2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks 2014
DOI: 10.1109/dsn.2014.92
|View full text |Cite
|
Sign up to set email alerts
|

Detecting Malicious Javascript in PDF through Document Instrumentation

Abstract: Abstract-An emerging threat vector, embedded malware inside popular document formats, has become rampant since 2008. Owed to its wide-spread use and Javascript support, PDF has been the primary vehicle for delivering embedded exploits. Unfortunately, existing defenses are limited in effectiveness, vulnerable to evasion, or computationally expensive to be employed as an on-line protection system. In this paper, we propose a context-aware approach for detection and confinement of malicious Javascript in PDF. Our… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
26
0

Year Published

2015
2015
2024
2024

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 54 publications
(26 citation statements)
references
References 15 publications
0
26
0
Order By: Relevance
“…Our proposed system uses an LSTM neural model for the language model instead of the n-gram model proposed by Shah [33]. Other papers which investigate the detection of malicious JavaScript include [26], [32], [35], [38], [39].…”
Section: Related Workmentioning
confidence: 99%
“…Our proposed system uses an LSTM neural model for the language model instead of the n-gram model proposed by Shah [33]. Other papers which investigate the detection of malicious JavaScript include [26], [32], [35], [38], [39].…”
Section: Related Workmentioning
confidence: 99%
“…Of the documented malware, PDF-based attack is one of the major attacks because of the flexibility of PDFs in contrast to other document formats. Most malicious PDF documents embed binary or JavaScript codes triggering specific vulnerabilities and perform malicious actions, as described in [1]. Various studies have been conducted to detect such malicious PDFs.…”
Section: Introductionmentioning
confidence: 99%
“…In this work, we propose a novel approach using convolutional neural network (CNN) to tackle the malware detection. The contributions of this study can be summarized as follows: (1) we design a new CNN model well-suited to the malware detection on PDFs, (2) we demonstrate the performance of the proposed network by experiments using our manually labelled PDF dataset, and (3) we provide specific discussion about the experimental results.…”
Section: Introductionmentioning
confidence: 99%
“…By using these tokens PJScan tries to induce learning detection models that differentiate between benign and malicious PDF files. Liu et al [14] combined both static and dynamic analysis to detect potential infection attempts in the context of JavaScript execution. First, they extract a set of static features, and then they insert context monitoring code into a PDF document, a code that later cooperates with the runtime monitor used for the detection task.…”
Section: Related Workmentioning
confidence: 99%
“…The primary goal of the malicious JavaScript code inside a PDF file is to exploit a vulnerability in the PDF viewer in order to divert the normal execution flow to the embedded malicious JavaScript code. This can be achieved by performing a heap spraying 14 or buffer overflow attack implemented through JavaScript. Another malicious activity that can be carried out using JavaScript is downloading an executable file from the Internet which initiates an attack on the victim's machine once executed.…”
Section: Javascript Code Attacksmentioning
confidence: 99%