• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.18 no.3
• /
• pp.143-154
• /
• 2008

Information hiding is a very important technology recently. Having this technology can be a competitive power for secure communication. In this paper, it will be showed that hiding data in MS Office 2007 file is possible. Considering Microsoft (MS) Office 2007 file format is based on Open XML format, the feature of Open XML format makes it possible to hide data in MS Office 2007 file. In Open XML format, unknown XML files and their relationships can be defined by user. These parts and relationships are used to hide data in MS Office 2007 file. Considering unknown parts and unknown relationships are not in normal MS Office 2007 file, the hidden data can be detected by confirming of unknown parts and unknown relationships.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.5
• /
• pp.149-156
• /
• 2022

Recently, there have been many reports of document-type malicious code injecting malicious code into Microsoft Office files. Document-type malicious code is often hidden by encoding the malicious code in the document. Therefore, document-type malware can easily bypass anti-virus programs. We found that malicious code was inserted into the Visual Basic for Applications (VBA) macro, a function supported by Microsoft Office. Malicious codes such as shellcodes that run external programs and URL-related codes that download files from external URLs were identified. We selected 354 keywords repeatedly appearing in malicious Microsoft Office files and defined the number of times each keyword appears in the body of the document as a feature. We performed machine learning with SVM, naïve Bayes, logistic regression, and random forest algorithms. As a result, each algorithm showed accuracies of 0.994, 0.659, 0.995, and 0.998, respectively.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1485-1494
• /
• 2015

Traditionally, data hiding has been done mainly in such a way that insert the data into the large-capacity multimedia files. However, the document files of the previous versions of Microsoft Office 2003 have been used as cover files as their structure are so similar to a File System that it is easy to hide data in them. If you open a compound-document file which has a secret message hidden in it with MS Office application, it is hard for users who don't know whether a secret message is hidden in the compound-document file to detect the secret message. This paper presents an analysis of Compound-File Binary Format features exploited in order to hide data and algorithms to detect the data hidden with these exploits. Studying methods used to hide data in unused area, unallocated area, reserved area and inserted streams led us to develop an algorithm to aid in the detection and examination of hidden data.

• Journal of Communications and Networks
• /
• v.17 no.5
• /
• pp.525-533
• /
• 2015

MS Office suit software is the most widely used electronic documents by a large number of users in the world, which has absolute predominance in office software market. MS Office 2007-2013 documents, which use new office open extensible markup language (OOXML) format, could be illegally used as cover mediums to transmit secret information by offenders, because they do not easily arouse others suspicion. This paper proposes nine forensic methods and an integrated forensic tool for OOXML format documents on the basis of researching the potential information hiding methods. The proposed forensic methods and tool cover three categories; document structure, document content, and document format. The aim is to prevent covert communication and provide security detection technology for electronic documents downloaded by users. The proposed methods can prevent the damage of secret information embedded by offenders. Extensive experiments based on real data set demonstrate the effectiveness of the proposed methods.

• 대한방사선치료학회:학술대회논문집
• /
• 2000.04a
• /
• pp.9-9
• /
• 2000

• KIPS Transactions on Computer and Communication Systems
• /
• v.6 no.2
• /
• pp.87-94
• /
• 2017

Microsoft Office is an office suite of applications developed by Microsoft. Recently users with malicious intent customize Office files as a container of the Malware because MS Office is most commonly used word processing program. To attack target system, many of malicious office files using a variety of skills and techniques like macro function, hiding shell code inside unused area, etc. And, people usually use two techniques to detect these kinds of malware. These are Signature-based detection and Sandbox. However, there is some limits to what it can afford because of the increasing complexity of malwares. Therefore, this paper propose methods to detect malicious MS office files in Computer forensics' way. We checked Macros and potential problem area with structural analysis of the MS Office file for this purpose.

• ETRI Journal
• /
• v.30 no.4
• /
• pp.621-623
• /
• 2008

We propose a novel input pointing device called the multimodal mouse (MM) which uses two modalities: face recognition and speech recognition. From an analysis of Microsoft Office workloads, we find that 80% of Microsoft Office Specialist test tasks are compound tasks using both the keyboard and the mouse together. When we use the optical mouse (OM), operation is quick, but it requires a hand exchange delay between the keyboard and the mouse. This takes up a significant amount of the total execution time. The MM operates more slowly than the OM, but it does not consume any hand exchange time. As a result, the MM shows better performance than the OM in many cases.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.24 no.2
• /
• pp.319-325
• /
• 2014

Since smart phones or tablet PCs have been widely used recently, the users can create and edit documents anywhere in real time. If the input and edit flows of documents can be traced, it can be used as evidence in digital forensic investigation. The typical document application is the MS(Microsoft) Office. As the MS Office applications consist of two file formats that Compound Document File Format which had been used from version 97 to 2003 and OOXML(Office Open XML) File Format which has been used from version 2007 to now. The studies on MS Office files were for making a decision whether the file has been tampered or not through detection of concealed items or analysis of documents properties so far. This paper analyzed the input order of text cells on MS Excel files and shows how to figure out what cell is the last edited in digital forensic perspective.

• Proceedings of the Korean Nuclear Society Conference
• /
• 1996.11b
• /
• pp.743-748
• /
• 1996

원자력통제기술센터(TCNC; Technology Center for Nuclear Control)는 과학기술처의 원자력 전용 품목/기술 수출입 통제에 대한 기술 지원을 수행하고 있다. 핵비확산 노력과 원자력 통제 능력을 향상시키기 위해서는 관련 정보를 효율적으로 관리할 필요가 있다. 본 논문에서는 원자력 수출입 통제 정보 관리 체제 구축 방안과 향후 발전 방향에 대하여 분석하였다. 현재 보유하고 있는 정보량과 증가 예상량, 그리고 사용자 수 등을 고려하여 전산 체제의 기본 틀을 윈텔(Wintel)로 정하였다. 빠른 시간 내에 발전 가능성이 있는 소프트웨어를 개발하기 위하여 Microsoft사의 Office Professional을 사용하고 있으며 Office Professional에 포함된 Access를 Client/Server Database 개발 도구로 사용하고 있다.

• Journal of Digital Contents Society
• /
• v.5 no.2
• /
• pp.106-113
• /
• 2004

Once the objective of project is set up to alter the present situation to acertain future situation necessary measures need to be taken to accomplish it. In the past, making a plan and transformation was done in the form of handwork, but this article addresses analyzing and handing the project data by using a tool of Microsoft Office System and then by making a reasonable plan. This system also helps transform project data into Excel data and analyze it using Excel, and transform project data into xml data and construct xml database so that it makes it possible to handle and use data efficiently, and to set up automatic project system in the future which leads to efficient project management.