Hidost: a static machine-learning-based detector of malicious files

źRndić, Nedim; Laskov, Pavel

doi:10.1186/s13635-016-0045-0

Cited by 71 publications

(62 citation statements)

References 20 publications

(25 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The most popular example is Poppler, a comprehensive PDF library that is adopted by the popular open-source reader XPDF. PJscan [7] and Hidost [3] use Poppler to detect PDF files embedding malicious JavaScript code. Although these libraries correctly implement most of the Adobe PDF specifications, they may be vulnerable to well-crafted malformations of PDF files.…”

Section: 11mentioning

confidence: 99%

“…Wepawet [6] Dynamic JSand JS-based Bayesian PJScan [7] Static Poppler JS-based SVM Hidost [3] Static Poppler Structural Random Forest Lux0R [8] Static PhoneyPDF JS-based Random Forest Slayer [1] Static PDFID Structural Random Forest Slayer NEO [2] Static PeePDF+Origami Structural Adaboost PDFRate [4] Static Custom Structural Random Forest PDFRate (updated) [5] Static Custom Structural Classifier Ensemble to represent each file as a numerical vector of fixed size. This process is usually referred to as feature extraction.…”

Section: Pre-processing Features Classifiermentioning

confidence: 99%

See 1 more Smart Citation

Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware

Maiorca

Biggio

2019

IEEE Secur. Privacy

View full text Add to dashboard Cite

Over the last decade, malicious software (or malware, for short) has shown an increasing sophistication and proliferation, fueled by a flourishing underground economy, in response to the increasing complexity of modern defense mechanisms. PDF documents are among the major vectors used to convey malware, thanks to the flexibility of their structure and the ability of embedding different kinds of content, ranging from images to JavaScript code. Despite the numerous efforts made by the research and industrial communities, PDF malware is still one of the major threats on the cyber-security landscape. In this paper, we provide an overview of the current attack techniques used to convey PDF malware, and discuss state-of-the-art PDF malware analysis tools that provide valuable support to digital forensic investigations. We finally discuss limitations and open issues of the current defense mechanisms, and sketch some interesting future research directions.

show abstract

Section: 11mentioning

confidence: 99%

Section: Pre-processing Features Classifiermentioning

confidence: 99%

Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware

Maiorca

Biggio

2019

IEEE Secur. Privacy

View full text Add to dashboard Cite

show abstract

“…In order to detect the malicious documents, many studies focused on feature extraction based on the PDF structure analysis, where the features can be seen as a summary of the logical structure. In [7], a format-independent static analysis method, namely, a hierarchical document structure (hidost), was proposed. They adopted a structural multimap, where structural paths are represented by keys and the leaves are indicated by values.…”

Section: Malware Detection On Stream Datamentioning

confidence: 99%

Malware Detection on Byte Streams of PDF Files Using Convolutional Neural Networks

Jeong

Woo

Kang

2019

Security and Communication Networks

View full text Add to dashboard Cite

With increasing amount of data, the threat of malware keeps growing recently. The malicious actions embedded in nonexecutable documents especially (e.g., PDF files) can be more dangerous, because it is difficult to detect and most users are not aware of such type of malicious attacks. In this paper, we design a convolutional neural network to tackle the malware detection on the PDF files. We collect malicious and benign PDF files and manually label the byte sequences within the files. We intensively examine the structure of the input data and illustrate how we design the proposed network based on the characteristics of data. The proposed network is designed to interpret high-level patterns among collectable spatial clues, thereby predicting whether the given byte sequence has malicious actions or not. By experimental results, we demonstrate that the proposed network outperform several representative machine-learning models as well as other networks with different settings.

show abstract

“…Some works focus on the metadata of a PDF (see Section 2.1) to determine its maliciousness [14,11,10,24,21]. They all perform structural analyses of the documents to extract the features they need.…”

Section: Metadatamentioning

confidence: 99%

PDF-Malware Detection: A Survey and Taxonomy of Current Techniques

Elingiusti

Aniello

Querzoni

et al. 2018

Advances in Information Security

View full text Add to dashboard Cite

Portable Document Format, more commonly known as PDF, has become, in the last twenty years, a standard for document exchange and dissemination due its portable nature and widespread adoption. The flexibility and power of this format are not only leveraged by benign users, but from hackers as well who have been working to exploit various types of vulnerabilities, overcome security restrictions, and then transform the PDF format in one among the leading malicious code spread vectors. Analyzing the content of malicious PDF files to extract the main features that characterize the malware identity and behavior, is a fundamental task for modern threat intelligence platforms that need to learn how to automatically identify new attacks. This paper surveys existing state of the art about systems for the detection of malicious PDF files and organizes them in a taxonomy that separately considers the used approaches and the data analyzed to detect the presence of malicious code. * This is an author generated postprint of the article: Elingiusti M., Aniello L., Querzoni L., Baldoni R. (2018) PDF-Malware Detection: A Survey and Taxonomy of Current

show abstract

Hidost: a static machine-learning-based detector of malicious files

Cited by 71 publications

References 20 publications

Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware

Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware

Malware Detection on Byte Streams of PDF Files Using Convolutional Neural Networks

PDF-Malware Detection: A Survey and Taxonomy of Current Techniques

Contact Info

Product

Resources

About