SAFE-PDF: Robust Detection of JavaScript PDF Malware Using Abstract Interpretation

Jordan, Alexander; Gauthier, François; Hassanshahi, Behnaz; Zhao, David

doi:10.48550/arxiv.1810.12490

Cited by 2 publications

(4 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There have been suggestions made for techniques that make use of machine learning in order to identify malicious JavaScript programs [21]. One example of this would be monitoring its execution upon a JavaScript code at run time by using a sequence of events to collect vectors for categorisation.…”

Section: Related Workmentioning

confidence: 99%

Detection of Obfuscated Malicious JavaScript Code

Alazab¹,

Khraisat²,

Alazab

et al. 2022

Future Internet

View full text Add to dashboard Cite

Websites on the Internet are becoming increasingly vulnerable to malicious JavaScript code because of its strong impact and dramatic effect. Numerous recent cyberattacks use JavaScript vulnerabilities, and in some cases employ obfuscation to conceal their malice and elude detection. To secure Internet users, an adequate intrusion-detection system (IDS) for malicious JavaScript must be developed. This paper proposes an automatic IDS of obfuscated JavaScript that employs several features and machine-learning techniques that effectively distinguish malicious and benign JavaScript codes. We also present a new set of features, which can detect obfuscation in JavaScript. The features are selected based on identifying obfuscation, a popular method to bypass conventional malware detection systems. The performance of the suggested approach has been tested on JavaScript obfuscation attacks. The studies have shown that IDS based on selected features has a detection rate of 94% for malicious samples and 81% for benign samples within the dimension of the feature vector of 60.

show abstract

Section: Related Workmentioning

confidence: 99%

Detection of Obfuscated Malicious JavaScript Code

Alazab¹,

Khraisat²,

Alazab

et al. 2022

Future Internet

View full text Add to dashboard Cite

show abstract

“…I train SE S F θ FQ Dang et al [42] I train SE S F θ FQ Chen et al [44] I train RF S F θ FQ Incer et al [123] I train RF S F θ FQ Al-Dujaili et al [33] I train AT S F θ FQ Chen et al [79] I train IT S F θ FQ Jordan et al [124] I train RF S F θ FQ Li et al [125] I train AT S F θ FQ Chen et al [38] I train SE S F θ FQ obfuscation attack [126] with input (a1, • • • , a5|A6, • • • , A9) = (0, 0, 0, 0, 0|M, Z, BE, ZM), and the attack that modifies important features [36] with input (a…”

Section: Yang Et Al [78]mentioning

confidence: 99%

“…The defense has the input (A1, • • • , A5|a6, • • • , a9) = (Itrain, IT, S, F θ , FQ|0, 0, 0, 0) and achieves CR. Jordan et al [124] propose a robust PDF malware detector against evasion attacks by interpreting JavaScript behaviours using static analysis. A PDF file is classified as malicious when it calls a vulnerable API method or when it exhibits a potentially malicious or unknown behavior.…”

Section: Adversarial Training Work Under the Iid Assumption With Inputmentioning

confidence: 99%

“…PDFrate caused two sequences of escalations. In one sequence, PDFrate is defeated by [29], which triggers defense escalation to [69]; [69] triggers attack escalation to [97], which can evade [69]; [97] triggers defense escalation to [124], which is a stateof-the-art enhancement of PDFrate. In the other sequence, PDFrate is defeated by [41], which triggers defense escalation to [42] and [122]; the escalated defense in [42] can be defeated by the escalated attack presented in the very same paper [42]; [122] is another state-of-the-art enhancement to PDFrate.…”

Section: Systematizing Amd Arms Racementioning

confidence: 99%

See 1 more Smart Citation

Arms Race in Adversarial Malware Detection: A Survey

Li,

et al. 2020

Preprint

View full text Add to dashboard Cite

Malicious software (malware) is a major cyber threat that shall be tackled with Machine Learning (ML) techniques because millions of new malware examples are injected into cyberspace on a daily basis. However, ML is known to be vulnerable to attacks known as adversarial examples. In this SoK paper, we systematize the field of Adversarial Malware Detection (AMD) through the lens of a unified framework of assumptions, attacks, defenses and security properties. This not only guides us to map attacks and defenses into some partial order structures, but also allows us to clearly describe the attack-defense arms race in the AMD context. In addition to manually drawing insights, we also propose using ML to draw insights from the systematized representation of the literature. Examples of the insights are: knowing the defender's feature set is critical to the attacker's success; attack tactic (as a core part of the threat model) largely determines what security property of a malware detector can be broke; there is currently no silver bullet defense against evasion attacks or poisoning attacks; defense tactic largely determines what security properties can be achieved by a malware detector; knowing attacker's manipulation set is critical to defender's success; ML is an effective method for insights learning in SoK studies. These insights shed light on future research directions.

show abstract

SAFE-PDF: Robust Detection of JavaScript PDF Malware Using Abstract Interpretation

Cited by 2 publications

References 23 publications

Detection of Obfuscated Malicious JavaScript Code

Detection of Obfuscated Malicious JavaScript Code

Arms Race in Adversarial Malware Detection: A Survey

Contact Info

Product

Resources

About