Abstract
Malicious PDF files have been used to harm computer security during the past two-three years, and modern antivirus are proving to be not completely effective against this kind of threat. In this paper an innovative technique, which combines a feature extractor module strongly related to the structure of PDF files and an effective classifier, is presented. This system has proven to be more effective than other state-of-the-art research tools for malicious PDF detection, as well as than most of antivirus in commerce. Moreover, its flexibility allows adopting it either as a stand-alone tool or as plug-in to improve the performance of an already installed antivirus.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Wepawet, http://wepawet.iseclab.org/
IBM : IBM X-Force 2010 Mid-Year Trend and Risk Report (2010)
Symantec : Symantec Global Internet Security Threat Report. Trends for 2009 (2010)
Parker, T.: Navigating the Internal Structure of a PDF Document, http://www.planetpdf.com
Decalage: PDF Security Isseues, http://www.decalage.info
Ogorkiewicz, M., Frej, P.: Analysis of Buffer Overflow Attacks (2004), http://www.windowsecurity.com
Ramachandran, V.: Buffer Overflow Primer Video Series, http://www.securitytube.net
Ratanaworabhan, P., Livshits, B., Zorn, B.: NOZZLE: A Defense Against Heap-spraying Code Injection Attacks. In: SSYM 2009 Proceedings of the 18th Conference on USENIX Security Symposium (2009)
Bania, P.: JIT Spraying and Mitigations. CoRR (2010)
Stevens, D.: PDF tools, http://blog.didierstevens.com/programs/pdf-tools/
Contagio, http://contagiodump.blogspot.com/
Dixon, B., http://blog.9bplus.com
Willems, C., Holz, T., Freiling, F.: Toward Automated Dynamic Malware Analysis Using CWSandbox. Journal IEEE Security and Privacy Archive 5(2) (2007)
Cova, M., Kruegel, C., Vigna, G.: Detection and Analysis of Drive-by-Downloads Attacks and Malicious Javascript Code. In: Proceedings of International World Wide Web Conference, WWW 2010 (2010)
Tzermias, Z., Sykiotakis, G., Polychronakis, M., Markatos, E.P.: Combining Static and Dynamic Analysis for the Detection of Malicious Documents. In: EUROSEC 2011 Proceedings of the Fourth European Workshop on System Security (2011)
Laskov, P., Šrndić, N.: Static Detection of Malicious JavaScript-Bearing PDF Documents. In: Annual Computer Security Applications Conference (2011)
Yahoo, http://www.yahoo.com
Virus Total, http://www.virustotal.com/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maiorca, D., Giacinto, G., Corona, I. (2012). A Pattern Recognition System for Malicious PDF Files Detection. In: Perner, P. (eds) Machine Learning and Data Mining in Pattern Recognition. MLDM 2012. Lecture Notes in Computer Science(), vol 7376. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31537-4_40
Download citation
DOI: https://doi.org/10.1007/978-3-642-31537-4_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31536-7
Online ISBN: 978-3-642-31537-4
eBook Packages: Computer ScienceComputer Science (R0)