| Enhancing Office Document Security Leveraging CDR and Sandbox Isolation |
| کد مقاله : 1027-CYSP2025 (R1) |
| نویسندگان |
|
مهدی سیفی پور1، محمدمهدی اسکندری *2 1دانشگاه تهران 2دانشجوی کارشناسی دانشکدگان فارابی دانشگاه تهران |
| چکیده مقاله |
| Phishing is considered one of the most destructive cyber-attacks in the world and causes serious damage to companies and organizations. One of the most common file types widely used in these attacks is Office documents. These files are widely used in organizations, which is why attackers exploit them to compromise systems through malicious macros and Office vulnerabilities and gain primary access to the organization's internal network. In this paper, we use the content disarm and reconstruction (CDR) method, and we isolate the environment using a sandbox to which users connect with the Remote Desktop Protocol (RDP). The dataset used to evaluate the proposed system is a combination of MalwareLake and MalwareBazaar, consisting of Office file samples collected from recent real-world attacks over the last six months. The proposed system achieved an accuracy of 94.11%, a precision of 86.61%, a false positive rate of 4.95%, and a malicious file detection rate of 91.43%. |
| کلیدواژه ها |
| phishing, cybersecurity, content disarm and reconstruction, sandbox, Office documents |
| وضعیت: پذیرفته شده برای ارائه شفاهی |