Machine Learning Features Present in Malicious PowerPoint Documents

Document Type

Conference Proceeding

Publication Title

2024 IEEE Long Island Systems Applications and Technology Conference Lisat 2024

Publication Date

1-1-2024

Abstract

There is a never-ending cycle of cybersecurity professionals adapting to the methods that attackers use to spread malware. As cyber professionals learn to defend against common mechanisms of malware spreading, such as emails with malicious executable files, portable document files (PDFs) with macros that contain malevolent code, and phishing links, security experts have turned to Machine Learning (ML) to attempt to control the security of organizations. PowerPoint is an up-and-coming mechanism of malware delivery that can look extremely convincing for regular users who are often targeted. This study aims to propose features of PowerPoint documents that can be integrated into ML algorithms and models. The file structure of PowerPoint documents can allow for file analysis without the risk of opening a PowerPoint document. This can lead to specific parts of the file being examined and determining if it is malicious with little risk of exploitation. Twenty different malware samples were analyzed to determine which aspects of PowerPoint documents would lead an ML algorithm to determine if a file was malicious. In total, four different features of static PowerPoint files were identified. These features are outside the features that are present in all Microsoft Office document file types. Further, these features are unique to Microsoft PowerPoint files.

DOI

10.1109/LISAT63094.2024.10807915

ISBN

[9798331506667]

Link to Full Text

Share

 
COinS