Abstract
In recent years, the number of targeted email attacks which use Microsoft (MS) document files has been increasing. In particular, damage by malicious macros has spread in many organizations. Relevant work has proposed a method of malicious MS document files detection. To the best of our knowledge, however, no method of detecting malicious macros exists. Hence, we proposed a method which detects malicious macros themselves using machine learning. First, the proposed method creates corpuses from macros. Our method removes trivial words in the corpus. It becomes easy for the corpuses to classify malicious macros exactly. Second, Doc2Vec represents feature vectors from the corpuses. Malicious macros contain the context. Therefore, the feature vectors of Doc2Vec are classified with high accuracy. Machine learning models (Support Vector Machine, Random Forest and Multi Layer Perceptron) are trained, inputting the feature vectors and the labels. Finally, the trained models predict test feature vectors as malicious macros or benign macros. Evaluations show that the proposed method can obtain a high F-measure (0.93).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wolf in sheep’s clothing: a SophosLabs investigation into delivering malware via VBA. https://nakedsecurity.sophos.com/2017/05/31/wolf-in-sheeps-clothing-a-sophoslabs-investigation-into-delivering-malware-via-vba/
Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639–668 (2011)
Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic analysis of malicious code. J. Comput. Virol. 2, 67–77 (2006). https://doi.org/10.1007/s11416-006-0012-2
Perdisci, R., Lanzi, A., Lee, W.: McBoost: boosting scalability in malware collection and analysis using statical classification of executables. In: Computer Security Applications Conference (2008). https://doi.org/10.1109/ACSAC.2006.53
Nissim, N., Cohen, A., Elovici, Y.: ALDOCX: detection of unknown malicious microsoft office documents using designated active learning methods based on new structural feature extraction methodology. IEEE Trans. Inf. Forensics Secur. 12(3), 631–646 (2017)
Naser, A., Hadi, A.: Analyzing and detecting malicious content: DOCX files. Int. J. Comput. Sci. Inf. Secur. (IJCSIS) 14(8), 404–412 (2016)
Otsubo, Y., Mimura, M., Tanaka, H.: O-checker: detection of malicious documents through deviation from file format specification. In: Black Hat USA (2016)
Boldewin, F.: Analyzing MSOffice malware with OfficeMalScanner. https://ja.scribd.com/document/21143233/Analyzing-MSOffice-Malware-With-OfficeMalScanner
OLE Background. https://msdn.microsoft.com/en-us/library/19z074ky.aspx
Mimura, M., Otsubo, Y., Tanaka, H.: Evaluation of a brute forcing tool that extracts the RAT from a malicious document file. In: 2016 11th Asia Joint Conference on Information Security (Asia JCIS) (2016). https://doi.org/10.1109/AsiaJCIS.2016.10
Corona, I., Maiorca, D., Giacinto, G.: Lux0R: detection of malicious PDF-embedded JavaScript code through discriminant analysis of API references (2014)
Liu, D., Wang, H., Stavrou, A.: Detecting malicious Javascript in PDF through document instrumentation. In: 2014 44th Annual IEEE/IFIP International Conference Dependable Systems and Networks (DSN), pp. 100–111, ISBN 978-1-4799-2233-8 (2014)
python package index gensim 0.10.1. https://pypi.python.org/pypi/gensim/0.10.1
python package index scikit learn 0.19.0. https://pypi.python.org/pypi/scikit-learn/0.19.0
Virus Toral. https://www.virustotal.com/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Miura, H., Mimura, M., Tanaka, H. (2018). Macros Finder: Do You Remember LOVELETTER?. In: Su, C., Kikuchi, H. (eds) Information Security Practice and Experience. ISPEC 2018. Lecture Notes in Computer Science(), vol 11125. Springer, Cham. https://doi.org/10.1007/978-3-319-99807-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-99807-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99806-0
Online ISBN: 978-3-319-99807-7
eBook Packages: Computer ScienceComputer Science (R0)