Login (DCU Staff Only)
Login (DCU Staff Only)

DORAS | DCU Research Repository

Explore open access research and scholarly works from DCU

Advanced Search

Detection of malicious VBA macros using machine learning methods

Aboud, Edmond and O'Brien, Darragh (2018) Detection of malicious VBA macros using machine learning methods. In: Proceedings for the 26th AIAI Irish Conference on Artificial Intelligence and Cognitive Science (AICS 2018), 6-7 Dec 2018, Dublin, Ireland.

Abstract
Since their appearance in 1994 in the Concept virus, VBA macros remain a preferred choice for malware authors. There are two main attack techniques when it comes to document-based malware: exploits and VBA macros, with the latter applied in the vast majority of threats. Although Microsoft have added multiple security features in an attempt to protect users against malicious macros, such protections are often easily circumvented by simple social engineering techniques. Anti-virus companies can no longer rely on static signatures due to the rate at which new macro malware is distributed, and thus are tasked with employing a more proactive approach to threat detection. This paper details the literature on machine learning methods for the detection of VBA macro malware. Further, a machine learning system for the detection of VBA macro malware is proposed and evaluated. A Random Forest classifier achieves a true positive detection rate of 98.9875% with a false positive detection rate of 1.07% over a set of 611 mixed (benign and malicious) malware samples.
Metadata
Item Type:Conference or Workshop Item (Paper)
Event Type:Conference
Refereed:Yes
Subjects:Computer Science > Computer security
Computer Science > Machine learning
DCU Faculties and Centres:DCU Faculties and Schools > Faculty of Engineering and Computing > School of Computing
Published in: Proceedings for the 26th AIAI Irish Conference on Artificial Intelligence and Cognitive Science (AICS 2018). .
Use License:This item is licensed under a Creative Commons Attribution-NonCommercial-Share Alike 3.0 License. View License
ID Code:22879
Deposited On:19 Dec 2018 12:39 by Darragh O'brien . Last Modified 19 Dec 2018 12:39
Documents

Full text available as:

[thumbnail of aics_34.pdf]
Preview
PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
698kB
Downloads

Downloads

Downloads per month over past year

Archive Staff Only: edit this record