IDS for Detecting Malicious Non-Executable Files Using Dynamic Analysis

Ahmad Bazzi; Yoshikuni Onozato

Summary

APNOMS (Asia-Pacific Network Operations and Management Symposium)

2013

Session Number:P1

Session:

Number:P1-5

IDS for Detecting Malicious Non-Executable Files Using Dynamic Analysis

Ahmad Bazzi, Yoshikuni Onozato,

pp.-

Publication Date:2013/09/25

Online ISSN:2188-5079

DOI:10.34385/proc.17.P1-5

PDF download (120.1KB)

Summary:

Attackers are increasingly relying on non-executable files to launch their attacks. Anti-virus solutions can detect a high percentage of malicious files but usually cannot reach and maintain a 100% detection rate. We propose a file-level IDS that relies on automated dynamic analysis system (sandbox) to detect malicious PDF files. We achieved a 99.2% detection accuracy, where the rates of both the false positives and the false negatives are less than 1%. Because it does not rely on anti-virus signatures, this solution can detect malicious documents not included in the anti-virus signature database.