Macro Malware Detection using Machine Learning Techniques - A New Approach

Sergio De los Santos, José Torres

Abstract

A malware macro (also called "macro virus") is the code that exploits the macro functionality of office documents (especially Microsoft Office’s Excel and Word) to carry out malicious action against the systems of the victims that open the file. This type of malware was very popular during the late 90s and early 2000s. After its rise when it was created as a propagation method of other malware in 2014, macro viruses continue posing a threat to the user that is far from being controlled. This paper studies the possibility of improving macro malware detection via machine learning techniques applied to the properties of the code.

References

  1. Chi, D., 2006. Generic detection and elimination of marco viruses. United States of America, Patent No. US7089591 B1.
  2. Ko, C. W., 2004. Method and apparatus for detecting a macro computer virus using static analysis. US, Patent No. US6697950 B1.
  3. Lagadec, P., n.d. Decalage. [Online] Available at: https://www.decalage.info/python/oletools [Accessed 3 10 2016].
  4. McAfee, n.d. [Online] Available at: https://www.google.com/patents/US6697950
  5. Microsoft, n.d. Microsoft. [Online] Available at: https://support.office.com/en-us/article/ Introduction-to-new-file-name-extensions-eca81dcb5626-4e5b-8362-524d13ae4ec1? CorrelationId =bcd7dab6-5072-4b24-ab44-00819c4dabbe&ui=enUS&rs=en-US&ad=US&ocmsassetID=HA010006935 [Accessed 30 September 2016].
  6. MMPC, 2015. Microsoft TechNet. [Online] Available at: https://blogs.technet.microsoft.com/mmpc/2015/04/27/ social-engineering-tricks-open-the-door-to-macromalware-attacks-how-can-we [Accessed 30 September 2016].
  7. Nissim, N., Cohen, A. & Elovici, Y., 2015. Boosting the Detection of Malicious Documents Using Designated Active Learning Methods. s.l., IEEE.
  8. Pornasdoro, A., 2014. Microsoft. [Online] Available at: https://blogs.technet.microsoft.com/mmpc/2014/12/30/ before-you-enable-those macros/ [Accessed 30 September 2016].
  9. Schreck, T., Berger, S. & Göbel, J., 2013. BISSAM:Binary Instrumentation System for Secure Analysis of Malicious Documents. Munich, Siemens CERT.
  10. Shipp, A., 2009. System for and method of detecting malware in macros and executable scripts. US, Patent No. US7493658 B2.
  11. Wikipedia, n.d. Wikipedia. [Online] Available at: https://en.wikipedia.org/wiki/Melissa_(computer_ virus) [Accessed 30 September 2016].
  12. Wikipedia, n.d. Wikipedia. [Online] Available at: https://en.wikipedia.org/wiki/Visual_Basic_for_Appli cations [Accessed 30 September 2016].
Download


Paper Citation


in Harvard Style

De los Santos S. and Torres J. (2017). Macro Malware Detection using Machine Learning Techniques - A New Approach . In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-209-7, pages 295-302. DOI: 10.5220/0006132202950302


in Bibtex Style

@conference{icissp17,
author={Sergio De los Santos and José Torres},
title={Macro Malware Detection using Machine Learning Techniques - A New Approach},
booktitle={Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2017},
pages={295-302},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006132202950302},
isbn={978-989-758-209-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Macro Malware Detection using Machine Learning Techniques - A New Approach
SN - 978-989-758-209-7
AU - De los Santos S.
AU - Torres J.
PY - 2017
SP - 295
EP - 302
DO - 10.5220/0006132202950302