Detection of Malicious Non-Executable Files Using Syntactic Structure

A major portion of threats against end-user systems arises from non-executable files, e.g., PDF documents or Flash animations. Such files may contain malicious executable content which is launched when a file is opened in a vulnerable viewer. Such attacks are hard to detect due to the high complexity of respective file formats. Conventional antivirus products often miss malicious content hidden in the rich syntactic structure of file formats.

A research group at the University of Tübingen developed a patent-pending technology: a highly performant static analysis tool for detection of malicious PDF documents. Instead of performing analysis of JavaScript or any other content for detection, the new developed method provides a reliable means for detection of malicious files by focusing precisely on structural artifacts arising from embedded malicious content. The research group could demonstrate its effectiveness on a dataset of about 500,000 real-world malicious and benign PDF files: the new method outperforms each of the 43 antiviruses at VirusTotal and other specialized detection methods. Additionally, the new method is almost completely immune to nearly worst-case attack scenarios.

Further Information: PDF

Eberhard Karls Universität Tübingen
Phone: +49 (7071) 29-72639

Contact
Dr. Rolf Hecker

Media Contact

info@technologieallianz.de TechnologieAllianz e.V.

All latest news from the category: Technology Offerings

Back to home

Comments (0)

Write a comment

Newest articles

Innovative 3D printed scaffolds offer new hope for bone healing

Researchers at the Institute for Bioengineering of Catalonia have developed novel 3D printed PLA-CaP scaffolds that promote blood vessel formation, ensuring better healing and regeneration of bone tissue. Bone is…

The surprising role of gut infection in Alzheimer’s disease

ASU- and Banner Alzheimer’s Institute-led study implicates link between a common virus and the disease, which travels from the gut to the brain and may be a target for antiviral…

Molecular gardening: New enzymes discovered for protein modification pruning

How deubiquitinases USP53 and USP54 cleave long polyubiquitin chains and how the former is linked to liver disease in children. Deubiquitinases (DUBs) are enzymes used by cells to trim protein…