{"title":"Pdf文档的在线二进制可视化","authors":"Soon Heng Tan Mavric, C. Yeo","doi":"10.1109/ISCE.2018.8408906","DOIUrl":null,"url":null,"abstract":"In this paper, we develop a visualization tool which will facilitate malware reverse engineering to understand characteristics of Portable Document Format (PDF) malware. This tool is useful as it is an online tool which renders it fully accessible regardless of user devices (eg. desktops, tablets, smartphones, etc.). Malware authors typically embed malicious codes into PDF documents which execute JavaScript exploiting a vulnerability within the Adobe Reader JavaScript parser. This then can allow shellcode to be placed into the memory of a computer to run arbitrary codes. By translating PDF binary information into higher level diagrams and images, potential visual signs which differentiate between malicious and legitimate PDF documents can be observed. The proposed online binary visualization tool maps bytes in a file to pixels of assorted colors that somewhat resemble a 2D pixelated heat map. By mapping different schemes of assorted colors, we can identify JavaScript and shellcodes in a PDF document which can then raise a red flag for the human analyst.","PeriodicalId":114660,"journal":{"name":"2018 International Symposium on Consumer Technologies (ISCT)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Online binary visualization for Pdf documents\",\"authors\":\"Soon Heng Tan Mavric, C. Yeo\",\"doi\":\"10.1109/ISCE.2018.8408906\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we develop a visualization tool which will facilitate malware reverse engineering to understand characteristics of Portable Document Format (PDF) malware. This tool is useful as it is an online tool which renders it fully accessible regardless of user devices (eg. desktops, tablets, smartphones, etc.). Malware authors typically embed malicious codes into PDF documents which execute JavaScript exploiting a vulnerability within the Adobe Reader JavaScript parser. This then can allow shellcode to be placed into the memory of a computer to run arbitrary codes. By translating PDF binary information into higher level diagrams and images, potential visual signs which differentiate between malicious and legitimate PDF documents can be observed. The proposed online binary visualization tool maps bytes in a file to pixels of assorted colors that somewhat resemble a 2D pixelated heat map. By mapping different schemes of assorted colors, we can identify JavaScript and shellcodes in a PDF document which can then raise a red flag for the human analyst.\",\"PeriodicalId\":114660,\"journal\":{\"name\":\"2018 International Symposium on Consumer Technologies (ISCT)\",\"volume\":\"28 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 International Symposium on Consumer Technologies (ISCT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISCE.2018.8408906\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Symposium on Consumer Technologies (ISCT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISCE.2018.8408906","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In this paper, we develop a visualization tool which will facilitate malware reverse engineering to understand characteristics of Portable Document Format (PDF) malware. This tool is useful as it is an online tool which renders it fully accessible regardless of user devices (eg. desktops, tablets, smartphones, etc.). Malware authors typically embed malicious codes into PDF documents which execute JavaScript exploiting a vulnerability within the Adobe Reader JavaScript parser. This then can allow shellcode to be placed into the memory of a computer to run arbitrary codes. By translating PDF binary information into higher level diagrams and images, potential visual signs which differentiate between malicious and legitimate PDF documents can be observed. The proposed online binary visualization tool maps bytes in a file to pixels of assorted colors that somewhat resemble a 2D pixelated heat map. By mapping different schemes of assorted colors, we can identify JavaScript and shellcodes in a PDF document which can then raise a red flag for the human analyst.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
