Content Disarm and Reconstruction (CDR) is a zero-trust file methodology that proactively extracts threat attack vectors from documents and media files. While there is extensive literature on CDR that emphasizes its importance, a detailed discussion of how the CDR process works, its effectiveness and drawbacks is lacking. Therefore, this paper presents DeepCDR, the first CDR system in which the validation, the prevention rate, and the received visual quality effect of disarming and reconstruction are presented and measured. The effectiveness of the novel DeepCDR against a well-known dataset shows that it disarmed not only the malicious components, but the reconstructed file is also usable and functional. Since CDRs rely on understanding the file format, any CDR solution should handle each supported file type separately due to the vast difference in each format. Hence, this paper focuses on the Rich Text Format file type that is commonly exploited by attackers.

中文翻译：

---

RTF 文件的内容解除和重建零文件信任方法

内容解除和重建 (CDR) 是一种零信任文件方法，可主动从文档和媒体文件中提取威胁攻击媒介。虽然有大量关于 CDR 的文献强调其重要性，但缺乏对 CDR 过程如何工作、其有效性和缺点的详细讨论。因此，本文提出了 DeepCDR，这是第一个 CDR 系统，其中提出并测量了解除武装和重建的验证、预防率和接收到的视觉质量效果。新颖的 DeepCDR 针对知名数据集的有效性表明，它不仅解除了恶意组件的武装，而且重建的文件也可用且功能正常。由于 CDR 依赖于对文件格式的理解，由于每种格式的巨大差异，任何 CDR 解决方案都应分别处理每种支持的文件类型。因此，本文主要关注攻击者通常利用的富文本格式文件类型。