Deakin University
Browse

File(s) under permanent embargo

FEPDF: a robust feature extractor for malicious PDF detection

conference contribution
posted on 2017-09-07, 00:00 authored by M Li, Y Liu, M Yu, Gang LiGang Li, Y Wang, C Liu
Due to rich characteristics and functionalities, PDF format has become the de facto standard for the electronic document exchange. As vulnerabilities in the major PDF viewers have been disclosed, a number of methods have been proposed to tame the increasing PDF threats. However, one recent evasion exploit is found to evade most of detections and renders all of the major static methods void. Moreover, many existing vulnerabilities identified before can now evade the detection through exploiting this evasion exploit. In this paper, we introduce this newly identified evasion exploit and propose a new feature extractor FEPDF to detect malicious PDFs. Based on the FEPDF and the JavaScript detection model, we test the performance of the proposed feature extractor FEPDF, and evaluation results show that FEPDF has a satisfactory performance in malicious PDF detection.

History

Pagination

218-224

Location

Sydney, New South Wales

Start date

2017-08-01

End date

2017-08-04

ISBN-13

9781509049059

Language

eng

Publication classification

E Conference publication, E1 Full written paper - refereed

Copyright notice

2017, IEEE

Title of proceedings

Trustcom/BigDataSE/ICESS 2017 : Proceedings of the 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems

Event

16th Trust, Security and Privacy in Computing and Communications/11th Big Data Science and Engineering/14th Embedded Software and Systems. IEEE International Joint Conference (2017 : Sydney, New South Wales)

Publisher

IEEE

Place of publication

Piscataway, N.J.