Info: Zenodo’s user support line is staffed on regular business days between Dec 23 and Jan 5. Response times may be slightly longer than normal.

Published September 4, 2019 | Version v1
Conference paper Restricted

Improving Detection of Malicious Office Documents Using One-Side Classifiers

  • 1. "Al.I. Cuza" University - Faculty of Computer Science Bitdefender Cyber Threat Intelligence Lab Iasi, Romania

Description

The current threat landscape is diverse and has lately been shifting from the binary executable application to a more light-coded and data-oriented approach. Considering this, the use of Microsoft Office documents in attacks has increased. The number of malicious samples is high and the complexity of evasion techniques is also challenging. The VBA macros are highly used in enterprise environments with benign purposes, so, in terms of detection, the number of false alarms should be close to zero. In this paper we discuss and propose a solution which focuses on keeping the rate of false positives as low as possible and, at the same time, maximizes the detection rate.

Files

Restricted

The record is publicly accessible, but files are restricted to users with access.

Additional details

Funding

CONCORDIA – Cyber security cOmpeteNCe fOr Research anD InnovAtion 830927
European Commission