An Efficient PDF Malware Detection Method Using Highly Compact Features

被引：0

作者：

Liu, Ran ^{[1
]}

Matuszek, Cynthia ^{[1
]}

Nicholas, Charles ^{[1
]}

机构：

[1] Univ Maryland, Baltimore, MD 21201 USA

来源：

PROCEEDINGS OF THE 2024 ACM SYMPOSIUM ON DOCUMENT ENGINEERING, DOCENG 2024 | 2024年

关键词：

Malware Detection; Machine Learning; Feature Engineering;

D O I：

10.1145/3685650.3685668

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The growing use of PDFs has made them a prime target for malware attacks. Machine learning-based approaches for detecting PDF malware are increasingly popular due to their high accuracy and efficiency. However, the effectiveness of these systems largely depends on the quality of the dataset and the features used. Additionally, they face challenges from sophisticated evasion attacks. This paper introduces a compact yet highly effective feature set, consisting of just five features, designed to improve training efficiency and enhance the robustness of PDF malware detection models. Through experiments, including tests on the real-world detection system PDFRATE, we demonstrate that our proposed feature set not only trains highly accurate models but also increases the system's robustness against a specific evasive attack known as the Benign Random Noise (BRN) attack.

引用

页数：4

共 13 条

[1] [Anonymous], 2005, P 11 ACM SIGKDD INT, DOI [10.1145/1081870.1081950, DOI 10.1145/1081870.1081950]
[2] Barreno M, 2006, P 2006 ACM S INF COM, P16, DOI DOI 10.1145/1128817.1128824
[3] Biggio Battista, 2017, Security Evaluation of Pattern Classifiers under Attack, DOI [10.1109/TKDE.ArXiv2013.57, DOI 10.1109/TKDE.ARXIV2013.57]
[4] Chen YZ, 2020, PROCEEDINGS OF THE 29TH USENIX SECURITY SYMPOSIUM, P2343
[5] Elingiusti M, 2018, ADV INFORM SECUR, V70, P169, DOI 10.1007/978-3-319-73951-9_9
[6] Liu Ran, 2023, 2023 IEEE INT C BIG, P3017, DOI [10.1109/BigData59044.2023.10386516, DOI 10.1109/BIGDATA59044.2023.10386516]
[7] Towards Adversarial Malware Detection: Lessons Learned from PDF-based Attacks
Maiorca, Davide
Biggio, Battista
Giacinto, Giorgio
[J]. ACM COMPUTING SURVEYS, 2019, 52 (04)
[8] Smutz C, 2012, 28TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2012), P239
[9] When a Tree Falls: Using Diversity in Ensemble Classifiers to Identify Evasion in Malware Detectors
Smutz, Charles
Stavrou, Angelos
[J]. 23RD ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2016), 2016,
[10] Hidost: a static machine-learning-based detector of malicious files
Srndic, Nedim
Laskov, Pavel
[J]. EURASIP JOURNAL ON INFORMATION SECURITY, 2016,

← 1 2 →