File(s) under permanent embargo
A unified malicious documents detection model based on two layers of abstraction
conference contribution
posted on 2019-01-01, 00:00 authored by M Yu, J Jiang, Gang LiGang Li, J Li, C Lou, C Liu, W Huang, Y Wang© 2019 IEEE. Due to the ever increasing attacks using malicious documents, the detection of such documents has become a serious and urgent research issue. In the past decade, detection of malicious documents has attracted significant research attentions, and many methods have been proposed, including conventional static detection methods, and dynamic detection methods. However, both of the two categories of methods have limitations under either obfuscated or run-time conditions, and can not achieve a satisfactory detection performance for malicious behaviors. In this work, we firstly present a new descriptive structure of our targeted documents, using a two layers abstraction including the structure and the scripting language. We then propose a unified model for malicious documents detection based on two layers of abstraction. A series of experiments under a real world data set with 20,000 samples show that, our proposed model has a better detection performance for all of the four indicators, the accuracy, precision, recall, and AUC of malicious documents simultaneously, when compared to the Hidost model.
History
Event
HPCC/SmartCity/DSS. Conferences (21st : 17th : 5th : 2019 : Zhangjiajie, China)Pagination
2317 - 2323Publisher
IEEELocation
Zhangjiajie, ChinaPlace of publication
Piscataway, N.J.Start date
2019-08-10End date
2019-08-12ISBN-13
9781728120584Language
engPublication classification
E1 Full written paper - refereedTitle of proceedings
HPCC/SmartCity/DSS 2019 : IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and SystemsUsage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC