research-article

Open access

Revealing MageCart-like Threats in Favicons via Artificial Intelligence

Authors:

Massimo Guarascio,

Marco Zuppelli,

Nunziato Cassavia,

Luca Caviglione,

Giuseppe MancoAuthors Info & Claims

ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

Article No.: 45, Pages 1 - 7

https://doi.org/10.1145/3538969.3544437

Published: 23 August 2022 Publication History

All formats PDF

Abstract

Modern malware increasingly takes advantage of information hiding to avoid detection, spread infections, and obfuscate code. A major offensive strategy exploits steganography to conceal scripts or URLs, which can be used to steal credentials or retrieve additional payloads. A recent example is the attack campaign against the Magento e-commerce platform, where a web skimmer has been cloaked in favicons to steal payment information of users.

In this paper, we propose an approach based on deep learning for detecting threats using least significant bit steganography to conceal malicious PHP scripts and URLs in favicons. Experimental results, conducted on a realistic dataset with both legitimate and compromised images, demonstrated the effectiveness of our solution. Specifically, our model detects ∼ 100% of the compromised favicons when examples of various malicious payloads are provided in the learning phase. Instead, it achieves an overall accuracy of ∼ 90% when in the presence of new payloads or alternative encoding schemes.

References

[1]

Moudhi M Aljamea, Costas S Iliopoulos, and M Samiruzzaman. 2016. Detection of URL in image steganography. In Proceedings of the International Conference on Internet of things and Cloud Computing. 1–6.

Digital Library

[2]

Riccardo Bortolameotti, Thijs van Ede, Marco Caselli, Maarten H Everts, Pieter Hartel, Rick Hofstede, Willem Jonker, and Andreas Peter. 2017. Decanter: Detection of anomalous outbound HTTP traffic by passive application fingerprinting. In Proceedings of the 33rd Annual computer security applications Conference. 373–386.

Digital Library

[3]

Luca Caviglione, Michał Choraś, Igino Corona, Artur Janicki, Wojciech Mazurczyk, Marek Pawlicki, and Katarzyna Wasielewska. 2020. Tight arms race: Overview of current malware threats and trends in their detection. IEEE Access 9(2020), 5371–5396.

[4]

Aviad Cohen, Nir Nissim, and Yuval Elovici. 2020. MalJPEG: Machine learning based solution for the detection of malicious JPEG images. IEEE Access 8(2020), 19997–20011.

[5]

Gianni D’Angelo, Massimo Ficco, and Francesco Palmieri. 2020. Malware detection in mobile environments based on Autoencoders and API-images. J. Parallel and Distrib. Comput. 137 (2020), 26–33.

Digital Library

[6]

M. Guarascio, G. Manco, and E. Ritacco. 2018. Deep learning. Encyclopedia of Bioinformatics and Computational Biology: ABC of Bioinformatics 1-3(2018), 634–647.

[7]

RuiDong Han, Chao Yang, JianFeng Ma, Siqi Ma, YunBo Wang, and Feng Li. 2020. IMShell-Dec: Pay More Attention to External Links in PowerShell. In IFIP International Conference on ICT Systems Security and Privacy Protection. Springer, 189–202.

[8]

Abdelhakim Hannousse and Salima Yahiouche. 2021. Handling webshell attacks: A systematic mapping and survey. Computers & Security 108 (2021), 102366.

Digital Library

[9]

Danny Hendler, Shay Kels, and Amir Rubin. 2018. Detecting malicious powershell commands using deep neural networks. In Proceedings of the 2018 on Asia conference on computer and communications security. 187–197.

Digital Library

[10]

G. E. Hinton, N. Srivastava, A. Krizhevsky, I. Sutskever, and R. Salakhutdinov. 2014. Dropout: A Simple Way to Prevent Neural Networks from Overfitting. Journal of Machine Learning Research 15 (2014), 1929–1958.

Digital Library

[11]

G. E. Hinton, N. Srivastava, A. Krizhevsky, I. Sutskever, and R. R. Salakhutdinov. 2012. Improving neural networks by preventing co-adaptation of feature detectors. arXiv preprint arXiv:1207.0580(2012).

[12]

S. Ioffe and C. Szegedy. 2015. Batch Normalization: Accelerating Deep Network Training by Reducing Internal Covariate Shift. In Proceedings of the 32Nd International Conference on International Conference on Machine Learning - Volume 37 (Lille, France) (ICML’15). 448–456.

[13]

Dong-Seob Jung, Sang-Joon Lee, and Ieck-Chae Euom. 2020. ImageDetox: Method for the Neutralization of Malicious Code Hidden in Image Files. Symmetry 12, 10 (2020), 1621.

[14]

Y. Le Cun, Y. Bengio, and G. Hinton. 2015. Deep learning. Nature 521, 7553 (2015), 436–444.

[15]

Wojciech Mazurczyk and Luca Caviglione. 2015. Information Hiding as a Challenge for Malware Detection. IEEE Security & Privacy 13, 2 (2015), 89–93.

Digital Library

[16]

Julián D Miranda and Diego J Parada. 2021. LSB steganography detection in monochromatic still images using artificial neural networks. Multimedia Tools and Applications(2021), 1–21.

[17]

A. Monika and R. Eswari. 2021. Ensemble-Based Stegomalware Detection System for Hidden Ransomware Attack. In Inventive Systems and Control, V. Suma, Joy Iong-Zong Chen, Zubair Baig, and Haoxiang Wang (Eds.). Springer Singapore, Singapore, 599–619.

[18]

V. Nair and G. E. Hinton. 2010. Rectified Linear Units Improve Restricted Boltzmann Machines. In Proceedings of the 27th International Conference on International Conference on Machine Learning(ICML’10). 807–814.

Digital Library

[19]

Eric Olson, Larry Carter, and Qingzhong Liu. 2017. A comparison study using stegexpose for steganalysis. International Journal of Knowledge Engineering. (2017).

[20]

Tomáš Pevnỳ, Martin Kopp, Jakub Křoustek, and Andrew D Ker. 2016. Malicons: Detecting payload in favicons. Electronic Imaging 2016, 8 (2016), 1–9.

[21]

Mikołaj Płachta, Marek Krzemień, Krzysztof Szczypiorski, and Artur Janicki. 2022. Detection of Image Steganography Using Deep Learning and Ensemble Classifiers. Electronics 11, 10 (2022), 1565.

[22]

Damian Puchalski, Luca Caviglione, Rafał Kozik, Adrian Marzecki, Sławomir Krawczyk, and Michał Choraś. 2020. Stegomalware detection through structural analysis of media files. In Proceedings of the 15th International Conference on Availability, Reliability and Security. 1–6.

Digital Library

[23]

M. Sokolova and G. Lapalme. 2009. A Systematic Analysis of Performance Measures for Classification Tasks. Inf. Process. Manage. 45, 4 (July 2009), 427–437.

Digital Library

[24]

Yu Sun, Hao Zhang, Tao Zhang, and Ran Wang. 2019. Deep neural networks for efficient steganographic payload location. Journal of Real-Time Image Processing 16, 3 (2019), 635–647.

Digital Library

[25]

Vinita Verma, Sunil K Muttoo, and VB Singh. 2022. Detecting Stegomalware: Malicious Image Steganography and Its Intrusion in Windows. In Security, Privacy and Data Analytics. Springer, 103–116.

[26]

Hui Wu, Haiting Han, Xiao Wang, and Shengli Sun. 2020. Research on artificial intelligence enhancing internet of things security: A survey. IEEE Access 8(2020), 153826–153848.

[27]

Marco Zuppelli, Giuseppe Manco, Luca Caviglione, and Massimo Guarascio. 2021. Sanitization of Images Containing Stegomalware via Machine Learning Approaches. In Proceedings of the Italian Conference on Cybersecurity. 374–386.

Cited By

Badar LCarminati BFerrari E(2025)A comprehensive survey on stegomalware detection in digital media, research challenges and future directionsSignal Processing10.1016/j.sigpro.2025.109888(109888)Online publication date: Jan-2025
https://doi.org/10.1016/j.sigpro.2025.109888
Onumadu PAbroshan H(2024)Near-Field Communication (NFC) Cyber Threats and Mitigation Solutions in Payment Transactions: A ReviewSensors10.3390/s2423742324:23(7423)Online publication date: 21-Nov-2024
https://doi.org/10.3390/s24237423
Rus AEl-Hajj MSarmah D(2024)NAISSComputers and Security10.1016/j.cose.2024.103797140:COnline publication date: 9-Jul-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103797
Show More Cited By

Index Terms

Revealing MageCart-like Threats in Favicons via Artificial Intelligence
1. Computing methodologies
  1. Machine learning
    1. Machine learning approaches
2. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation

Recommendations

Countering cyber threats for industrial applications

The widespread adoption of Internet of Things (IoT) in industrial systems has made malware propagation more voluminous and sophisticated. Detection and prevention against these malware threats rely on automated dynamic analysis techniques. Malware ...
Revealing Packed Malware

In concert with the ever-growing network applications, a significant increase in the spread of malware over the Internet has been observed. In cases where malware are the zero-day threats, generating their signatures for detection via anti-virus (AV) ...
An adaptive steganographic method based on the measurement of just noticeable distortion profile

This paper presents an adaptive steganographic method based on just noticeable distortion (JND) profile measurement. According to the input requirements, our method can produce a higher quality or higher embedding capacity stego-image. In the embedding ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '22: Proceedings of the 17th International Conference on Availability, Reliability and Security

August 2022

1371 pages

ISBN:9781450396707

DOI:10.1145/3538969

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

H2020

Conference

ARES 2022

ARES 2022: The 17th International Conference on Availability, Reliability and Security

August 23 - 26, 2022

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
297
Total Downloads

Downloads (Last 12 months)172
Downloads (Last 6 weeks)32

Reflects downloads up to 13 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Badar LCarminati BFerrari E(2025)A comprehensive survey on stegomalware detection in digital media, research challenges and future directionsSignal Processing10.1016/j.sigpro.2025.109888(109888)Online publication date: Jan-2025
https://doi.org/10.1016/j.sigpro.2025.109888
Onumadu PAbroshan H(2024)Near-Field Communication (NFC) Cyber Threats and Mitigation Solutions in Payment Transactions: A ReviewSensors10.3390/s2423742324:23(7423)Online publication date: 21-Nov-2024
https://doi.org/10.3390/s24237423
Rus AEl-Hajj MSarmah D(2024)NAISSComputers and Security10.1016/j.cose.2024.103797140:COnline publication date: 9-Jul-2024
https://dl.acm.org/doi/10.1016/j.cose.2024.103797
Mundt MBaier H(2024)Enhancing Incident Management by an Improved Understanding of Data Exfiltration: Definition, Evaluation, ReviewDigital Forensics and Cyber Crime10.1007/978-3-031-56580-9_3(33-57)Online publication date: 3-Apr-2024
https://doi.org/10.1007/978-3-031-56580-9_3
Cassavia NCaviglione LGuarascio MLiguori AManco GZuppelli M(2023)A federated approach for detecting data hidden in icons of mobile applications delivered via web and multiple storesSocial Network Analysis and Mining10.1007/s13278-023-01121-913:1Online publication date: 14-Sep-2023
https://doi.org/10.1007/s13278-023-01121-9
Cassavia NCaviglione LGuarascio MLiguori ASurace GZuppelli M(2023)Federated Learning for the Efficient Detection of Steganographic Threats Hidden in Image IconsPervasive Knowledge and Collective Intelligence on Web and Social Media10.1007/978-3-031-31469-8_6(83-95)Online publication date: 28-Apr-2023
https://doi.org/10.1007/978-3-031-31469-8_6

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents