论文信息 - Proactive defense against malicious documents: formalization, implementation and case studies

Proactive defense against malicious documents: formalization, implementation and case studies

The current detection model used by modern antivirus software is based on the same basic principle. Any antivirus has to analyze the threat in order to protect the user afterwards. This implies to have first a few systems to be infected, then to perform a manual or partially automated analysis of the malware to finally update the malware databases. Quite no prevention model is considered to mitigate this inherent limitation of AV software. This issue becomes critical when considering office documents (Microsoft Office, Libre Office, PDF files$$\ldots $$…) which become more and more vectors of targeted attacks and hence represent a major threat. The huge variability of documents makes the current detection model quite useless. To protect against the specific risks presented by these documents, we propose a new model of antiviral protection acting proactively and offering a strong prevention model. The document is transformed into an inactive file format to protect the user from any known or unknown threat. This module of proactive threat management has been implemented into the DAVFI project (French and International AntiVirus Demonstrator), funded by the French Strategic Digital Fund. Real and concrete cases of malicious office documents have been submitted to the analysis of this module as well as its transformation principles, demonstrating its effectiveness and accuracy.

Eric Filiol | Jonathan Dechaux

[1] Eric Filiol,et al. Formalization of Viruses and Malware Through Process Algebras , 2010, 2010 International Conference on Availability, Reliability and Security.

[2] Bernard P. Zajac. Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[3] Peter Szor,et al. The Art of Computer Virus Research and Defense , 2005 .

[4] Eric Filiol,et al. Formalisation and implementation aspects of K-ary (malicious) codes , 2007, Journal in Computer Virology.

[5] A. Kohn. [Computer viruses]. , 1989, Harefuah.

[6] Eric Filiol,et al. A statistical model for undecidable viral detection , 2007, Journal in Computer Virology.

[7] Eric Filiol,et al. Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language , 2009, RAID.

[8] Éric Filiol. Computer Viruses: from Theory to Applications , 2005 .

[9] Thomas Dullien,et al. REIL: A platform-independent intermediate representation of disassembled code for static code analysis , 2009 .

[10] Leonard M. Adleman,et al. An Abstract Theory of Computer Viruses , 1988, CRYPTO.

[11] Steve R. White,et al. An Undetectable Computer Virus , 2000 .