1109/SYNASC49474.2019.00041\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The current threat landscape is diverse and has lately been shifting from the binary executable application to a more light-coded and data-oriented approach. Considering this, the use of Microsoft Office documents in attacks has increased. The number of malicious samples is high and the complexity of evasion techniques is also challenging. The VBA macros are highly used in enterprise environments with benign purposes, so, in terms of detection, the number of false alarms should be close to zero. In this paper we discuss and propose a solution which focuses on keeping the rate of false positives as low as possible and, at the same time, maximizes the detection rate.\",\"PeriodicalId\":102054,\"journal\":{\"name\":\"2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)\",\"volume\":\"69 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SYNASC49474.2019.00041\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SYNASC49474.2019.00041","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

当前的威胁形势是多种多样的，最近已经从二进制可执行应用程序转向更轻编码和面向数据的方法。考虑到这一点，在攻击中使用Microsoft Office文档的情况有所增加。恶意样本的数量很高，规避技术的复杂性也很具有挑战性。VBA宏在企业环境中被广泛用于良性目的，因此，就检测而言，假警报的数量应该接近于零。在本文中，我们讨论并提出了一个解决方案，其重点是保持假阳性率尽可能低，同时，最大限度地提高检出率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Improving Detection of Malicious Office Documents Using One-Side Classifiers

The current threat landscape is diverse and has lately been shifting from the binary executable application to a more light-coded and data-oriented approach. Considering this, the use of Microsoft Office documents in attacks has increased. The number of malicious samples is high and the complexity of evasion techniques is also challenging. The VBA macros are highly used in enterprise environments with benign purposes, so, in terms of detection, the number of false alarms should be close to zero. In this paper we discuss and propose a solution which focuses on keeping the rate of false positives as low as possible and, at the same time, maximizes the detection rate.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 21st International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC)

自引率

0.00%

发文量