Abstract
PDF (portable document format) documents are widely used in information publishing, academic exchanges and daily business. Phishing attacks with malicious PDF documents have become an important means of APT (advanced persistent threat) organizations. Researchers have found that more than 90% of malicious PDF documents launch attacks by JavaScript code. The current detection models’ generalization is not enough to detect unknown malicious samples. This paper proposes a method for detecting malicious PDF documents based on benign samples. The method uses benign PDF documents as training data, and uses features at the semantic level of JavaScript code. The JavaScript keywords and usage methods frequently used in malicious PDF documents are taken as important features to improve the robustness of the model. Then, we use One-class SVM (support vector machine) machine learning algorithm to detect malicious PDF documents containing JavaScript code. Compared with the detection model trained with malicious PDF documents, the method proposed in this paper improves the generalization performance while maintaining a higher detection rate.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
