Deakin University
Browse

File(s) under permanent embargo

A unified malicious documents detection model based on two layers of abstraction

conference contribution
posted on 2019-01-01, 00:00 authored by M Yu, J Jiang, Gang LiGang Li, J Li, C Lou, C Liu, W Huang, Y Wang
© 2019 IEEE. Due to the ever increasing attacks using malicious documents, the detection of such documents has become a serious and urgent research issue. In the past decade, detection of malicious documents has attracted significant research attentions, and many methods have been proposed, including conventional static detection methods, and dynamic detection methods. However, both of the two categories of methods have limitations under either obfuscated or run-time conditions, and can not achieve a satisfactory detection performance for malicious behaviors. In this work, we firstly present a new descriptive structure of our targeted documents, using a two layers abstraction including the structure and the scripting language. We then propose a unified model for malicious documents detection based on two layers of abstraction. A series of experiments under a real world data set with 20,000 samples show that, our proposed model has a better detection performance for all of the four indicators, the accuracy, precision, recall, and AUC of malicious documents simultaneously, when compared to the Hidost model.

History

Pagination

2317-2323

Location

Zhangjiajie, China

Start date

2019-08-10

End date

2019-08-12

ISBN-13

9781728120584

Language

eng

Publication classification

E1 Full written paper - refereed

Title of proceedings

HPCC/SmartCity/DSS 2019 : IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems

Event

HPCC/SmartCity/DSS. Conferences (21st : 17th : 5th : 2019 : Zhangjiajie, China)

Publisher

IEEE

Place of publication

Piscataway, N.J.

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC