Detection of Malicious PDF Files Based on Hierarchical Document Structure

Author(s): Nedim Srndic and Pavel Laskov

Download: Paper (PDF)

Date: 24 Apr 2013

Document Type: Presentations

Additional Documents: Slides

Associated Event: NDSS Symposium 2013

Abstract:

In this paper, we propose an efficient static method for detection of malicious PDF documents which relies on essential differences in the structural properties of malicious and benign PDF files. We demonstrate its effectiveness on a data corpus containing about 600,000 real-world malicious and benign PDF files and evaluate its resistance against adversarial evasion attempts.