Towards enhanced PDF maldocs detection with feature engineering: design challenges

Falah, Ahmed; Pokhrel, Shiva Raj; Pan, Lei; Souza-Daw, Anthony de

doi:10.1007/s11042-022-11960-x

Cited by 3 publications

(1 citation statement)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Adobe Acrobat Reader discovered a huge number of vulnerabilities in 2017. Every reader has particular flaws, and a malicious PDF file could be able to exploit them [3]. Offices frequently use the PDF file format due to its great efficiency, reliability, and interaction.…”

Section: Introductionmentioning

confidence: 99%

Comparative Analysis of Machine Learning Models for PDF Malware Detection: Evaluating Different Training and Testing Criteria

Khan,

Arshad,

Shah Khan

2023

Journal of Cyber Security

View full text Add to dashboard Cite

The proliferation of maliciously coded documents as file transfers increase has led to a rise in sophisticated attacks. Portable Document Format (PDF) files have emerged as a major attack vector for malware due to their adaptability and wide usage. Detecting malware in PDF files is challenging due to its ability to include various harmful elements such as embedded scripts, exploits, and malicious URLs. This paper presents a comparative analysis of machine learning (ML) techniques, including Naive Bayes (NB), K-Nearest Neighbor (KNN), Average One Dependency Estimator (A1DE), Random Forest (RF), and Support Vector Machine (SVM) for PDF malware detection. The study utilizes a dataset obtained from the Canadian Institute for Cyber-security and employs different testing criteria, namely percentage splitting and 10-fold cross-validation. The performance of the techniques is evaluated using F1score, precision, recall, and accuracy measures. The results indicate that KNN outperforms other models, achieving an accuracy of 99.8599% using 10-fold cross-validation. The findings highlight the effectiveness of ML models in accurately detecting PDF malware and provide insights for developing robust systems to protect against malicious activities. KEYWORDSCyber-security; PDF malware; model training; testing to the research team members, Bilal Khan (BK), Muhammad Arshad (MA), and Sarwar Shah Khan (SSK), for their collaboration and valuable insights throughout the research process. We extend our appreciation to the institutions that supported this research work. We are deeply grateful to the Canadian Institute for Cyber-security for providing the dataset that formed the foundation of our analysis. Their contributions have been instrumental in enabling us to conduct this study on PDF malware detection and assess the performance of various ML models. Our heartfelt appreciation goes to all the individuals and institutions that reviewed and provided constructive feedback on this research paper. Your valuable input helped improve the quality and rigor of our work. Without the collective efforts and support of all these individuals and organizations, this research paper would not have been possible. Thank you all for your invaluable contributions.

show abstract

Section: Introductionmentioning

confidence: 99%

Comparative Analysis of Machine Learning Models for PDF Malware Detection: Evaluating Different Training and Testing Criteria

Khan,

Arshad,

Shah Khan

2023

Journal of Cyber Security

View full text Add to dashboard Cite

show abstract

An Enhanced Feature-Based Hybrid Approach for Adversarial PDF Malware Detection

Hossain,

Deb,

Sarker

2024

2024 6th International Conference on Electrical Engineering and Information &Amp;amp; Communication Technology (ICEEICT)

View full text Add to dashboard Cite

PDF Malware Detection Based on Fuzzy Unordered Rule Induction Algorithm (FURIA)

Mejjaouli

Guizani

2023

Applied Sciences

View full text Add to dashboard Cite

The number of cyber-attacks is increasing daily, and attackers are coming up with new ways to harm their target by disseminating viruses and other malware. With new inventions and technologies appearing daily, there is a chance that a system might be attacked and its weaknesses taken advantage of. Malware is distributed through Portable Document Format (PDF) files, among other methods. These files’ adaptability makes them a prime target for attackers who can quickly insert malware into PDF files. This study proposes a model based on the Fuzzy Unordered Rule Induction Algorithm (FURIA) to detect PDF malware. The proposed model outperforms currently used methods in terms of reducing error rates and increasing accuracy. Other models, such as Naïve Bayes (NB), Decision Tree (J48), Hoeffding Tree (HT), and Quadratic Discriminant Analysis (QDA), were compared to the proposed model. The accuracy achieved by the proposed model is 99.81%, with an error rate of 0.0022.

show abstract

Towards enhanced PDF maldocs detection with feature engineering: design challenges

Cited by 3 publications

References 20 publications

Comparative Analysis of Machine Learning Models for PDF Malware Detection: Evaluating Different Training and Testing Criteria

Comparative Analysis of Machine Learning Models for PDF Malware Detection: Evaluating Different Training and Testing Criteria

An Enhanced Feature-Based Hybrid Approach for Adversarial PDF Malware Detection

PDF Malware Detection Based on Fuzzy Unordered Rule Induction Algorithm (FURIA)

Contact Info

Product

Resources

About