Static detection of malicious JavaScript-bearing PDF documents
Saved in:
| Title: | Static detection of malicious JavaScript-bearing PDF documents |
|---|---|
| Authors: | Pavel Laskov |
| Contributors: | The Pennsylvania State University CiteSeerX Archives |
| Publication Year: | 2011 |
| Collection: | CiteSeerX |
| Subject Terms: | Categories and Subject Descriptors D.4.6 [Software, Operating Systems—Security and Protection, I.2.6 [Computing Methodologies, Artificial Intelligence—Learning Keywords Malware detection, malicious JavaScript, PDF documents, machine |
| Description: | Despite the recent security improvements in Adobe’s PDF viewer, its underlying code base remains vulnerable to novel exploits. A steady flow of rapidly evolving PDF malware observed in the wild substantiates the need for novel protection instruments beyond the classical signature-based scanners. In this contribution we present a technique for detection of JavaScript-bearing malicious PDF documents based on static analysis of extracted JavaScript code. Compared to previous work, mostly based on dynamic analysis, our method incurs an order of magnitude lower run-time overhead and does not require special instrumentation. Due to its efficiency we were able to evaluate it on an extremely large real-life dataset obtained from the VirusTotal malware upload portal. Our method has proved to be effective against both known and unknown malware and suitable for large-scale batch processing. |
| Document Type: | text |
| Language: | English |
| Relation: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.369.7192 |
| Availability: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.369.7192 |
| Rights: | Metadata may be used without restrictions as long as the oai identifier remains attached to it. |
| Accession Number: | edsbas.C6CD031C |
| Database: | BASE |
Nájsť tento článok vo Web of Science | Abstract: | Despite the recent security improvements in Adobe’s PDF viewer, its underlying code base remains vulnerable to novel exploits. A steady flow of rapidly evolving PDF malware observed in the wild substantiates the need for novel protection instruments beyond the classical signature-based scanners. In this contribution we present a technique for detection of JavaScript-bearing malicious PDF documents based on static analysis of extracted JavaScript code. Compared to previous work, mostly based on dynamic analysis, our method incurs an order of magnitude lower run-time overhead and does not require special instrumentation. Due to its efficiency we were able to evaluate it on an extremely large real-life dataset obtained from the VirusTotal malware upload portal. Our method has proved to be effective against both known and unknown malware and suitable for large-scale batch processing. |
|---|