File(s) under permanent embargo
恶意文档检测研究综述
journal contribution
posted on 2021-05-01, 00:00 authored by M Yu, J Jiang, Gang LiGang Li, C Liu, W Huang, N SongIn recent years, Advanced Persistent Threat (APT), which has the primary purpose of stealing sensitive data and undermining critical national infrastructure, has already brought serious threats to national security. Compared with executive files, malicious documents have several unique characteristics, such as wide range of coverage, large scope of influence, insufficient user awareness, flexible and diverse attack methods, and it is a challenge to detect. This has made it an important carrier for implementing APT attacks. Therefore, it is necessary to pay attention to the existing research results and development trends of malicious documents. This paper first analyzes the document type and its structure, and proposes the security risks, attack techniques and propagation paths of the document. The current malicious document detection methods are categorized into four groups: static detection methods, dynamic detection methods, hybrid detection methods and others. The research status and research progress of each field are analyzed and summarized. Finally, the performance evaluation methods, data sets, representative detection tools and platforms of current malicious document detection research are reviewed and proposed, and the future research directions are envisaged.
History
Journal
Xinxi Anquan Xuebao/Journal of Cyber SecurityVolume
6Issue
3Pagination
54 - 76Publisher
Zhongguo Kexueyuan Xinxi Gongcheng Yanjiusuo/Institute of Information Engineering, Chinese Academy of SciencesLocation
Beijing, ChinaISSN
2096-1146Language
chinesePublication classification
C1 Refereed article in a scholarly journalUsage metrics
Categories
No categories selectedLicence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC