International journal of advanced smart convergence

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Analysis and Detection of Malicious Data Hidden in Slack Space on OOXML-based Corrupted MS-Office Digital Files

  • Sangwon, Na (Div. of Computer Engineering, Hanshin University) ;
  • Hyung-Woo, Lee (Div. of Computer Engineering, Hanshin University)
  • Received : 2023.02.08
  • Accepted : 2023.02.18
  • Published : 2023.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

OOXML-based MS-Office digital files are extensively utilized by businesses and organizations worldwide. However, OOXML-based MS-Office digital files are vulnerable to forgery and corruption attack by including hidden suspicious information, which can lead to activating malware or shell code being hidden in the file. Such malicious code can cause a computer system to malfunction or become infected with ransomware. To prevent such attacks, it is necessary to analyze and detect the corruption of OOXML-based MS-Office files. In this paper, we examine the weaknesses of the existing OOXML-based MS-Office file structure and analyzes how concealment and forgery are performed on MS-Office digital files. As a result, we propose a system to detect hidden data effectively and proactively respond to ransomware attacks exploiting MS-Office security vulnerabilities. Proposed system is designed to provide reliable and efficient detection of hidden data in OOXML-based MS-Office files, which can help organizations protect against potential security threats.

Keywords

Acknowledgement

This work is an extended version of tha paper published at the IJCC2023 conference [7]. And this work is partially supported by the Basic Science Research Program through the National Research Foundation of Korea (NRF) (No. 2021R1F1A1046954).

References

  1. Anghel, Catalin. "Digital Forensics - A Literature Review." EEA Journal of Information and Communication Technologies, vol. 2019, no. 1, 2019, pp. 23-27. DOI: https://doi.org/10.35219/eeaci.2019.1.05.
  2. Hassannataj Joloudari, J., Haderbadi, M., Mashmool, A., GhasemiGol, M., Shahab, S., and Mosavi, A. "Early Detection of the Advanced Persistent Threat Attack Using Performance Analysis of Deep Learning." arXiv e-prints, 2020.
  3. Alenezi, A., Atlam, H., Alsagri, R., Alassafi, M., and Wills, G. "IoT Forensics: A State-of-the-Art Review, Challenges and Future Directions." Proceedings of the 4th International Conference on Complexity, Future Information Systems and Risk (COMPLEXIS 2019), 2019, pp. 106-115.
  4. "Office Open XML." Wikipedia, The Free Encyclopedia. Wikimedia Foundation, Inc. 11 September 2019. Web. 20 January
  5. "Zip (file format)." Wikipedia, The Free Encyclopedia. Wikimedia Foundation, Inc. 24 September 2019. Web. 20 January
  6. "Document File Formats: Microsoft Word Document (DOCX/DOC)." LEAD Technologies, Inc. Web. 20 January 2023.
  7. Na, S., and Lee, H.W. "Implementation of Malicious Data Analysis and Detection System Hidden in the Slack Space of Corrupted OOXML-based MS-Office Digital Files", Advanced and Applied Convergence Letters AACL 21 (9 th International Joint Conference on Convergence, IJCC2023), pp.97-103, 2023.