With the advance in malware technology, attackers create new ways to hide their malicious code from antivirus services. One way to obfuscate an attack is to use common files as cover to hide the malicious scripts, so the malware will look like a legitimate file. Although cutting-edge Artificial Intelligence and content signature exist, evasive malware successfully bypasses next-generation malware detection using advanced methods like steganography. Some of the files commonly used to hide malware are image files (e.g., JPEG). In addition, some malware use steganography to hide malicious scripts or sensitive data in images. Steganography in images is difficult to detect even with specialized tools. Image-based attacks try to attack the user's device using malicious payloads or utilize image steganography to hide sensitive data inside legitimate images and leak it outside the user's device. Therefore in this paper, we present a novel Image Content Disarm and Reconstruction (ICDR). Our ICDR system removes potential malware, with a zero trust approach, while maintaining high image quality and file usability. By extracting the image data, removing it from the rest of the file, and manipulating the image pixels, it is possible to disable or remove the hidden malware inside the file.

翻译：随着恶意软件技术的进步，攻击者不断寻求新方法以逃避杀毒服务对其恶意代码的检测。一种常见的攻击混淆手段是利用普通文件作为掩护来隐藏恶意脚本，使恶意软件看似合法文件。尽管存在先进的人工智能技术和内容签名机制，但具备逃逸能力的恶意软件仍能通过隐写术等高级方法成功绕过新一代恶意软件检测系统。图像文件（如JPEG）是常被用于隐藏恶意代码的文件类型之一。此外，部分恶意软件利用隐写术将恶意脚本或敏感数据隐藏在图像中。即便借助专业工具，图像隐写术也难以被检测。基于图像的恶意攻击可能通过恶意载荷攻击用户设备，或利用图像隐写术将敏感数据藏匿于合法图像中并外泄至设备外部。为此，本文提出一种新颖的图像内容解除与重建（ICDR）技术。我们的ICDR系统采用零信任方法，在有效消除潜在恶意代码的同时，保持图像高保真度和文件可用性。通过提取图像数据、将其与文件其他部分分离并对图像像素进行处理，可禁用或移除文件内部隐藏的恶意代码。