Contributo in atti di convegno, 2020, ENG, 10.1145/3407023.3409187
Damian Puchalski, Luca Caviglione, Rafal Kozik, Adrian Marzecki, Slawomir Krawczyk, Michal Choras
ITTI Sp. zo.o., National Research Council of Italy, University of Science and Technology UTP Bydgoszcz, Orange Polska, FernUniversität in Hagen
The growing diffusion of malware is causing non-negligible economic and social costs. Unfortunately, modern attacks evolve and adapt to defensive mechanisms, and many threats are designed for the optimal exploitation of the traits of the victims. Thus, phenomena such as mobile malware, fileless malware or stegomalware are becoming widespread and represent the next variations of malicious attacks that have to be faced. In particular, the massive amount of digital content shared on the Internet is increasingly more often being used by attackers for the injection of malicious code to bypass security tools or prevent detection. Therefore, in this paper we present an approach to reveal malware and other unwanted content appended to digital images. Specifically, we address the case of pictures compressed with the Graphics Interchange Format. Since such files are based on a well-defined standard, the anomalous data can be isolated by locating the end of the file. The advantage of this approach is its simplicity, allowing to have a scalable implementation for handling huge volumes of data.
CUING 2020 - 4th International Workshop on Criminal Use of Information Hiding congiuntamente svolto con la 15th International Conference on Availability, Reliability and Security, University College of Dublin, Dublino, Irlanda (in modalità telematica a causa di Covid-19), 25-28/08/2020
stegomalware, security, information hiding, detection
IMATI – Istituto di matematica applicata e tecnologie informatiche "Enrico Magenes"
ID: 424336
Year: 2020
Type: Contributo in atti di convegno
Creation: 2020-06-23 08:58:45.000
Last update: 2021-05-21 13:24:33.000
CNR authors
External IDs
CNR OAI-PMH: oai:it.cnr:prodotti:424336
DOI: 10.1145/3407023.3409187
Scopus: 2-s2.0-85090352463