File(s) under permanent embargo
A unified malicious documents detection model based on two layers of abstraction
conference contribution
posted on 2019-01-01, 00:00 authored by M Yu, J Jiang, Gang LiGang Li, J Li, C Lou, C Liu, W Huang, Y Wang© 2019 IEEE. Due to the ever increasing attacks using malicious documents, the detection of such documents has become a serious and urgent research issue. In the past decade, detection of malicious documents has attracted significant research attentions, and many methods have been proposed, including conventional static detection methods, and dynamic detection methods. However, both of the two categories of methods have limitations under either obfuscated or run-time conditions, and can not achieve a satisfactory detection performance for malicious behaviors. In this work, we firstly present a new descriptive structure of our targeted documents, using a two layers abstraction including the structure and the scripting language. We then propose a unified model for malicious documents detection based on two layers of abstraction. A series of experiments under a real world data set with 20,000 samples show that, our proposed model has a better detection performance for all of the four indicators, the accuracy, precision, recall, and AUC of malicious documents simultaneously, when compared to the Hidost model.
History
Pagination
2317-2323Location
Zhangjiajie, ChinaStart date
2019-08-10End date
2019-08-12ISBN-13
9781728120584Language
engPublication classification
E1 Full written paper - refereedTitle of proceedings
HPCC/SmartCity/DSS 2019 : IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and SystemsEvent
HPCC/SmartCity/DSS. Conferences (21st : 17th : 5th : 2019 : Zhangjiajie, China)Publisher
IEEEPlace of publication
Piscataway, N.J.Usage metrics
Categories
No categories selectedLicence
Exports
RefWorksRefWorks
BibTeXBibTeX
Ref. managerRef. manager
EndnoteEndnote
DataCiteDataCite
NLMNLM
DCDC