HAPSSA: Holistic Approach to PDF Malware Detection Using Signal and Statistical Analysis
release_vekvcukv2nhm5b6nnk4unaqpwy
by
Tajuddin Manhar Mohammed, Lakshmanan Nataraj, Satish Chikkagoudar, Shivkumar Chandrasekaran, B.S. Manjunath
2021
Abstract
Malicious PDF documents present a serious threat to various security
organizations that require modern threat intelligence platforms to effectively
analyze and characterize the identity and behavior of PDF malware.
State-of-the-art approaches use machine learning (ML) to learn features that
characterize PDF malware. However, ML models are often susceptible to evasion
attacks, in which an adversary obfuscates the malware code to avoid being
detected by an Antivirus. In this paper, we derive a simple yet effective
holistic approach to PDF malware detection that leverages signal and
statistical analysis of malware binaries. This includes combining orthogonal
feature space models from various static and dynamic malware detection methods
to enable generalized robustness when faced with code obfuscations. Using a
dataset of nearly 30,000 PDF files containing both malware and benign samples,
we show that our holistic approach maintains a high detection rate (99.92%) of
PDF malware and even detects new malicious files created by simple methods that
remove the obfuscation conducted by malware authors to hide their malware,
which are undetected by most antiviruses.
In text/plain
format
Archived Files and Locations
application/pdf 486.9 kB
file_kr62n56h6ven5ed3bjvzqhcuua
|
arxiv.org (repository) web.archive.org (webarchive) |
2111.04703v1
access all versions, variants, and formats of this works (eg, pre-prints)