期刊文献+

针对恶意逃避行为的PDF文档检测

PDF Document Detection for Malicious Evasion Behavior
下载PDF
导出
摘要 便捷式文档格式(PDF)是全球数据交换中广泛使用的格式之一,人们对其有很高的信任度。然而,近年来不法分子利用PDF文档进行恶意网络攻击的情况越来越严重。随着黑客技术的进步,他们也逐渐采用一些逃避检测的方法,使得常见的学习算法难以检测到这种恶意文件。针对这些“更聪明”的恶意PDF攻击样本,对PDF文档的特性进行了分析,提取了25维特征,并应用调参后的Adaboost算法训练模型,准确率达到99.63%,优于同领域的其他研究成果。 The Portable Document Format(PDF)is one of the widely used formats in global data exchange,and people have a high level of trust in it.However,in recent years,the situation of criminals using PDF documents for malicious network attacks has become increasingly serious.With the advancement of hacker technology,they are gradually adopting methods to evade detection,making it more difficult for common learning algorithms to detect such malicious files.In response to these“smarter”malicious PDF attack samples,an analysis of the characteristics of PDF documents is conducted,and 25-dimensional features are extracted.By applying a finely-tuned Adaboost algorithm for model training,an accuracy rate of 99.63%is achieved,surpassing other research achievements in the same field.
作者 李东帅 尚培文 LI Dongshuai;SHANG Peiwen(School of Electronics&Information Engineering,Liaoning University of Technology,Jinzhou 121001,China)
出处 《现代信息科技》 2024年第10期7-12,共6页 Modern Information Technology
关键词 PDF 逃避检测 ADABOOST算法 网络攻击 PDF evading detection Adaboost algorithm network attack
  • 相关文献

参考文献10

二级参考文献49

  • 1闵华清,卢炎生,蒋晓宇.基于共同进化计算的分类规则算法[J].华南理工大学学报(自然科学版),2006,34(6):69-73. 被引量:1
  • 2Stolfo S J,Wang K,Li W J.Towards stealthy malware detection[M] // Malware detection.Heidelberg:SpringerVerlag,2007:231-249.
  • 3Li W J,Stoffo S J,Stavrou A,et al.A study of malcodebearing documents[C] //Proceedings of the 4th International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment.Heidelberg:Springer-Verlng,2007:231-250.
  • 4Shafiq M Z,Khayam S A,Farooq M.Embedded malware detection using Markov n-grams[C] //Proceedings of the 5th International Conference on Detection of Intrusions and Malware,and Vulnerability Assessment.Heidelberg:Springer-Verlag,2008:88-107.
  • 5John Leyden.Trojan exploits unpatched Word vulnerability[EB/OL].(2006-05-22)[2010-05-28].http://www.theregister.co.uk/2006/05/22/trojan_ exploit_word_vuln/.
  • 6Joris Evers.Zero-day attacks continue to hit Microsoft[EB/OL].(2006-09-28)[2010-05-28].http://news.cnet.com/ Zero-day-attacks-continue-to-hit-Microsoft/2100-7349_3-6120481.html.
  • 7David Kierznowski.Backdooring PDF files[EB/OL].(2006-09-13)[2010-05-28].http:// michaeldaw.org/md-hacks/backdooring-pdf-files.
  • 8Damashek M.Gauging similarity with n-grams:language-independent categorization of text[J].Science,1995,267(5199):843-848.
  • 9Grossman D A,Frieder O.Information retrieval:algorithms and heuristics[M].2nd ed.Heidelberg:Springer-Verlag,2004.
  • 10Dumais S,Platt J,Heckerman D,et al.Inductive learning algorithms and representations for text categorization[C] // Proceedings of the 7th International Conference on Information and Knowledge Management.New York:ACM Press,1998:148-155.

共引文献26

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部