Authors:
Davide Maiorca
;
Davide Ariu
;
Igino Corona
and
Giorgio Giacinto
Affiliation:
University of Cagliari, Italy
Keyword(s):
PDF, Evasion, Adversarial Machine Learning, Malware, Javascript.
Abstract:
During the past years, malicious PDF files have become a serious threat for the security of modern computer
systems. They are characterized by a complex structure and their variety is considerably high. Several solutions
have been academically developed to mitigate such attacks. However, they leveraged on information
that were extracted from either only the structure or the content of the PDF file. This creates problems when
trying to detect non-Javascript or targeted attacks. In this paper, we present a novel machine learning system
for the automatic detection of malicious PDF documents. It extracts information from both the structure and
the content of the PDF file, and it features an advanced parsing mechanism. In this way, it is possible to detect
a wide variety of attacks, including non-Javascript and parsing-based ones. Moreover, with a careful choice of
the learning algorithm, our approach provides a significantly higher accuracy compared to other static analysis
techniques, e
specially in the presence of adversarial malware manipulation.
(More)