Computer Science ›› 2015, Vol. 42 ›› Issue (2): 90-94.doi: 10.11896/j.issn.1002-137X.2015.02.019

Previous Articles     Next Articles

Detection of Malicious PDF Based on Structural Path

CHEN Liang, CHEN Xing-yuan, SUN Yi and DU Xue-hui   

  • Online:2018-11-14 Published:2018-11-14

Abstract: Malicious PDF document is still a network security threat,and even causes a number of significant security incidents.The existing methods mainly analyse malicious code extraction and simulation execution.The detection efficiency is not high.On the basis of analyzing the structural properties of PDF documents structure,a structure path was defined and a detection method based on the structure of the potential difference between the characteristics of malicious and benign documents was proposed.A large number of experimental data results show that the method has a good performance on the detection accuracy rate and detection speed.

Key words: Malware detection,PDF documents,Structural path,Decision tree

[1] 武雪峰.恶意PDF文档的分析[D].济南:山东大学,2012
[2] Akritidis P,Markatos E,Polychronakis M,et al.STRIDE:Polymorphic sled detection through instruction sequence analysis[C]∥20th International Conference on Information Security.2005:375-392
[3] Polychronakis M,Anagnostakis K,Markatos E.Comprehensive shellcode detection using runtime heuristics[C]∥Annual Computer Security Applications Conference (AC-SAC).2010:287-296
[4] Snow K Z,Krishnan S,Monrose F,et al.ShellOS:Enabling fast detection and forensic analysis of code injection attacks[C]∥USENIX Security Symposium.2011
[5] Cova M,Kruegel C,Vigna G.Detection and analysisof drive-by-download attacks and malicious JavaScript code[C]∥International Conference on World Wide Web (WWW).2010:281-290
[6] Rieck K,Krüger T,Dewald A.Cujo:Efficient detection and prevention of drive-by-download attacks[C]∥An-nual Computer Security Applications Conference (ACSAC).2010:31-39
[7] Li W-J,Stolfo S,Stavrou A,et al.A study of malcode-bearing documents[C]∥Detection of Intrusions and Malware & Vulnerability As-sessment (DIMVA).2007:231-250
[8] Shafiq Z,Khayam S,Farooq M.Embedded malware detectionusing markov n-grams[C]∥Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA).2008:88-107
[9] Laskov P,Srndi′c N.Static detection of malicious JavaScript-bearing PDF documents[C]∥Annual Computer Security Applications Conference (ACSAC).2011:373-382
[10] PDF Reference.http://www.adobe.com/devnet/pdf/pdfreference.html,2008
[11] Maiorca D,Giacinto G,Corona I.A pattern recognition system for malicious pdf files detection[J].Lecture Notes in Computer Science,2012,7376:510-524
[12] Tzermias Z,Sykiotakis G,Polychronakis M,et al.Combiningstatic and dynamic analysis for the detection of malicious documents[C]∥European Workshop on System Security (EuroSec).2011
[13] Curtsinger C,Livshits B,Zorn B,et al.ZOZZLE:Fast and precise in-browser JavaScript malware detection[C]∥USENIX Security Symposium.2011:33-48
[14] Kaplan S,Livshits B,Zorn B,et al.“nofus:Automatically detecting”+string.fromcharcode(32)+ “obfuscated ”.tolowercase()+“javascript code”[R].Technical Report,Microsoft Research,2011
[15] Smutz C,Stavrou A.Malicious PDF detection using metadata and structural features[C]∥Annual Computer Security Applications Conference (ACSAC).2012
[16] Detection of Malicious PDF Files Based on Hierarchical Document Structure[C]∥Proceedings of the Network and Distributed System Security Symposicum(NDSS).2013
[17] Lee W,Stolfo S,Mok K.A data mining framework for building intrusion detection models[C]∥IEEE Symposium on Security and Privacy.1999:120-132
[18] Mahoney M,Chan P.Learning rules for anomaly detection ofhostile network traffic[C]∥International Conference on Data Mining (ICDM).2003
[19] Gu G,Porras P,Yegneswaran V,et al.BotHunter:Detectingmalware infection through IDS-driven dialog correlation[C]∥USENIX Security Symposium.2007:167-182
[20] Canali D,Cova M,Vigna G,et al.Prophiler:a fast filter for the large-scale detection of malicious Web pages[C]∥International Conference on World Wide Web (WWW).2011:197-206
[21] Breiman L,Friedman J,Olshen J,et al.Classification and Re-gression Trees[M].Wadsworth,1984
[22] Cohen W.Fast effective rule induction[C]∥International Conference on Machine Learning (ICML).1995:115-123
[23] Quinlan J.C4.5:Programs for Machine Learning[M].Morgan Kaufmann,1992
[24] Duda R O,Hart P E,Stok D G.模式分类[M].李宏东,姚天翔,等译.北京:机械工业出版社,2003
[25] https://www.virustotal.com/

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!