Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
173 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

MalDicom: A Memory Forensic Framework for Detecting Malicious Payload in DICOM Files (2312.00483v2)

Published 1 Dec 2023 in cs.CR

Abstract: Digital Imaging and Communication System (DICOM) is widely used throughout the public health sector for portability in medical imaging. However, these DICOM files have vulnerabilities present in the preamble section. Successful exploitation of these vulnerabilities can allow attackers to embed executable codes in the 128-Byte preamble of DICOM files. Embedding the malicious executable will not interfere with the readability or functionality of DICOM imagery. However, it will affect the underline system silently upon viewing these files. This paper shows the infiltration of Windows malware executables into DICOM files. On viewing the files, the malicious DICOM will get executed and eventually infect the entire hospital network through the radiologist's workstation. The code injection process of executing malware in DICOM files affects the hospital networks and workstations' memory. Memory forensics for the infected radiologist's workstation is crucial as it can detect which malware disrupts the hospital environment, and future detection methods can be deployed. In this paper, we consider the ML algorithms to conduct memory forensics on three memory dump categories: Trojan, Spyware, and Ransomware, taken from the CIC-MalMem-2022 dataset. We obtain the highest accuracy of 75% with the Random Forest model. For estimating the feature importance for ML model prediction, we leveraged the concept of Shapley values.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (32)
  1. T. Mahler, N. Nissim, E. Shalom, I. Goldenberg, G. Hassman, A. Makori, I. Kochav, Y. Elovici, and Y. Shahar, “Know your enemy: Characteristics of cyber-attacks on medical imaging devices,” arXiv preprint arXiv:1801.05583, 2018.
  2. M. Eichelberg, K. Kleber, and M. Kämmerer, “Cybersecurity challenges for pacs and medical imaging,” Academic Radiology, vol. 27, no. 8, pp. 1126–1139, 2020. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1076633220301719
  3. N. T. Zaw. (2022) Dicom: The ’invisible’ vulnerability of healthcare networks. [Online]. Available: https://www.sasa-software.com/dicom-the-invisible-vulnerability-of-healthcare-networks/
  4. R. Abbasi, M. Sadeqi Jabali, R. Khajouei, and H. Tadayon, “Investigating the satisfaction level of physicians in regards to implementing medical picture archiving and communication system (pacs),” BMC medical informatics and decision making, vol. 20, pp. 1–8, 2020.
  5. Votiro. (2020) Dicom file security: How malware hides behind hipaa-protected images. [Online]. Available: https://votiro.com/blog/dicom-file-security-how-malware-can-hide-behind-hipaa-protected-images/
  6. M. Eichelberg, K. Kleber, and M. Kämmerer, “Cybersecurity in PACS and medical imaging: an overview,” Journal of Digital Imaging, vol. 33, no. 6, pp. 1527–1542, oct 2020. [Online]. Available: https://doi.org/10.1007/s10278-020-00393-3
  7. ——, “Cybersecurity protection for pacs and medical imaging: Deployment considerations and practical problems,” Academic Radiology, vol. 28, no. 12, pp. 1761–1774, 2021. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S1076633220305213
  8. Y. Mirsky, T. Mahler, I. Shelef, and Y. Elovici, “Ct-gan: Malicious tampering of 3d medical imagery using deep learning.” in USENIX Security Symposium, vol. 2019, 2019.
  9. A. Velinov and A. Mileva, “Poster: Launching a zip bomb on the dicom-enabled devices,” in Proceedings of the 2022 European Interdisciplinary Cybersecurity Conference, ser. EICC ’22.   New York, NY, USA: Association for Computing Machinery, 2022, p. 102–103. [Online]. Available: https://doi.org/10.1145/3528580.3532995
  10. P. Roy, R. Kumar, and P. Rani, “Sql injection attack detection by machine learning classifier,” in 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC).   IEEE, 2022, pp. 394–400.
  11. A. Hannousse, S. Yahiouche, and M. C. Nait-Hamoud, “Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey,” arXiv preprint arXiv:2205.08425, 2022.
  12. P. Bajpai and R. Enbody, “Memory forensics against ransomware,” in 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), 2020, pp. 1–8.
