Sisay Tumsa

Work place: Arba Minch University, Arba Minch Institute of Technology Faculty of Computing and Software Engineering, Arba Minch, Ethiopia

E-mail: sisay.tumsa@amu.edu.et

Website:

Research Interests: Computational Science and Engineering, Software, Software Construction, Software Creation and Management, Software Engineering, Data Structures and Algorithms

Biography

Sisay Tumsa Lecturer, Faculty of Computing and Software Engineering, AMIT, AMU, Ethiopia . He has Studied BSC in Information Science (Jimma University) and MSc in Computer Science (Arba Minch University). Presently working as a Lecturer in the Faculty of Computing and Software Engineering, Arba Minch University, Ethiopia.

Author Articles
Application of Artificial Neural Networks for Detecting Malicious Embedded Codes in Word Processing Documents

By Sisay Tumsa

DOI: https://doi.org/10.5815/ijwmt.2020.05.04, Pub. Date: 8 Oct. 2020

Artificial Neural Networks have been widely used in security and privacy domains for alleviating the issues of malicious attacks. Several embedded codes like Visual Basic for Application Macros are reasonably powerful scripts that can help to automate iterative processes in word processing documents. It has been observed that, unethical hackers exploit these embedded scripts for their malicious intents. Since most of the Microsoft Word users are unaware of such malicious attacks because they are layman end users and mistakenly considers less suspicious contents. And therefore, these hackers prefer to use Microsoft Office documents as most vulnerable items for or Attack vectors. As a general approach, non-executable files are assumed to be less vulnerable than executable files. This implies that these document files could provide an easy and convenient exploitable pathway that can allow hackers to execute their intended malicious actions on the victim’s machine. This research paper presents an automatic detection of malicious embedded codes in general and Microsoft Office documents as a specific case for experimental analysis. This research paper considered only malicious behavior of the embedded codes i.e. checks the status of inclusion or exclusion of the executable code. The malicious datasets are developed to create a knowledgebase where documents are pre-processed. Thereafter the data sets are disassembled using reverse engineering and then malicious features are extracted from the documents. In this research paper, nineteen different malicious keys were extracted. Later, feature reduction technique was applied. Based upon actions; these malicious keys were reduced to eight behaviors. Finally, a machine is trained using artificial neural network with eight input features; extracted from individual disassembled scripts. Afterwards, output nodes that represent malicious or benign behavior classify the existence of attack i.e. exists or does not exists. Based on the training model, a total of seven hundred ninety-two samples of documents were tested. Finally, the research has achieved an average accuracy of 92.2% in the identification of maliciousness of embedded codes in Microsoft Office documents as a case. This result shows that the proposed system has high accuracy in detecting malicious Embedded in word processing documents.

[...] Read more.
Other Articles