A Research of Anomaly Detection Method in MS Office Document


KIPS Transactions on Computer and Communication Systems, Vol. 6, No. 2, pp. 87-94, Feb. 2017
10.3745/KTCCS.2017.6.2.87,   PDF Download:
Keywords: MS office, Anomaly Detection, Compound File Binary Format, Forensic
Abstract

Microsoft Office is an office suite of applications developed by Microsoft. Recently users with malicious intent customize Office files as a container of the Malware because MS Office is most commonly used word processing program. To attack target system, many of malicious office files using a variety of skills and techniques like macro function, hiding shell code inside unused area, etc. And, people usually use two techniques to detect these kinds of malware. These are Signature-based detection and Sandbox. However, there is some limits to what it can afford because of the increasing complexity of malwares. Therefore, this paper propose methods to detect malicious MS office files in Computer forensics' way. We checked Macros and potential problem area with structural analysis of the MS Office file for this purpose.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
S. H. Cho and S. J. Lee, "A Research of Anomaly Detection Method in MS Office Document," KIPS Transactions on Computer and Communication Systems, vol. 6, no. 2, pp. 87-94, 2017. DOI: 10.3745/KTCCS.2017.6.2.87.

[ACM Style]
Sung Hye Cho and Sang Jin Lee. 2017. A Research of Anomaly Detection Method in MS Office Document. KIPS Transactions on Computer and Communication Systems, 6, 2, (2017), 87-94. DOI: 10.3745/KTCCS.2017.6.2.87.