Content Disarm and Reconstruction of RTF Files a Zero File Trust Methodology

Research output: Contribution to journalArticlepeer-review

3 Scopus citations

Abstract

Content Disarm and Reconstruction (CDR) is a zero-trust file methodology that proactively extracts threat attack vectors from documents and media files. While there is extensive literature on CDR that emphasizes its importance, a detailed discussion of how the CDR process works, its effectiveness and drawbacks is lacking. Therefore, this paper presents DeepCDR, the first CDR system in which the validation, the prevention rate, and the received visual quality effect of disarming and reconstruction are presented and measured. The effectiveness of the novel DeepCDR against a well-known dataset shows that it disarmed not only the malicious components, but the reconstructed file is also usable and functional. Since CDRs rely on understanding the file format, any CDR solution should handle each supported file type separately due to the vast difference in each format. Hence, this paper focuses on the Rich Text Format file type that is commonly exploited by attackers.

Original languageEnglish
Pages (from-to)1461-1472
Number of pages12
JournalIEEE Transactions on Information Forensics and Security
Volume18
DOIs
StatePublished - 2023

Keywords

  • CDR
  • malware
  • office document
  • threat disarm
  • zero-trust

Fingerprint

Dive into the research topics of 'Content Disarm and Reconstruction of RTF Files a Zero File Trust Methodology'. Together they form a unique fingerprint.

Cite this