MSS: Use file format conversion for suppress malicious scripts in multimedia

On the Internet, more and more Web Applications allow users to share life experience and moment by uploading multimedia files. People can easily share multimedia files. For example, people can share videos and pictures on websites like Youtube or Flickr. However, attackers also upload embedded script in files to attack web applications and users. To protect web applications and users from this kind of embedded malicious script in multimedia file's attack, we propose a malicious script suppression system (MSS). It uses file format conversion (i.e., transcoding) to destructively transform the structure of the malicious scripts so they become inactive. This study aims to verify that the system is suitable for many kinds of multimedia files (e.g., BMP, AVI) and able to suppress malicious scripts in multimedia file. File format conversion does not only inactivate malicious scripts, but also causes conversion loss. Therefore, the study explores the conversion loss effect on the variety of file formats in order to find the optimal conversion method experimentally and the effectiveness of suppressing malicious scripts on the variety of file formats, and finally verifies that the system prevents multimedia file attacks. By the results found, the optimal conversion method is used two-step transcoding for image file, and one-step transcoding for video file, as well as the optimal intermediate file format for transcoding is JPEG.