Analysis and Correlation of Visual Evidence in Campaigns of Malicious Office Documents

Casino, Fran; Totosis, Nikolaos; Αποστολόπουλος, Θεόδωρος; Lykousas, Nikolaos; Patsakis, Constantinos

doi:10.1145/3513025

Cited by 13 publications

(2 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2022, Fran Casino et al embarked on pioneering research that leveraged the visual aspects of cyber attacks for the identification of malicious Microsoft Office documents [29]. Their approach harnessed the power of perceptual hashing and Optical Character Recognition (OCR) to detect and analyze embedded images designed to coerce victims into enabling macros or taking other malicious actions.…”

Section: ) Machine Learning Based Approachesmentioning

confidence: 99%

Enhancing Cybersecurity With P-Code Analysis and XGBoost: A Novel Approach for Malicious VBA Macro Detection in Office Documents

Ahmadi,

Chen,

Lai

2024

IEEE Access

View full text Add to dashboard Cite

In the evolving landscape of cybersecurity, the prevalence of malicious Visual Basic for Applications (VBA) macros embedded in Office documents presents a formidable challenge. These macros, while integral to automation, have become potent vehicles for cyber-attacks, necessitating advanced detection techniques. This study introduces a comprehensive framework employing P-Code Analysis and XGBoost, a leading-edge machine learning algorithm, to address this issue. The proposed solution synergizes static analysis of VBA source code with dynamic P-Code structural analysis, enhanced by Natural Language Processing (NLP) techniques for effective feature extraction. By integrating these methodologies, our model adeptly distinguishes between benign and malicious macros, achieving an unprecedented detection accuracy of 98.70% and an F1-score of 98.81% in rigorous testing environments. The core contribution of this research lies in its innovative approach to malicious macro detection, offering a robust framework that significantly improves upon existing methods. Additionally, the utilization of XGBoost for machine learning analysis introduces a novel application in cybersecurity defenses against macro-based threats. The results underscore the efficacy of combining P-Code analysis with machine learning for cybersecurity, marking a significant stride in the detection of sophisticated cyber threats. This study not only advances the domain of cybersecurity but also lays the groundwork for future research, advocating for the exploration of further optimizations and the adaptation of our model to combat evolving attack vectors.

show abstract

Section: ) Machine Learning Based Approachesmentioning

confidence: 99%

Enhancing Cybersecurity With P-Code Analysis and XGBoost: A Novel Approach for Malicious VBA Macro Detection in Office Documents

Ahmadi,

Chen,

Lai

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The aforesaid improvements have facilitated the exceptional performance of machine learning algorithms in this particular field (Mishra A, 2020 ;Reddy DK, 2023). The NLP techniques have been crucial in enabling the detection of harmful intent in textual data, as demonstrated by their successful implementation in the identification of phishing efforts (Casino F, 2023). Scam detection using text has been greatly improved by NLP techniques successfully (Kumar S, 2023).…”

Section: Introductionmentioning

confidence: 99%

Threat Detection and Response Using AI and NLP in Cybersecurity

Ismail

2024

JISIS

View full text Add to dashboard Cite

Introduction: In an age of rapid technical innovation and a growing digital world, protecting sensitive data from cyberattacks is crucial. The dynamic and complicated nature of these attacks requires novel cybersecurity solutions. Methods: This study analyses how Artificial Intelligence (AI) and Natural Language Processing (NLP) strengthen cybersecurity. The qualitative research approach is followed to gather data through a literature review of relevant scholarly articles and conduct interviews with cybersecurity specialists. Results: Recent AI advances have greatly enhanced the detection of anomalous patterns and behaviors in huge datasets, a key threat identification tool. NLP has also excelled at detecting malevolent intent in textual data, such as phishing efforts. AI and NLP enable adaptive security policies, enabling agile responses to evolving security issues. Expert interviews confirm that AI and NLP reduce false positives, improve threat intelligence, streamline network security setups, and improve compliance checks. These technologies enable responsive security policies, which give a strategic edge against developing security threats. AI and NLP's predictive skills could revolutionize cybersecurity by preventing threats. Conclusion: This study shows that AI and NLP have improved cybersecurity threat detection, automated incident response, and adaptive security policies. Overcoming threat detection, aggressive attacks and data privacy issues is essential to properly leveraging these advances and strengthening cyber resilience in a changing digital landscape.

show abstract

Detection of MSOffice-Embedded Malware: Feature Mining and Short- vs. Long-Term Performance

Vitel

Lupascu

Gavriluţ

et al. 2022

Information Security Practice and Experience

View full text Add to dashboard Cite

Analysis and Correlation of Visual Evidence in Campaigns of Malicious Office Documents

Cited by 13 publications

References 15 publications

Enhancing Cybersecurity With P-Code Analysis and XGBoost: A Novel Approach for Malicious VBA Macro Detection in Office Documents

Enhancing Cybersecurity With P-Code Analysis and XGBoost: A Novel Approach for Malicious VBA Macro Detection in Office Documents

Threat Detection and Response Using AI and NLP in Cybersecurity

Detection of MSOffice-Embedded Malware: Feature Mining and Short- vs. Long-Term Performance

Contact Info

Product

Resources

About