Malicious documents detection for business process management based on multi-layer abstract model

Edge security issues represented by document files propagation are becoming more and more serious in Business Process Management (BPM). Due to rich characteristics and functionalities, PDF and Office format have become the factual standard for the electronic document exchange in BPM, but people typically overlook the security threats from electronic documents. The detection of malicious documents can be done by extracting the embedded code analysis in the document to determine whether it is a malicious document, or by analyzing the counterattacks of malicious samples to achieve the detection of malicious code documents. In this paper, we propose to represent the documents using multi-layered abstraction for the structure, the scripting language, and the vector representation of documents. And build a unified malicious documents detection model based on multi-layers of abstraction in BPM. Based on the model, we test the performance of the proposed model and evaluation results show that the model has a satisfactory performance in malicious documents detection in BPM.