The growing diffusion of malware is causing non-negligible economic and social costs. Unfortunately, modern attacks evolve and adapt to defensive mechanisms, and many threats are designed for the optimal exploitation of the traits of the victims. Thus, phenomena such as mobile malware, fileless malware or stegomalware are becoming widespread and represent the next variations of malicious attacks that have to be faced. In particular, the massive amount of digital content shared on the Internet is increasingly more often being used by attackers for the injection of malicious code to bypass security tools or prevent detection. Therefore, in this paper we present an approach to reveal malware and other unwanted content appended to digital images. Specifically, we address the case of pictures compressed with the Graphics Interchange Format. Since such files are based on a well-defined standard, the anomalous data can be isolated by locating the end of the file. The advantage of this approach is its simplicity, allowing to have a scalable implementation for handling huge volumes of data.
Stegomalware Detection Through Structural Analysis of Media Files
Luca Caviglione;
2020
Abstract
The growing diffusion of malware is causing non-negligible economic and social costs. Unfortunately, modern attacks evolve and adapt to defensive mechanisms, and many threats are designed for the optimal exploitation of the traits of the victims. Thus, phenomena such as mobile malware, fileless malware or stegomalware are becoming widespread and represent the next variations of malicious attacks that have to be faced. In particular, the massive amount of digital content shared on the Internet is increasingly more often being used by attackers for the injection of malicious code to bypass security tools or prevent detection. Therefore, in this paper we present an approach to reveal malware and other unwanted content appended to digital images. Specifically, we address the case of pictures compressed with the Graphics Interchange Format. Since such files are based on a well-defined standard, the anomalous data can be isolated by locating the end of the file. The advantage of this approach is its simplicity, allowing to have a scalable implementation for handling huge volumes of data.| File | Dimensione | Formato | |
|---|---|---|---|
|
prod_424336-doc_154280.pdf
solo utenti autorizzati
Descrizione: Stegomalware Detection Through Structural Analysis of Media Files
Tipologia:
Versione Editoriale (PDF)
Dimensione
789.94 kB
Formato
Adobe PDF
|
789.94 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
