دورية أكاديمية
GLDOC: detection of implicitly malicious MS-Office documents using graph convolutional networks
| العنوان: | GLDOC: detection of implicitly malicious MS-Office documents using graph convolutional networks |
|---|---|
| المؤلفون: | Wenbo Wang, Peng Yi, Taotao Kou, Weitao Han, Chengyu Wang |
| المصدر: | Cybersecurity, Vol 7, Iss 1, Pp 1-14 (2024) |
| بيانات النشر: | SpringerOpen, 2024. |
| سنة النشر: | 2024 |
| المجموعة: | LCC:Computer engineering. Computer hardware LCC:Electronic computers. Computer science |
| مصطلحات موضوعية: | Im-document, APT attack, GCN, Dynamic analysis, Malicious document detection, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95 |
| الوصف: | Abstract Nowadays, the malicious MS-Office document has already become one of the most effective attacking vectors in APT attacks. Though many protection mechanisms are provided, they have been proved easy to bypass, and the existed detection methods show poor performance when facing malicious documents with unknown vulnerabilities or with few malicious behaviors. In this paper, we first introduce the definition of im-documents, to describe those vulnerable documents which show implicitly malicious behaviors and escape most of public antivirus engines. Then we present GLDOC—a GCN based framework that is aimed at effectively detecting im-documents with dynamic analysis, and improving the possible blind spots of past detection methods. Besides the system call which is the only focus in most researches, we capture all dynamic behaviors in sandbox, take the process tree into consideration and reconstruct both of them into graphs. Using each line to learn each graph, GLDOC trains a 2-channel network as well as a classifier to formulate the malicious document detection problem into a graph learning and classification problem. Experiments show that GLDOC has a comprehensive balance of accuracy rate and false alarm rate − 95.33% and 4.33% respectively, outperforming other detection methods. When further testing in a simulated 5-day attacking scenario, our proposed framework still maintains a stable and high detection accuracy on the unknown vulnerabilities. |
| نوع الوثيقة: | article |
| وصف الملف: | electronic resource |
| اللغة: | English |
| تدمد: | 2523-3246 |
| Relation: | https://doaj.org/toc/2523-3246 |
| DOI: | 10.1186/s42400-024-00243-7 |
| URL الوصول: | https://doaj.org/article/c8d5f31f4a8941998af1c735a12f89dc |
| رقم الأكسشن: | edsdoj.8d5f31f4a8941998af1c735a12f89dc |
| قاعدة البيانات: | Directory of Open Access Journals |
Find this article in full text from Springer Verlag. 
Full Text Finder | تدمد: | 25233246 |
|---|---|
| DOI: | 10.1186/s42400-024-00243-7 |