Summary
APNOMS (Asia-Pacific Network Operations and Management Symposium)
2013
Session Number:P1
Session:
Number:P1-5
IDS for Detecting Malicious Non-Executable Files Using Dynamic Analysis
Ahmad Bazzi, Yoshikuni Onozato,
pp.-
Publication Date:2013/09/25
Online ISSN:2188-5079
DOI:10.34385/proc.17.P1-5
PDF download (120.1KB)
Summary:
Attackers are increasingly relying on non-executable files to launch their attacks. Anti-virus solutions can detect a high percentage of malicious files but usually cannot reach and maintain a 100% detection rate. We propose a file-level IDS that relies on automated dynamic analysis system (sandbox) to detect malicious PDF files. We achieved a 99.2% detection accuracy, where the rates of both the false positives and the false negatives are less than 1%. Because it does not rely on anti-virus signatures, this solution can detect malicious documents not included in the anti-virus signature database.