Detection of MSOffice-Embedded Malware: Feature Mining and Short- vs. Long-Term Performance

Vitel, Silviu Constantin; Lupascu, Marilena; Gavriluţ, Dragoş Teodor; Luchian, Henri

doi:10.1007/978-3-031-21280-2_16

Cited by 2 publications

(1 citation statement)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They extracted 15 discriminant static features of the obfuscated VBA macros. Constantin et al present a study on the detection performance of MSOffice-embedded malware [22]. Their detection models were trained and tested using a very large database of malicious and benign MSOffice documents (1.8 million files), collected over a long period of time .…”

Section: B Macro Malware Detectionmentioning

confidence: 99%

A Feasibility Study on Evasion Attacks Against NLP-Based Macro Malware Detection Algorithms

Mimura,

Yamamoto

2023

IEEE Access

View full text Add to dashboard Cite

Machine learning-based models for malware detection have gained prominence in order to detect obfuscated malware. These models extract malicious features and endeavor to classify samples as either malware or benign entities. Conversely, these benign features can be employed to imitate benign samples. With respect to Android applications, numerous researchers have assessed the hazard and tackled the problem. This evasive technique can be extended to other malicious scripts, such as macro malware. In this paper, we investigate the potential for evasive attacks against natural language processing (NLP)-based macro malware detection algorithms. We assess three language models as methods for feature extraction: Bag of Words, Latent Semantic Analysis, and Paragraph Vector. Our experimental result demonstrates that the detection rate declines to 2 percent when benign features are inserted into actual macro malware. This approach is effective even against advanced language models.

show abstract

Section: B Macro Malware Detectionmentioning

confidence: 99%