k-Depth Mimicry Attack to Secretly Embed Shellcode into PDF Files
نویسندگان
چکیده
This paper revisits the shellcode embedding problem for PDF files. We found that a popularly used shellcode embedding technique called reverse mimicry attack has not been shown to be effective against well-trained state-of-the-art detectors. To overcome the limitation of the reverse mimicry method against existing shellcode detectors, we extend the idea of reverse mimicry attack to a more generalized one by applying the k-depth mimicry method to PDF files. We implement a proof-ofconcept tool for the k-depth mimicry attack and show its feasibility by generating shellcode-embedded PDF files to evade the best known shellcode detector (PDFrate) with three classifiers. The experimental results show that all tested classifiers failed to effectively detect the shellcode embedded by the k-depth mimicry method when k ≥ 20.
منابع مشابه
Smashing the Stack with Hydra: The Many Heads of Advanced Polymorphic Shellcode
Recent work on the analysis of polymorphic shellcode engines suggests that modern obfuscation methods would soon eliminate the usefulness of signature-based network intrusion detection methods [36] and supports growing views that the new generation of shellcode cannot be accurately and efficiently represented by the string signatures which current IDS and AV scanners rely upon. In this paper, w...
متن کاملDetection and Analysis of Shellcode in Malicious Documents
A Shellcode is a code snippet used as a payload in exploiting software vulnerability. In recent trends of attack, shellcode embedded in documents are one of the widely used vectors for targeted attacks. The significant aspect of these documents are dynamic content, URL access and can be camouflaged easily. Most of the security mechanisms are not accoutered to deal with these weaponised document...
متن کاملEmbedding 3D radiology models in portable document format.
OBJECTIVE The purpose of this article is to discuss how to convert cross-sectional images into a 3D model and embed them in a Portable Document Format (PDF) file. Four programs are used: OsiriX, MeshLab, Microsoft PowerPoint, and Adobe Acrobat. Step-by-step instructions are provided. CONCLUSION Embedding 3D radiology models into PDF files is a powerful tool that may be used for clinical, educ...
متن کاملRobustness of an Edge Image using DCT & Quantization
Abstract: The interest in data hiding has raised with the recent activity in digital copyright protection schemes. One way to protect the ownership of a digital image is to secretly embed data in the content of the image identifying the owner. In particular we will describe how one can use watermarking to hide information in a digital image. Multiple watermarking is used for embedding multiple ...
متن کاملAdvanced Persistent Threat: Malicious Code Hidden in PDF Documents
Advanced Persistent Threat (APT) in recent years has become a very popular choice to steal information of specific targets using the vulnerabilities on the targets’ machine. APT involves a set of complex phases, which are difficult to detect and often initiated with spear phishing in the early stage of invasion. To help defend against APT, it is important to study the malformed Portable Documen...
متن کامل