Journal on Communications ›› 2019, Vol. 40 ›› Issue (2): 118-128.doi: 10.11959/j.issn.1000-436x.2019028

• Papers • Previous Articles     Next Articles

Malicious PDF document detection based on mixed feature

Xuehui DU,Yangdong LIN(),Yi SUN   

  1. Henan Provincial Key Laboratory of Information Security,Information Engineering University,Zhengzhou 450001,China
  • Revised:2018-05-11 Online:2019-02-01 Published:2019-03-04
  • Supported by:
    The National High Technology Research and Development Program of China(2015AA016006);The National Natural Science Foundation of China(61702550)

Abstract:

Aiming at the problem of poor robustness and easy to evade detection in the detection of malicious PDF document,a malicious PDF document detection method based on mixed features was proposed.It adopted dynamic and static analysis technology to extract the regular information,structure information and API calling information from the document,and then a feature extraction method based on K-means clustering algorithm was designed to filter and select the key mixed features that characterize the document security.Ultimately,it improved the robustness of features.On this basis,it used random forest algorithm to construct classifier and perform experiment to discuss the detection performance of the scheme and its ability to resist mimicry attacks.

Key words: malicious PDF document, mixed feature, machine learning, detection

CLC Number: 

No Suggested Reading articles found!