A Universal Malicious Documents Static Detection Framework Based on Feature Generalization

In this study, Portable Document Format (PDF), Word, Excel, Rich Test format (RTF) and image documents are taken as the research objects to study a static and fast method by which to detect malicious documents. Malicious PDF and Word document features are abstracted and extended, which can be used to detect other types of documents. A universal static detection framework for malicious documents based on feature generalization is then proposed. The generalized features include specification check errors, the structure path, code keywords, and the number of objects. The proposed method is verified on two datasets, and is compared with Kaspersky, NOD32, and McAfee antivirus software. The experimental results demonstrate that the proposed method achieves good performance in terms of the detection accuracy, runtime, and scalability. The average F1-score of all types of documents is found to be 0.99, and the average detection time of a document is 0.5926 s, which is at the same level as the compared antivirus software.

Clamped-end effect on static detection signals of DNA-microcantilever

Boundary constraint induced inhomogeneous effects are important for mechanical responses of nano/micro-devices. For microcantilever sensors, the clamped-end constraint induced inhomogeneous effect of static deformation, so called the clamped-end effect, has great influence on the detection signals. This paper is devoted to developing an alternative mechanical model to characterize the clamped-end effect on the static detection signals of the DNA-microcantilever. Different from the previous concentrated load models, the DNA adsorption is taken as an equivalent uniformly distributed tangential load on the substrate upper surface, which exactly satisfies the zero force boundary condition at the free-end. Thereout, a variable coefficient differential governing equation describing the non-uniform deformation of the DNA-microcantilever induced by the clamped-end constraint is established by using the principle of minimum potential energy. By reducing the order of the governing equation, the analytical solutions of the curvature distribution and static bending deflection are obtained. By comparing with the previous approximate surface stress models, the clamped-end effect on the static deflection signals is discussed, and the importance of the neutral axis shift effect is also illustrated for the asymmetric laminated microcantilever.

Taming Reflection

Android developers heavily use reflection in their apps for legitimate reasons. However, reflection is also significantly used for hiding malicious actions. Unfortunately, current state-of-the-art static analysis tools for Android are challenged by the presence of reflective calls, which they usually ignore. Thus, the results of their security analysis, e.g., for private data leaks, are incomplete, given the measures taken by malware writers to elude static detection. We propose a new instrumentation-based approach to address this issue in a non-invasive way. Specifically, we introduce to the community a prototype tool called DroidRA, which reduces the resolution of reflective calls to a composite constant propagation problem and then leverages the COAL solver to infer the values of reflection targets. After that, it automatically instruments the app to replace reflective calls with their corresponding Java calls in a traditional paradigm. Our approach augments an app so that it can be more effectively statically analyzable, including by such static analyzers that are not reflection-aware. We evaluate DroidRA on benchmark apps as well as on real-world apps, and we demonstrate that it can indeed infer the target values of reflective calls and subsequently allow state-of-the-art tools to provide more sound and complete analysis results.