CNR Institutional Research Information System

The growing diffusion of malware is causing non-negligible economic and social costs. Unfortunately, modern attacks evolve and adapt to defensive mechanisms, and many threats are designed for the optimal exploitation of the traits of the victims. Thus, phenomena such as mobile malware, fileless malware or stegomalware are becoming widespread and represent the next variations of malicious attacks that have to be faced. In particular, the massive amount of digital content shared on the Internet is increasingly more often being used by attackers for the injection of malicious code to bypass security tools or prevent detection. Therefore, in this paper we present an approach to reveal malware and other unwanted content appended to digital images. Specifically, we address the case of pictures compressed with the Graphics Interchange Format. Since such files are based on a well-defined standard, the anomalous data can be isolated by locating the end of the file. The advantage of this approach is its simplicity, allowing to have a scalable implementation for handling huge volumes of data.

Stegomalware Detection Through Structural Analysis of Media Files

Luca Caviglione;
2020

Abstract

The growing diffusion of malware is causing non-negligible economic and social costs. Unfortunately, modern attacks evolve and adapt to defensive mechanisms, and many threats are designed for the optimal exploitation of the traits of the victims. Thus, phenomena such as mobile malware, fileless malware or stegomalware are becoming widespread and represent the next variations of malicious attacks that have to be faced. In particular, the massive amount of digital content shared on the Internet is increasingly more often being used by attackers for the injection of malicious code to bypass security tools or prevent detection. Therefore, in this paper we present an approach to reveal malware and other unwanted content appended to digital images. Specifically, we address the case of pictures compressed with the Graphics Interchange Format. Since such files are based on a well-defined standard, the anomalous data can be isolated by locating the end of the file. The advantage of this approach is its simplicity, allowing to have a scalable implementation for handling huge volumes of data.
2020
Istituto di Matematica Applicata e Tecnologie Informatiche - IMATI -
Inglese
ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security
CUING 2020 - 4th International Workshop on Criminal Use of Information Hiding congiuntamente svolto con la 15th International Conference on Availability, Reliability and Security
6
978-1-4503-8833-7
Association Of Computing Machinery (ACM)
New York
STATI UNITI D'AMERICA
Sì, ma tipo non specificato
25-28/08/2020
University College of Dublin, Dublino, Irlanda (in modalità telematica a causa di Covid-19)
stegomalware
security
information hiding
detection
2-s2.0-85090352463
6
restricted
Puchalski, Damian; Caviglione, Luca; Kozik, Rafal; Marzecki, Adrian; Krawczyk, Slawomir; Choras, Michal
273
info:eu-repo/semantics/conferenceObject
04 Contributo in convegno::04.01 Contributo in Atti di convegno
04.01 Contributo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
prod_424336-doc_154280.pdf

solo utenti autorizzati

Descrizione: Stegomalware Detection Through Structural Analysis of Media Files
Tipologia: Versione Editoriale (PDF)
Dimensione 789.94 kB
Formato Adobe PDF
  Visualizza/Apri   Richiedi una copia
789.94 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/411691
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact