Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document; and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.
Stolfo, Salvatore J., et al. "Methods, media, and systems for detecting attack on a digital processing device." US 9,576,127, United States Patent and Trademark Office, Feb. 2017.
Stolfo, Salvatore J., Li, Wei-Jen, Keromytis, Angelos D., & Androulaki, Elli (2017). Methods, media, and systems for detecting attack on a digital processing device (U.S. Patent No.
Stolfo, Salvatore J., Li, Wei-Jen, Keromytis, Angelos D., et al., "Methods, media, and systems for detecting attack on a digital processing device," US 9,576,127, issued February 20, 2017.
@misc{osti_1344482,
author = {Stolfo, Salvatore J. and Li, Wei-Jen and Keromytis, Angelos D. and Androulaki, Elli},
title = {Methods, media, and systems for detecting attack on a digital processing device},
annote = {Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack. In some embodiments, the methods include: selecting a data segment in at least one portion of an electronic document; determining whether the arbitrarily selected data segment can be altered without causing the electronic document to result in an error when processed by a corresponding program; in response to determining that the arbitrarily selected data segment can be altered, arbitrarily altering the data segment in the at least one portion of the electronic document to produce an altered electronic document; and determining whether the corresponding program produces an error state when the altered electronic document is processed by the corresponding program.},
url = {https://www.osti.gov/biblio/1344482},
place = {United States},
year = {2017},
month = {02},
note = {US Patent
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications, p. 193-204https://doi.org/10.1145/1015467.1015489