@inproceedings{f0ca3421c53a44f695bf2122354a74d5,
title = "K-depth mimicry attack to secretly embed shellcode into PDF files",
abstract = "This paper revisits the shellcode embedding problem for PDF files. We found that a popularly used shellcode embedding technique called reverse mimicry attack has not been shown to be effective against well-trained state-of-the-art detectors. To overcome the limitation of the reverse mimicry method against existing shellcode detectors, we extend the idea of reverse mimicry attack to a more generalized one by applying the k-depth mimicry method to PDF files. We implement a proof-of-concept tool for the k-depth mimicry attack and show its feasibility by generating shellcode-embedded PDF files to evade the best known shellcode detector (PDFrate) with three classifiers. The experimental results show that all tested classifiers failed to effectively detect the shellcode embedded by the k-depth mimicry method when k ≥ 20.",
keywords = "Malware, Mimicry attack, PDF, Security, Shellcode",
author = "Jaewoo Park and Hyoungshick Kim",
note = "Publisher Copyright: {\textcopyright} Springer Nature Singapore Pte Ltd. 2017.; 8th International Conference on Information Science and Applications, ICISA 2017 ; Conference date: 20-03-2017 Through 23-03-2017",
year = "2017",
doi = "10.1007/978-981-10-4154-9\_45",
language = "English",
isbn = "9789811041532",
series = "Lecture Notes in Electrical Engineering",
publisher = "Springer Verlag",
pages = "388--395",
editor = "Kuinam Kim and Nikolai Joukov",
booktitle = "Information Science and Applications 2017 - ICISA 2017",
}