Date of Award

Fall 10-2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Cyber Operations (PhDCO)

First Advisor

Michael Ham

Second Advisor

Austin O'Brien

Third Advisor

Matthew Bradley

Abstract

Microsoft Office documents being utilized for the distribution of malware has become an increasing problem, and in recent years the utilization of malware distributed through malicious Microsoft Office documents has seen an increase. Current research has found machine learning algorithms to be effective in the detection of malicious Office documents by the use of static document properties for a method of detection. However, this provides the author of such malicious Office document macros control of the parameters utilized in machine learning techniques for detection, and by utilizing static macro properties, this does not allow for the extraction of behavioral details which are important in the classification of an Office document’s macros, whether it be benign or malicious. In this study the creation and validation of a VBA emulator and a behavioral analysis machine learning classifier is performed through the utilization of 1,000 VBA macros, allowing for a foundation to be formalized in the design of technology specific emulators, designed specifically for behavioral data extraction and analysis, thus providing insight into the behavior of an Office document’s macro(s) allowing for better detection methodologies to be created powered by machine learning algorithms, and preventing static properties from being altered to evade current detection methods.

Download

Share

COinS