Polyglot (computing)

In computing, a polyglot is a computer program or script (or other file) written in a valid form of multiple programming languages or file formats.^[1] The name was coined by analogy to multilingualism. A polyglot file is composed by combining syntax from two or more different formats.^[2]

When the file formats are to be compiled or interpreted as source code, the file can be said to be a polyglot program, though file formats and source code syntax are both fundamentally streams of bytes, and exploiting this commonality is key to the development of polyglots.^[3] Polyglot files have practical applications in compatibility,^[4] but can also present a security risk when used to bypass validation or to exploit a vulnerability.

^ Jonas Magazinius; Billy K. Rios; Andrei Sabelfeld (4 November 2013). "Polyglots". Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13. pp. 753–764. doi:10.1145/2508859.2516685. ISBN 9781450324779. S2CID 16516484. Archived from the original on 5 September 2022. Retrieved 5 September 2022.
^ Bridges, Robert A.; Oesch, Sean; Verma, Miki E.; Iannacone, Michael D.; Huffer, Kelly M. T.; Jewell, Brian; Nichols, Jeff A.; Weber, Brian; Beaver, Justin M.; Smith, Jared M.; Scofield, Daniel; Miles, Craig; Plummer, Thomas; Daniell, Mark; Tall, Anne M. (2023). "Beyond the Hype: An Evaluation of Commercially Available Machine-Learning-Based Malware Detectors". Digital Threats: Research and Practice. 4 (2): 1–22. arXiv:2012.09214. doi:10.1145/3567432. S2CID 247218744.
^ Koch, Luke; Oesch, Sean; Adkisson, Mary; Erwin, Sam; Weber, Brian; Chaulagain, Amul (2022). "Toward the Detection of Polyglot Files". arXiv:2203.07561 [cs.CR].
^ "Benefits of polyglot XHTML5". Archived from the original on 12 October 2011. Retrieved 4 September 2022.

[ACMNOV13-1] Jonas Magazinius; Billy K. Rios; Andrei Sabelfeld (4 November 2013). "Polyglots". Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13. pp. 753–764. doi:10.1145/2508859.2516685. ISBN 9781450324779. S2CID 16516484. Archived from the original on 5 September 2022. Retrieved 5 September 2022.

[BeyondTheHype-2] Bridges, Robert A.; Oesch, Sean; Verma, Miki E.; Iannacone, Michael D.; Huffer, Kelly M. T.; Jewell, Brian; Nichols, Jeff A.; Weber, Brian; Beaver, Justin M.; Smith, Jared M.; Scofield, Daniel; Miles, Craig; Plummer, Thomas; Daniell, Mark; Tall, Anne M. (2023). "Beyond the Hype: An Evaluation of Commercially Available Machine-Learning-Based Malware Detectors". Digital Threats: Research and Practice. 4 (2): 1–22. arXiv:2012.09214. doi:10.1145/3567432. S2CID 247218744.

[TDPF-3] Koch, Luke; Oesch, Sean; Adkisson, Mary; Erwin, Sam; Weber, Brian; Chaulagain, Amul (2022). "Toward the Detection of Polyglot Files". arXiv:2203.07561 [cs.CR].

[4] "Benefits of polyglot XHTML5". Archived from the original on 12 October 2011. Retrieved 4 September 2022.

[1]

[2]

[3]

[4]