Content Disarm and Reconstruction of RTF Files a Zero File Trust Methodology

Content Disarm and Reconstruction (CDR) is a zero-trust file methodology that proactively extracts threat attack vectors from documents and media files. While there is extensive literature on CDR that emphasizes its importance, a detailed discussion of how the CDR process works, its effectiveness and drawbacks is lacking. Therefore, this paper presents DeepCDR, the first CDR system in which the validation, the prevention rate, and the received visual quality effect of disarming and reconstruction are presented and measured. The effectiveness of the novel DeepCDR against a well-known dataset shows that it disarmed not only the malicious components, but the reconstructed file is also usable and functional. Since CDRs rely on understanding the file format, any CDR solution should handle each supported file type separately due to the vast difference in each format. Hence, this paper focuses on the Rich Text Format file type that is commonly exploited by attackers.