  13. A. Ali-Gombe, S. Sudhakaran, A. Case, and G. G. R. III, “DroidScraper: A tool for android In-Memory object recovery and reconstruction,” in 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019).   Chaoyang District, Beijing: USENIX Association, Sep. 2019, pp. 547–559. [Online]. Available: https://www.usenix.org/conference/raid2019/presentation/ali-gombe
  14. O. Alrawi, M. Ike, M. Pruett, R. P. Kasturi, S. Barua, T. Hirani, B. Hill, and B. Saltaformaggio, “Forecasting malware capabilities from cyber attack memory images,” in 30th USENIX Security Symposium (USENIX Security 21), 2021, pp. 3523–3540.
  15. A. Mishra and P. Bagade, “Digital forensics for medical internet of things,” in 2022 IEEE Globecom Workshops (GC Wkshps), 2022, pp. 1074–1079.
  16. V. Schmitt, “Medical device forensics,” IEEE Security & Privacy, vol. 20, no. 1, pp. 96–100, 2022.
  17. C. Itodo, S. Varlioglu, and N. Elsayed, “Digital forensics and incident response (dfir) challenges in iot platforms,” in 2021 4th International Conference on Information and Computer Technologies (ICICT).   Los Alamitos, CA, USA: IEEE Computer Society, mar 2021, pp. 199–203. [Online]. Available: https://doi.ieeecomputersociety.org/10.1109/ICICT52872.2021.00040
  18. K. M. Fathima and N. Santhiyakumari, “A survey on network packet inspection and arp poisoning using wireshark and ettercap,” in 2021 International Conference on Artificial Intelligence and Smart Systems (ICAIS).   IEEE, 2021, pp. 1136–1141.
  19. H. Kim, H. Lee, and H. Lim, “Performance of packet analysis between observer and wireshark,” in 2020 22nd International Conference on Advanced Communication Technology (ICACT).   IEEE, 2020, pp. 268–271.
  20. A. Mishra and P. Bagade, “Investigating iot systems security attacks using network forensics,” in 2023 15th International Conference on COMmunication Systems & NETworkS (COMSNETS), 2023, pp. 72–77.
  21. N. Subramanian, O. Elharrouss, S. Al-Maadeed, and A. Bouridane, “Image steganography: A review of the recent advances,” IEEE access, vol. 9, pp. 23 409–23 423, 2021.
  22. A. Mileva, L. Caviglione, A. Velinov, S. Wendzel, and V. Dimitrova, “Risks and opportunities for information hiding in dicom standard,” in Proceedings of the 16th International Conference on Availability, Reliability and Security, 2021, pp. 1–8.
  23. M. Fan, X. Luo, J. Liu, M. Wang, C. Nong, Q. Zheng, and T. Liu, “Graph embedding based familial analysis of android malware using unsupervised learning,” in 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).   IEEE, 2019, pp. 771–782.
  24. T. Muralidharan, A. Cohen, N. Gerson, and N. Nissim, “File packing from the malware perspective: Techniques, analysis approaches, and directions for enhancements,” ACM Computing Surveys, vol. 55, no. 5, pp. 1–45, 2022.
  25. A. Brühschwein, J. Klever, A.-S. Hoffmann, D. Huber, E. Kaufmann, S. Reese, and A. Meyer-Lindenberg, “Free dicom-viewers for veterinary medicine: survey and comparison of functionality and user-friendliness of medical imaging pacs-dicom-viewer freeware for specific use in veterinary medicine practices,” Journal of Digital Imaging, vol. 33, pp. 54–63, 2020.
  26. D. Smith, S. Khorsandroo, and K. Roy, “Supervised and unsupervised learning techniques utilizing malware datasets,” in 2023 IEEE 2nd International Conference on AI in Cybersecurity (ICAIC).   IEEE, 2023, pp. 1–7.
  27. C. I. P. National Cancer Institute. (2023) Cancer imaging archive. [Online]. Available: https://www.cancerimagingarchive.net/
  28. V. R. Silvarajoo, S. Y. Lim, and P. Daud, “Digital evidence case management tool for collaborative digital forensics investigation,” in 2021 3rd International Cyber Resilience Conference (CRC).   IEEE, 2021, pp. 1–4.
  29. M. Sundararajan and A. Najmi, “The many shapley values for model explanation,” in International conference on machine learning.   PMLR, 2020, pp. 9269–9278.
  30. A. Mohanta, A. Saldanha, A. Mohanta, and A. Saldanha, “Memory forensics with volatility,” Malware Analysis and Detection Engineering: A Comprehensive Approach to Detect and Analyze Modern Malware, pp. 433–476, 2020.
  31. D. Dablain, B. Krawczyk, and N. V. Chawla, “Deepsmote: Fusing deep learning and smote for imbalanced data,” IEEE Transactions on Neural Networks and Learning Systems, 2022.
  32. M. Hirano and R. Kobayashi, “Machine learning based ransomware detection using storage access patterns obtained from live-forensic hypervisor,” in 2019 sixth international conference on internet of things: Systems, Management and security (IOTSMS).   IEEE, 2019, pp. 1–6.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now