恶意文档检测研究综述

In recent years, Advanced Persistent Threat (APT), which has the primary purpose of stealing sensitive data and undermining critical national infrastructure, has already brought serious threats to national security. Compared with executive files, malicious documents have several unique characteristics, such as wide range of coverage, large scope of influence, insufficient user awareness, flexible and diverse attack methods, and it is a challenge to detect. This has made it an important carrier for implementing APT attacks. Therefore, it is necessary to pay attention to the existing research results and development trends of malicious documents. This paper first analyzes the document type and its structure, and proposes the security risks, attack techniques and propagation paths of the document. The current malicious document detection methods are categorized into four groups: static detection methods, dynamic detection methods, hybrid detection methods and others. The research status and research progress of each field are analyzed and summarized. Finally, the performance evaluation methods, data sets, representative detection tools and platforms of current malicious document detection research are reviewed and proposed, and the future research directions are envisaged.