Automated microsoft office macro malware detection using machine learning

机译：使用机器学习自动检测Microsoft Office宏恶意软件

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Macro malware in Microsoft (MS) Office files has long persisted as a cybersecurity threat. Though it ebbed after its initial rampages around the turn of the century, it has reemerged as threat. Attackers are taking a persuasive approach and using document engineering, aided by improved data mining methods, to make MS Office file malware appear legitimate. Recent attacks have targeted specific corporations with malicious documents containing unusually relevant information. This development undermines the ability of users to distinguish between malicious and legitimate MS Office files and intensifies the need for automating macro malware detection. This study proposes a method of classifying MS Office files containing macros as malicious or benign using the K-Nearest Neighbors machine learning algorithm, feature selection, and TFIDF where p-code opcode n-grams (translated VBA macro code) compose the file features. This study achieves a 96.3% file classification accuracy on a sample set of 40 malicious and 118 benign MS Office files containing macros, and it demonstrates the effectiveness of this approach as a potential defense against macro malware. Finally, it discusses the challenges automated macro malware detection faces and possible solutions.

机译：Microsoft（MS）Office文件中的宏恶意软件长期以来一直作为网络安全威胁而存在。尽管在本世纪初，它在最初的暴行之后退缩了，但它重新崛起为威胁。攻击者正在采取一种有说服力的方法，并使用文档工程技术以及改进的数据挖掘方法来使MS Office文件恶意软件看起来合法。最近的攻击已针对特定公司，其恶意文件包含异常相关的信息。这种发展破坏了用户区分恶意和合法MS Office文件的能力，并增强了自动执行宏恶意软件检测的需求。这项研究提出了一种使用K-最近邻居机器学习算法，特征选择和TFIDF将包含宏的MS Office文件分类为恶意或良性的方法，其中p代码操作码n-gram（经转换的VBA宏代码）构成了文件特征。这项研究对包含宏的40个恶意和118个良性MS Office文件的样本集实现了96.3％的文件分类精度，并且证明了该方法作为潜在的防御宏恶意软件的有效性。最后，它讨论了自动化宏恶意软件检测面临的挑战以及可能的解决方案。

著录项

来源
《IEEE International Conference on Big Data》|2017年|4448-4452|共5页
会议地点
作者
Ruth Bearden; Dan Chai-Tien Lo;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
Malware; Feature extraction; Security; Machine learning algorithms; Testing; Classification algorithms;

机译：恶意软件;特征提取;安全性;机器学习算法;测试;分类算法;

相似文献

外文文献
中文文献
专利

1. Automated multi-level malware detection system based on reconstructed semantic view of executables using machine learning techniques at VMM [J] . Ajay Kumara M.A., Jaidhar C.D. Future generation computer systems . 2018,第PTa1期

机译：在VMM上使用机器学习技术基于可执行文件的重构语义视图的自动化多级恶意软件检测系统
2. Automated poisoning attacks and defenses in malware detection systems: An adversarial machine learning approach [J] . Sen Chen, Minhui Xue, Lingling Fan, Computers & Security . 2018,第MARa期

机译：恶意软件检测系统中的自动中毒攻击和防御：对抗性机器学习方法
3. A novel malware analysis for malware detection and classification using machine learning algorithms [J] . J. P. E. Hodgson Computing reviews . 2019,第2期

机译：使用机器学习算法进行恶意软件检测和分类的新型恶意软件分析
4. Automated microsoft office macro malware detection using machine learning [C] . Ruth Bearden, Dan Chai-Tien Lo IEEE International Conference on Big Data . 2017

机译：自动化Microsoft Office宏恶意软件检测使用机器学习
5. Automating malware detection in Windows memory images using machine learning [D] . Glendowne, Dae 2015

机译：使用机器学习自动检测Windows内存映像中的恶意软件
6. Man and the machine rise to the spike‐wave. Commentary on An automated machine learning‐based detection algorithm for spike‐wave discharges (SWDs) in a mouse model of absence epilepsy. [O] . Kevin M. Kelly 2020

机译：男人和机器上升到尖峰波。缺乏癫痫鼠标模型中基于机器学习的基于机器学习的检测算法的评论。
7. Automated Poisoning Attacks and Defenses in Malware Detection Systems: An Adversarial Machine Learning Approach [O] . Chen, Sen, Xue, Minhui, Fan, Lingling, 2017

机译：恶意软件检测系统中的自动中毒攻击和防御：对抗机器学习方法
8. Machine Learning Based Malware Detection. [R] . Markel, Z. A. 2015

机译：基于机器学习的恶意软件检测。

Automated microsoft office macro malware detection using machine learning

摘要

著录项

相似文献

相关主题

期刊订阅