Stegomalware detection through structural analysis of media files

Download paper

Details

DOI: 10.1145/3407023.3409187
Publication type: Conference paper
Conference: ARES 2020: International Conference on Availability, Reliability and Security
Location: Virtual
Online publication date: 2020-08-26

Abstract

The growing diffusion of malware is causing non-negligible economic and social costs. Unfortunately, modern attacks evolve and adapt to defensive mechanisms, and many threats are designed for the optimal exploitation of the traits of the victims. Thus, phenomena such as mobile malware, fileless malware or stegomalware are becoming widespread and represent the next variations of malicious attacks that have to be faced. In particular, the massive amount of digital content shared on the Internet is increasingly more often being used by attackers for the injection of malicious code to bypass security tools or prevent detection.

Therefore, in this paper we present an approach to reveal malware and other unwanted content appended to digital images. Specifically, we address the case of pictures compressed with the Graphics Interchange Format. Since such files are based on a well-defined standard, the anomalous data can be isolated by locating the end of the file. The advantage of this approach is its simplicity, allowing to have a scalable implementation for handling huge volumes of data.

Authors

  • Damian Puchalski
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    ITTI Sp. z o.o.
    Poznań, Poland
  • Luca Caviglione
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    National Research Council of Italy
    Genoa, Italy
  • Rafał Kozik
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    UTP University of Science and Technology
    Bydgoszcz, Poland
  • Adrian Marzecki
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    Orange Polska
    Warsaw, Poland
  • Sławomir Krawczyk
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    Orange Polska
    Warsaw, Poland
  • Michał Choraś
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    UTP University of Science and Technology
    Bydgoszcz, Poland