Open Image Content Disarm And Reconstruction

TL;DR

This paper introduces a novel Image Content Disarm and Reconstruction (ICDR) system that detects and removes hidden malware in images, including steganography, to enhance security without compromising image quality.

Contribution

The paper presents a new ICDR system that effectively disarms malware in images using a zero trust approach, preserving image usability and quality.

Findings

Successfully removes hidden malware from images.

Maintains high image quality after disarmament.

Effective against steganography-based attacks.

Abstract

With the advance in malware technology, attackers create new ways to hide their malicious code from antivirus services. One way to obfuscate an attack is to use common files as cover to hide the malicious scripts, so the malware will look like a legitimate file. Although cutting-edge Artificial Intelligence and content signature exist, evasive malware successfully bypasses next-generation malware detection using advanced methods like steganography. Some of the files commonly used to hide malware are image files (e.g., JPEG). In addition, some malware use steganography to hide malicious scripts or sensitive data in images. Steganography in images is difficult to detect even with specialized tools. Image-based attacks try to attack the user's device using malicious payloads or utilize image steganography to hide sensitive data inside legitimate images and leak it outside the user's device. Therefore in this paper, we present a novel Image Content Disarm and Reconstruction (ICDR). Our ICDR system removes potential malware, with a zero trust approach, while maintaining high image quality and file usability. By extracting the image data, removing it from the rest of the file, and manipulating the image pixels, it is possible to disable or remove the hidden malware inside the file.