Browse > Article
http://dx.doi.org/10.7236/IJASC.2019.8.4.47

Forgery Detection Mechanism with Abnormal Structure Analysis on Office Open XML based MS-Word File  

Lee, HanSeong (Div. of Computer Engineering, Hanshin Univ.)
Lee, Hyung-Woo (Div. of Computer Engineering, Hanshin Univ.)
Publication Information
International journal of advanced smart convergence / v.8, no.4, 2019 , pp. 47-57 More about this Journal
Abstract
We examine the weaknesses of the existing OOXML-based MS-Word file structure, and analyze how data concealment and forgery are performed in MS-Word digital documents. In case of forgery by including hidden information in MS-Word digital document, there is no difference in opening the file with the MS-Word Processor. However, the computer system may be malfunctioned by malware or shell code hidden in the digital document. If a malicious image file or ZIP file is hidden in the document by using the structural vulnerability of the MS-Word document, it may be infected by ransomware that encrypts the entire file on the disk even if the MS-Word file is normally executed. Therefore, it is necessary to analyze forgery and alteration of digital document through internal structure analysis of MS-Word file. In this paper, we designed and implemented a mechanism to detect this efficiently and automatic detection software, and presented a method to proactively respond to attacks such as ransomware exploiting MS-Word security vulnerabilities.
Keywords
Forgery Analysis; MS-Word; Vulnerability; Structure Analysis; Digital Forensics; Ransomware;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Wikipedia contributors, "Digital forensics," Wikipedia, The Free Encyclopedia, https://en.wikipedia.org/w/index.php?title=Digital_forensics&oldid=916341369 (accessed October 3, 2019).
2 Wikipedia contributors, "SHA-2," Wikipedia, The Free Encyclopedia, https://en.wikipedia.org/w/index.php?title=SHA-2&oldid=917408454(accessed October 3, 2019).
3 Wikipedia contributors, "Office Open XML," Wikipedia, The Free Encyclopedia, https://en.wikipedia.org/w/index.php?title=Office_Open_XML&oldid=917283554 (accessed October 3, 2019).
4 GandCrab ransomware operation says it's shutting down. By Catalin Cimpanu. Available from: https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
5 CVE-2017-3867 Detail, https://nvd.nist.gov/vuln/detail/CVE-2017-3867
6 Wikipedia contributors, "JPEG," Wikipedia, The Free Encyclopedia, https://en.wikipedia.org/w/index.php?title=JPEG&oldid=918055789 (accessed September 27, 2019).
7 Wikipedia contributors, "Zip (file format)," Wikipedia, The Free Encyclopedia, https://en.wikipedia.org/w/index.php?title=Zip_(file_format)&oldid=916422219 (accessed September 27, 2019).
8 File Formats: Microsoft Word Document (DOCX/DOC), https://www.leadtools.com/help/leadtools/v20/dh/to/document-file-formats-microsoft-word-document-docxdoc.html