"A New Static Detection Method of Malicious Document Based on Wavelet Package Analysis"

Submitted by abfox on Tue, 02/14/2017 - 2:18pm

Title	"A New Static Detection Method of Malicious Document Based on Wavelet Package Analysis"
Publication Type	Conference Paper
Year of Publication	2015
Authors	B. Gu, Y. Fang, P. Jia, L. Liu, L. Zhang, M. Wang
Conference Name	2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP)
Date Published	Sept
Publisher	IEEE
ISBN Number	978-1-5090-0188-0
Accession Number	15804711
Keywords	Compounds, document handling, entropy analysis componen, feature extraction, infected compound document, invasive software, malicious code, malicious document detection, malicious document detection system, malicious program, Malware, persistent threat attacks, Portable document format, pubcrawl170101, static detection method, wavelet analysis, wavelet package analysis, wavelet transform, wavelet transforms, zero-day exploit
Abstract	More and more advanced persistent threat attacks has happened since 2009. This kind of attacks usually use more than one zero-day exploit to achieve its goal. Most of the times, the target computer will execute malicious program after the user open an infected compound document. The original detection method becomes inefficient as the attackers using a zero-day exploit to structure these compound documents. Inspired by the detection method based on structural entropy, we apply wavelet analysis to malicious document detection system. In our research, we use wavelet analysis to extract features from the raw data. These features will be used todetect whether the compound document was embed malicious code.
URL	http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7415824&isnumber=7415733
DOI	10.1109/IIH-MSP.2015.72
Citation Key	7415824

Groups:

Science of Security VO