Design and Implementation of a ML-based Detection System for Malicious Script Hidden Corrupted Digital Files (머신러닝 기반 손상된 디지털 파일 내부 은닉 악성 스크립트 판별 시스템 설계 및 구현)

Lee, Hyung Woo (이형우); Sangwon Na (나상원)

doi:10.20465/KIOTS.2023.9.6.001

Design and Implementation of a ML-based Detection System for Malicious Script Hidden Corrupted Digital Files

Journal of Internet of Things and Convergence
Abbr : JKIOTS
2023, 9(6), pp.1-9
DOI : 10.20465/KIOTS.2023.9.6.001
Publisher : The Korea Internet of Things Society
Research Area : Engineering > Computer Science > Internet Information Processing
Received : September 17, 2023
Accepted : November 24, 2023
Published : December 29, 2023

Lee, Hyung Woo ¹, Sangwon Na ¹

¹한신대학교

Accredited

ABSTRACT

Malware files containing concealed malicious scripts have recently been identified within MS Office documents frequently. In response, this paper describes the design and implementation of a system that automatically detects malicious digital files using machine learning techniques. The system is proficient in identifying malicious scripts within MS Office files that exploit the OLE VBA macro functionality, detecting malicious scripts embedded within the CDH/LFH/ECDR internal field values through OOXML structure analysis, and recognizing abnormal CDH/LFH information introduced within the OOXML structure, which is not conventionally referenced. Furthermore, this paper presents a mechanism for utilizing the VirusTotal malicious script detection feature to autonomously determine instances of malicious tampering within MS Office files. This leads to the design and implementation of a machine learning-based integrated software. Experimental results confirm the software's capacity to autonomously assess MS Office file’s integrity and provide enhanced detection performance for arbitrary MS Office files when employing the optimal machine learning model.

KEYWORDS

MS Office File, Malicious Script, Machine Learning, Auto-Detection System, SW Implementation.

Citation status

* References for papers published after 2023 are currently being built.

[web] J. Paoli / Ecma-376 office open xml file formats / https://ecma-international.org/publications-and-standards/standards/ecma-376/

[journal] A. M. Naser / 2016 / Analyzing and detecting malicious content : Docxfiles / International Journal of Computer Science and Information Security 14(8) : 404~

[thesis] P. Singh / 2017 / Detection of Malicious OOXML Documents Using Domain Specific Features / Master / Indian Institute of Information Technology and Management

[journal] Z. Wang / 2021 / Applications of Machine Learning in Public Security Informatin and Resource Management / Hindawi Scientific Programming 2021

[journal] Y. Liu / 2020 / Blockchain and machine learning for communications and networking systems / IEEE Communications Surveys &Tutorials 22(2) : 1392~1431

[journal] R. Gupta / 2020 / Machine learning models for secure data analytics : a taxonomy and threat model / Computer Communications 153 : 406~440

[journal] A. Cohen / 2016 / Sfem : Structural feature extraction methodology for the detection of malicious office documents using machine learning methods / ExpertSystems with Applications 63 : 324~343

[journal] 이한성 / 2019 / Forgery Detection Mechanism with Abnormal Structure Analysis on Office Open XML based MS-Word File / The International Journal of Advanced Smart Convergence / 한국인터넷방송통신학회 8(4) : 47~57

[confproc] S. Na / 2023 / Implementation of Malicious Data Analysis and Detection System Hidden in the Slack Space of Corrupted OOXML-based MS-Office Digital Files / Advanced and Applied Convergence Letters AACL 21 (9th International Joint Conference on Convergence, IJCC2023) : 97~103

[journal] A. Catsiglione / 2011 / Hiding Information into OOXML Documents : New Steganographic Perspectives / Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications 2(4) : 59~83

[confproc] S. D. l. Santos / 2017 / Macro malware detection using machine learning techniques - a new approach / Proceedings of the 3rd International Conference on Information SystemsSecurity and Privacy / ICISSP, INSTICC. SciTePress 1 : 295~302

[confproc] S. Kim / 2018 / Obfuscated vba macro detection using machine learning / 201848th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) : 490~501

[other] FireEye / 2018 / Malicious PowerShell Detection via Machine Learning

[journal] B. Mahesh / 2020 / Machine Learning Algorithms – A Review / International Journal of Science and Research 9(1)

[book] W. Richert / Building Machine Learning Systems with Python / Packt Publishing Ltd

[web] / VirusTotal / https://www.virustotal.com/

[web] / Python / https://www.python.org/

[web] / scikit-learn / https://scikit-learn.org/

This paper was written with support from the National Research Foundation of Korea.

KJCKorea
Journal Central

Journal of Internet of Things and Convergence 2023 KCI Impact Factor : 0.89

Design and Implementation of a ML-based Detection System for Malicious Script Hidden Corrupted Digital Files

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of Internet of Things and Convergence 2023 KCI Impact Factor : 0.89

Design and Implementation of a ML-based Detection System for Malicious Script Hidden Corrupted Digital Files

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (18) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.