首页> 外文会议>International Symposium on Computing and Networking Workshops >Discovering New Malware Families Using a Linguistic-Based Macros Detection Method
【24h】

Discovering New Malware Families Using a Linguistic-Based Macros Detection Method

机译:使用基于语言的宏检测方法发现新的恶意软件家族

获取原文

摘要

In recent years, the number of targeted email attacks using malicious macros has been increasing. Malicious macros are malware which is written in Visual Basic for Application. Since much source code of malicious macros is highly obfuscated, the source code contains many obfuscated words such as random numbers or strings. Today, new malware families are frequently discovered. To detect unseen malicious macros, previous work proposed a method using natural language techniques. The proposed method separates macro's source code into words, and detects malicious macros based on the appearance frequency. This method could detect unseen malicious macros. However, the unseen malicious macros might consist of known malware families. Furthermore, the mechanism and effectiveness of this method are not clear. In particular, detecting new malware families is a top priority. Hence, this paper reveals the mechanism and effectiveness of this method to detect new malware families. Our experiment shows that using only malicious macros for feature extraction and consolidating obfuscated words into a word were effective. We confirmed this method could discover 89% of new malware families.
机译:近年来,使用恶意宏的定向电子邮件攻击的数量一直在增加。恶意宏是用Visual Basic for Application编写的恶意软件。由于许多恶意宏的源代码被高度混淆,因此源代码包含许多混淆的词,例如随机数或字符串。如今,经常发现新的恶意软件家族。为了检测到看不见的恶意宏,先前的工作提出了一种使用自然语言技术的方法。所提出的方法将宏的源代码分成单词,并根据出现频率检测恶意宏。此方法可以检测到看不见的恶意宏。但是,看不见的恶意宏可能由已知的恶意软件家族组成。此外,该方法的机理和有效性尚不清楚。特别是,检测新的恶意软件家族是当务之急。因此,本文揭示了这种方法检测新恶意软件家族的机制和有效性。我们的实验表明,仅使用恶意宏进行特征提取并将混淆的单词合并为单词是有效的。我们确认此方法可以发现89%的新恶意软件家族。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号