MEADE: Towards a Malicious Email Attachment Detection Engine

04/22/2018
by   Ethan M. Rudd, et al.
0

Malicious email attachments are a growing delivery vector for malware. While machine learning has been successfully applied to portable executable (PE) malware detection, we ask, can we extend similar approaches to detect malware across heterogeneous file types commonly found in email attachments? In this paper, we explore the feasibility of applying machine learning as a static countermeasure to detect several types of malicious email attachments including Microsoft Office documents and Zip archives. To this end, we collected a dataset of over 5 million malicious/benign Microsoft Office documents from VirusTotal for evaluation as well as a dataset of benign Microsoft Office documents from the Common Crawl corpus, which we use to provide more realistic estimates of thresholds for false positive rates on in-the-wild data. We also collected a dataset of approximately 500k malicious/benign Zip archives, which we scraped using the VirusTotal service, on which we performed a separate evaluation. We analyze predictive performance of several classifiers on each of the VirusTotal datasets using a 70/30 train/test split on first seen time, evaluating feature and classifier types that have been applied successfully in commercial antimalware products and R&D contexts. Using deep neural networks and gradient boosted decision trees, we are able to obtain ROC curves with > 0.99 AUC on both Microsoft Office document and Zip archive datasets. Discussion of deployment viability in various antimalware contexts is provided.

READ FULL TEXT
research
12/05/2021

Using Static and Dynamic Malware features to perform Malware Ascription

Malware ascription is a relatively unexplored area, and it is rather dif...
research
03/25/2019

Capturing the symptoms of malicious code in electronic documents by file's entropy signal combined with Machine learning

Abstract-Email cyber-attacks based on malicious documents have become th...
research
01/17/2019

Easy to Fool? Testing the Anti-evasion Capabilities of PDF Malware Scanners

Malware scanners try to protect users from opening malicious documents b...
research
08/21/2018

MLPdf: An Effective Machine Learning Based Approach for PDF Malware Detection

Due to the popularity of portable document format (PDF) and increasing n...
research
10/14/2019

Using Lexical Features for Malicious URL Detection – A Machine Learning Approach

Malicious websites are responsible for a majority of the cyber-attacks a...
research
04/01/2019

ScriptNet: Neural Static Analysis for Malicious JavaScript Detection

Malicious scripts are an important computer infection threat vector in t...
research
05/19/2021

Analyzing Machine Learning Approaches for Online Malware Detection in Cloud

The variety of services and functionality offered by various cloud servi...

Please sign up or login with your details

Forgot password? Click here to reset