FEPDF: a robust feature extractor for malicious PDF detection

Due to rich characteristics and functionalities, PDF format has become the de facto standard for the electronic document exchange. As vulnerabilities in the major PDF viewers have been disclosed, a number of methods have been proposed to tame the increasing PDF threats. However, one recent evasion exploit is found to evade most of detections and renders all of the major static methods void. Moreover, many existing vulnerabilities identified before can now evade the detection through exploiting this evasion exploit. In this paper, we introduce this newly identified evasion exploit and propose a new feature extractor FEPDF to detect malicious PDFs. Based on the FEPDF and the JavaScript detection model, we test the performance of the proposed feature extractor FEPDF, and evaluation results show that FEPDF has a satisfactory performance in malicious PDF detection.