ABSTRACT:
Recent malware attacks are often distributed via emails bearing malicious documents. It is one of the security challenges faced by computing users. Despite the security improvements in Microsoft office packages and Adobe PDF viewers, its underlying code base remains vulnerable to exploits. In this research work, a DSFA-Detect framework aimed at structurally analyzing digital documents in order to extract meta-features for detection of malicious bearing documents is proposed. Detection relies upon checking for the deviation from file format specification The results of the experiment showed a 95% detection rate on a wide range of digital documents such as .docxs, .xls, .ppt, .rtf and .pdf.
Keywords:
compound file binary, malware, PDf, rich text format
