Title:  Looking at the bag is not enough to find the bomb: an evasion of structural methods for malicious PDF files detection
Internal authors: 
Issue Date:  2013
Authors:  Maiorca D; Corona I; Giacinto G
Book title:  ASIA CCS'13. Proceedings of the 8th ACM Symposium on Information, Computer and Communications Security
ISBN:  978-1-4503-1767-2
Publisher name:  ACM
Conference section:  contributo
First page:  119
Last page:  129
Number of pages:  11
Digital Object Identifier (DOI):  http://dx.doi.org/10.1145/2484313.2484327
Scopus identifier:  2-s2.0-84877998967
URL:  http://dl.acm.org/citation.cfm?doid=2484313.2484327
Peer review:  Esperti anonimi
Conference name:  8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013
Conference date:  8-10 May 2013
Conference place:  Hangzhou, China
Abstract:  PDF files have proved to be excellent malicious-code bearing vectors. Thanks to their flexible logical structure, an attack can be hidden in several ways, and easily deceive protection mechanisms based on file-type filtering. Recent work showed that malicious PDF files can be accurately detected by analyzing their logical structure, with excellent results. In this paper, we present and practically demonstrate a novel evasion technique, called reverse mimicry, that can easily defeat such kind of analysis. We implement it using real samples and validate our approach by testing it against various PDF malware detectors proposed so far. Finally, we highlight the importance of developing systems robust to adversarial attacks and propose a framework to strengthen PDF malware detection against evasion.
Type: 4.1 Contributo in Atti di convegno

Files in This Item:
There are no files associated with this item.

Questionnaire and social

Share on: