An Evasion Resilient Approach to the Detection of Malicious PDF Files

MAIORCA, DAVIDE;ARIU, DAVIDE;CORONA, IGINO;GIACINTO, GIORGIO
2015

Abstract

Malicious PDF les still constitute a serious threat to the systems security. New reader vulnerabilities have been discovered, and research has shown that current state of the art approaches can be easily bypassed by exploiting weaknesses caused by erroneous parsing or incomplete information extraction. In this work, we present a novel machine learning system to the detection of malicious PDF les. We have developed a static approach that leverages on information extracted by both the structure and the content of PDF les, which allows to improve the system robustness against evasion attacks. Experimental results show that our system is able to outperform all publicly available state of the art tools. We also report a signicant improvement of the performances at detecting reverse mimicry attacks, which are able to completely evade systems that only extract information from the PDF le structure. Finally, we claim that, to avoid targeted attacks, a more careful design of machine learning based detectors is needed.
Inglese
Information Systems Security and Privacy
Camp, O., Weippl, E., Bidan, C., Aïmeur
Camp, O., Weippl, E., Bidan, C., Aïmeur
576
68
85
18
Springer
Berlin
978-3-319-27667-0
Comitato scientifico
internazionale
scientifica
PDF, Evasion, Malware, Javascript, Machine Learning
no
info:eu-repo/semantics/bookPart
Maiorca, Davide; Ariu, Davide; Corona, Igino; Giacinto, Giorgio
2 Contributo in Volume::2.1 Contributo in volume (Capitolo o Saggio)
4
268
reserved
Files in This Item:
File Size Format  
ICISSP_Chapter_Book_Printed_2015.pdf

Solo gestori archivio

Type: versione editoriale
Size 503.11 kB
Format Adobe PDF
503.11 kB Adobe PDF & nbsp; View / Open   Request a copy

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.

Questionnaire and social

Share on:
Impostazioni cookie