Prevalence of PII within public malware sandbox samples and implications for privacy and threat intelligence sharing: student paper abstract

Prevalence of PII within public malware sandbox samples and implications for privacy and threat intelligence sharing: student paper abstract

연구 분야: Safety

학회: Journal of Computing Sciences in Colleges, Volume 37, Issue 3

The necessity of malware analysis and the democratization of previously complex tools to perform that analysis creates the potential for risk to individuals and organizations. The usage of Online Malware Scanners (OMS) to scan and identify documents that may be potentially malware create an opportunity for the inadvertent sharing of confidential information. This paper explores this subject through the examination of non-malicious PDF files uploaded to the OMS website Hybrid-Analysis. Data is gathered in the form of PDF files where regular expressions extract both human readable text and metadata to identify personally identifiable information (PII) and information that would otherwise be considered confidential. A quantitative analysis is performed attempting to infer applicability to the broader population of digital documents submitted to OMS. A research question is explored as to what is the prevalence of confidential information within a limited data set and what are its implications for threat intelligence sharing and confidentiality of the users who documents are being submitted. Ultimately this paper presents a statistically significant number of documents that contain at least a single indicator of confidentiality.