Titolo:  An Evasion Resilient Approach to the Detection of Malicious PDF Files
Data di pubblicazione:  2015
Autori:  Maiorca D; Ariu D; Corona I; Giacinto G
Numero degli autori:  4
Lingua:  Inglese
Volume:  576
Pagina iniziale:  68
Pagina finale:  85
Numero di pagine:  18
Digital Object Identifier (DOI):  http://dx.doi.org/10.1007/978-3-319-27668-7_5
Codice identificativo Scopus:  2-s2.0-84955283841
Codice identificativo ISI:  WOS:000370879100005
Titolo del libro:  Information Systems Security and Privacy
Editore:  Springer
ISBN:  978-3-319-27667-0
Abstract:  Malicious PDF les still constitute a serious threat to the systems security. New reader vulnerabilities have been discovered, and research has shown that current state of the art approaches can be easily bypassed by exploiting weaknesses caused by erroneous parsing or incomplete information extraction. In this work, we present a novel machine learning system to the detection of malicious PDF les. We have developed a static approach that leverages on information extracted by both the structure and the content of PDF les, which allows to improve the system robustness against evasion attacks. Experimental results show that our system is able to outperform all publicly available state of the art tools. We also report a signicant improvement of the performances at detecting reverse mimicry attacks, which are able to completely evade systems that only extract information from the PDF le structure. Finally, we claim that, to avoid targeted attacks, a more careful design of machine learning based detectors is needed.
Parole Chiave:  PDF, Evasion, Malware, Javascript, Machine Learning
Revisione (peer review):  Comitato scientifico
Caratterizzazione prevalente:  scientifica
Rilevanza:  internazionale
Tipologia: 2.1 Contributo in volume (Capitolo o Saggio)

File in questo prodotto:
File Descrizione Tipologia Licenza  
ICISSP_Chapter_Book_Printed_2015.pdf  versione editoriale Administrator   Richiedi una copia

Questionario e social

Condividi su: