摘要
当今社会,便携式文档(PDF)已经成为恶意代码传播的主要载体,而90%的恶意PDF样本都是基于Java Script攻击的。因此针对Java Script攻击的恶意样本检测是非常有必要的。介绍PDF的结构,以及常见的嵌入Java Script的恶意PDF文档攻击手段,在此基础上,提出一种基于Java Script攻击的恶意PDF文档检测方法,并实现基于该方法的检测系统,主要包括PDF文档格式深入解析模块、Java Script代码定位与提取模块、恶意特征提取模块。实验表明该系统能有效检测PDF恶意文档。
In today's society, portable document(PDF) has become the main carrier of the spread of malicious code, while 90% of the malicious PDF sample are based on JavaScript attacks. So it is necessary to detect the malicious sample based on JavaScript attack. Introduces the struc- ture of PDF files and attack method based on JavaScript code. Based on this research, proposes a malicious PDF document detection method based on JavaScript attack and realizes the detection system ,which mainly includes the parsing module of PDF file format, JavaScript code location and extraction module, malicious feature extraction module. Experiments show that this system can effectively detect malicious PDF document.
出处
《现代计算机》
2016年第1期36-40,共5页
Modern Computer
