OLE File Analysis and Malware Detection using Machine Learning (OLE 파일 분석과 머신러닝을 활용한 악성코드 탐지)

Hyeong Kyu Choi (최형규); Ah Reum Kang (강아름)

doi:10.9708/jksci.2022.27.05.149

OLE File Analysis and Malware Detection using Machine Learning

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2022, 27(5), pp.149-156
DOI : 10.9708/jksci.2022.27.05.149
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science
Received : March 18, 2022
Accepted : April 29, 2022
Published : May 31, 2022

Hyeong Kyu Choi ¹, Ah Reum Kang ¹

¹배재대학교

Accredited

ABSTRACT

Recently, there have been many reports of document-type malicious code injecting malicious code into Microsoft Office files. Document-type malicious code is often hidden by encoding the malicious code in the document. Therefore, document-type malware can easily bypass anti-virus programs. We found that malicious code was inserted into the Visual Basic for Applications (VBA) macro, a function supported by Microsoft Office. Malicious codes such as shellcodes that run external programs and URL-related codes that download files from external URLs were identified. We selected 354 keywords repeatedly appearing in malicious Microsoft Office files and defined the number of times each keyword appears in the body of the document as a feature. We performed machine learning with SVM, naïve Bayes, logistic regression, and random forest algorithms. As a result, each algorithm showed accuracies of 0.994, 0.659, 0.995, and 0.998, respectively.

KEYWORDS

OLE, malware, Microsoft Office, shellcode, VBA macro, random forest

Citation status

* References for papers published after 2023 are currently being built.

[web] Gil Min-kwon / 2020 / In December, HWP OLE-based APT Attack by the Geumseong121 / Dailysecu / https://www.dailysecu.com/news/articleView.html?idxno=118508

[web] Jonghyun Lee / 2021 / Ahnlab Urges Caution against Malicious Code Distributed as Document Files / Digital Daily / https://www.ddaily.co.kr/news/article/?no=221749

[web] Jonghyun Lee / 2021 / Disguised Document File for Hacking Related to Disaster Aid / Digital Daily / https://www.ddaily.co.kr/news/article/?no=223783

[journal] Jafar Alzubi / 2018 / Machine Learning from Theory to Algorithms an Overview / Journal of Physics:Conference Series 1142

[journal] Batta Mahesh / 2019 / Machine Learning Algorithms - A Review / International Journal of Science and Research 9(1)

[journal] Ah Reum Kang / 2019 / Malicious PDF Detection Model against Adversarial Attack Built from Benign PDF Containing Javascript / Applied Sciences 9(22) : 4764~

[journal] Young-Seob Jeong / 2020 / Malware Detection of Hangul Word Processor Files Using Spatial Pyramid Average Pooling / Sensors 20(18) : 5265~

[journal] Young-Seob Jeong / 2019 / Malware Detection on Byte Streams of Hangul qord Processor Files / Applied Sciences 9(23) : 5178~

[journal] Young-Seob Jeong / 2019 / Malware Detection on Byte Streams of PDF Files Using Convolutional Neural Networks / Hindawi Security and Communication Networks

[journal] 조성혜 / 2017 / A Research of Anomaly Detection Method in MS Office Document / 정보처리학회논문지. 컴퓨터 및 통신시스템 / 한국정보처리학회 6(2) : 87~94

[confproc] Hong-Koo Kang / 2012 / Development of an Automatic Document Malware Analysis System / IT Convergence and Security Lecture Notes in Electrical Engineering : 3~11

[journal] 송지현 / 2021 / Evaluations of AI‐based malicious PowerShell detection with feature optimizations / ETRI Journal / 한국전자통신연구원 43(3) : 549~560

[journal] Balal Sohail / 2021 / Macro based Malware Detection System / Turkish Journal of Computer and Mathematics Education 12(3) : 5776~5787

[confproc] Sangwoo Kim / 2018 / Obfuscated VBA Macro Detection Using Machine Learning / IEEE/IFIP International Conference on Dependable Systems and Networks : 490~501

[other] Mikus / 2005 / An Analysis of Disc Carving Techniques / Naval Postgraduate School Monterey CA Dept of Computer Science

[journal] 김재협 / 2016 / Object Classification Method Using Dynamic Random Forests and Genetic Optimization / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 21(5) : 79~89

[journal] Ji Hyun Lee / 2019 / Multi-Cutting Machine for TJ Coupler Production / Proceedings of the Korean Society of Computer Information Conference 27(1)

[journal] 최병하 / 2014 / Comparison of HMM and SVM schemes in detecting mobile Botnet / 한국컴퓨터정보학회논문지 / 한국컴퓨터정보학회 19(4) : 81~90

[confproc] Aleksander Kolcz / 2005 / Local Sparsity Control for Naive Bayes with Extreme Misclassification Costs / Proceedings of the Eleventh ACM SIGKDD International Conference on Knowledge Discovery in Data Mining : 128~137

[journal] 안영휘 / 2021 / A Study on the Development of Product Planning Prediction Model Using Logistic Regression Algorithm / 한국융합학회논문지 / 한국융합학회 12(9) : 39~47

[journal] 김판준 / 2019 / An Analytical Study on Automatic Classification of Domestic Journal articles Using Random Forest / 정보관리학회지 / 한국정보관리학회 36(2) : 57~77

[journal] 김문권 / 2015 / A Design of Effective Inference Methods and Their Application Guidelines for Supporting Various Medical Analytics Schemes / 정보과학회논문지 / 한국정보과학회 42(12) : 1590~1599

This paper was written with support from the National Research Foundation of Korea.

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

OLE File Analysis and Malware Detection using Machine Learning

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65

OLE File Analysis and Malware Detection using Machine Learning

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (1)

REFERENCES (22) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.