Multi-View Malicious Document Detection
| Autor: | Jing-Yao Lin, 林敬堯 |
|---|---|
| Rok vydání: | 2013 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 101 Malicious document is one of the most notorious components of modern attacks, which may appear normal but behave strangely or beyond users' expectation; very often, it leads to severe consequences in the end. Detect- ing malicious documents tops one of the most important tasks in modern information security. Malicious documents usually contatin speci c con- trol codes inside which may cause the malicious shellcode be executed. The document control codes are originally designed to enrich the docu- ments' functionalities; but in this case,they may create vulnerabilities and then become a key to trigger attacks. Di erent from previous research that focused on detecting mali- cious document of particular format, we analyze the document objects from three general di erent views: the use of functional words, preference words, and constant data. The functional words control how an attack is launched, through what actions, if the document is considered a malicious one; the preference words usually suggest the favored choices of words; and the constant data can be consider the bullets to complete the attack. We also propose a TF-IDF-like method to normalize the features for mimicry attacks. Overall, given the three views' inputs, the detection is done via classi cation. We evaluate the proposed approach through series of ex- periments that use di erent combinations of views for prediction. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|