FEPDF: a robust feature extractor for malicious PDF detection
Uložené v:
| Názov: | FEPDF: a robust feature extractor for malicious PDF detection |
|---|---|
| Autori: | M Li, Y Liu, M Yu, Gang Li, Y Wang, C Liu |
| Rok vydania: | 2017 |
| Predmety: | Artificial intelligence not elsewhere classified, malware detection, malicious JavaScript, PDF documents, code obfuscation, School of Information Technology, 4604 Cybersecurity and privacy, 4612 Software engineering |
| Popis: | Due to rich characteristics and functionalities, PDF format has become the de facto standard for the electronic document exchange. As vulnerabilities in the major PDF viewers have been disclosed, a number of methods have been proposed to tame the increasing PDF threats. However, one recent evasion exploit is found to evade most of detections and renders all of the major static methods void. Moreover, many existing vulnerabilities identified before can now evade the detection through exploiting this evasion exploit. In this paper, we introduce this newly identified evasion exploit and propose a new feature extractor FEPDF to detect malicious PDFs. Based on the FEPDF and the JavaScript detection model, we test the performance of the proposed feature extractor FEPDF, and evaluation results show that FEPDF has a satisfactory performance in malicious PDF detection. |
| Druh dokumentu: | conference object |
| Jazyk: | unknown |
| Relation: | http://hdl.handle.net/10536/DRO/DU:30104365; https://figshare.com/articles/conference_contribution/FEPDF_a_robust_feature_extractor_for_malicious_PDF_detection/20825080 |
| Dostupnosť: | http://hdl.handle.net/10536/DRO/DU:30104365 https://figshare.com/articles/conference_contribution/FEPDF_a_robust_feature_extractor_for_malicious_PDF_detection/20825080 |
| Rights: | All Rights Reserved |
| Prístupové číslo: | edsbas.E6669F46 |
| Databáza: | BASE |
Nájsť tento článok vo Web of Science | Abstrakt: | Due to rich characteristics and functionalities, PDF format has become the de facto standard for the electronic document exchange. As vulnerabilities in the major PDF viewers have been disclosed, a number of methods have been proposed to tame the increasing PDF threats. However, one recent evasion exploit is found to evade most of detections and renders all of the major static methods void. Moreover, many existing vulnerabilities identified before can now evade the detection through exploiting this evasion exploit. In this paper, we introduce this newly identified evasion exploit and propose a new feature extractor FEPDF to detect malicious PDFs. Based on the FEPDF and the JavaScript detection model, we test the performance of the proposed feature extractor FEPDF, and evaluation results show that FEPDF has a satisfactory performance in malicious PDF detection. |
|---|