Detection of Malicious PDF Files Using a Two-Stage Machine Learning Algorithm

作     者：HE Kang ZHU Yuefei HE Yubo LIU Long LU Bin LIN Wei HE Kang;ZHU Yuefei;HE Yubo;LIU Long;LU Bin;LIN Wei

作者机构：State Key Laboratory of Mathematical Engineering and Advanced Computing 

出 版 物：《Chinese Journal of Electronics》 (电子学报(英文))

年 卷 期：2020年第29卷第6期

页      面：1165-1177页

核心收录：

学科分类：12[管理学] 1201[管理学-管理科学与工程(可授管理学、工学学位)] 0808[工学-电气工程] 0809[工学-电子科学与技术（可授工学、理学学位）] 081104[工学-模式识别与智能系统] 08[工学] 0839[工学-网络空间安全] 0835[工学-软件工程] 0701[理学-数学] 0811[工学-控制科学与工程] 081201[工学-计算机系统结构] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：supported by the National Key R&D Program China(No.2016YFB0801505) the Cutting-edge Science and Technology Innovation Project of the Key Research and Development Program of China (2019QY1305) 

主　　题：convolutional neural nets document handling feature extraction learning (artificial intelligence) pattern classification security of data trees (mathematics) robust feature extraction convolutional neural network tree-like information structure adversarial attack detection two-stage machine learning algorithm evasion techniques malicious files portable document format malicious PDF files classifier robustness anomaly detection model two-stage machine learning model Malicious PDF classification Robustness Guiding principles Two-stage classifier Convolutional neural network 

摘      要：Portable document format(PDF) files are increasingly used to launch cyberattacks due to their popularity and increasing number of *** solutions have been developed to detect malicious files,but their accuracy decreases rapidly in face of new evasion *** explore how to improve the robustness of classifiers for detecting adversarial attacks in PDF *** replacement and the n-gram are implemented to extract robust features using proposed guiding *** the two-stage machine learning model,the objects are divided based on their types,and the anomaly detection model is first trained for each type *** former detection results are organized into tree-like information structure and treated as inputs to convolutional neural *** results show that the accuracy of our classifier is nearly 100% and the robustness against evasive samples is *** object features also enable the identification of different vulnerabilities exploited in malicious PDF files.