International journal of advanced smart convergence

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Forgery Detection Mechanism with Abnormal Structure Analysis on Office Open XML based MS-Word File

  • Received : 2019.09.21
  • Accepted : 2019.09.30
  • Published : 2019.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

We examine the weaknesses of the existing OOXML-based MS-Word file structure, and analyze how data concealment and forgery are performed in MS-Word digital documents. In case of forgery by including hidden information in MS-Word digital document, there is no difference in opening the file with the MS-Word Processor. However, the computer system may be malfunctioned by malware or shell code hidden in the digital document. If a malicious image file or ZIP file is hidden in the document by using the structural vulnerability of the MS-Word document, it may be infected by ransomware that encrypts the entire file on the disk even if the MS-Word file is normally executed. Therefore, it is necessary to analyze forgery and alteration of digital document through internal structure analysis of MS-Word file. In this paper, we designed and implemented a mechanism to detect this efficiently and automatic detection software, and presented a method to proactively respond to attacks such as ransomware exploiting MS-Word security vulnerabilities.

Keywords

References

  1. Wikipedia contributors, "Digital forensics," Wikipedia, The Free Encyclopedia, https://en.wikipedia.org/w/index.php?title=Digital_forensics&oldid=916341369 (accessed October 3, 2019).
  2. Wikipedia contributors, "SHA-2," Wikipedia, The Free Encyclopedia, https://en.wikipedia.org/w/index.php?title=SHA-2&oldid=917408454(accessed October 3, 2019).
  3. Wikipedia contributors, "Office Open XML," Wikipedia, The Free Encyclopedia, https://en.wikipedia.org/w/index.php?title=Office_Open_XML&oldid=917283554 (accessed October 3, 2019).
  4. GandCrab ransomware operation says it's shutting down. By Catalin Cimpanu. Available from: https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
  5. CVE-2017-3867 Detail, https://nvd.nist.gov/vuln/detail/CVE-2017-3867
  6. Wikipedia contributors, "JPEG," Wikipedia, The Free Encyclopedia, https://en.wikipedia.org/w/index.php?title=JPEG&oldid=918055789 (accessed September 27, 2019).
  7. Wikipedia contributors, "Zip (file format)," Wikipedia, The Free Encyclopedia, https://en.wikipedia.org/w/index.php?title=Zip_(file_format)&oldid=916422219 (accessed September 27, 2019).
  8. File Formats: Microsoft Word Document (DOCX/DOC), https://www.leadtools.com/help/leadtools/v20/dh/to/document-file-formats-microsoft-word-document-docxdoc.html