Detecting Malicious PDF Using CNN
Abstract
Malicious PDF files represent one of the biggest threats to computer security. To detect them, significant research has been done using handwritten signatures or machine learning based on manual feature extraction. Those approaches are both time-consuming, requires significant prior knowledge and the list of features has to be updated with each newly discovered vulnerability. In this work, we propose a novel algorithm that uses a Convolutional Neural Network (CNN) on the byte level of the file, without any handcrafted features. We show, using a data set of 130000 files, that our approach maintains a high detection rate (96%) of PDF malware and even detects new malicious files, still undetected by most antiviruses. Using automatically generated features from our CNN network, and applying a clustering algorithm, we also obtain high similarity between the antiviruses’ labels and the resulting clusters.
Cite
Text
Fettaya and Mansour. "Detecting Malicious PDF Using CNN." International Conference on Learning Representations, 2020.Markdown
[Fettaya and Mansour. "Detecting Malicious PDF Using CNN." International Conference on Learning Representations, 2020.](https://mlanthology.org/iclr/2020/fettaya2020iclr-detecting/)BibTeX
@inproceedings{fettaya2020iclr-detecting,
title = {{Detecting Malicious PDF Using CNN}},
author = {Fettaya, Raphael and Mansour, Yishay},
booktitle = {International Conference on Learning Representations},
year = {2020},
url = {https://mlanthology.org/iclr/2020/fettaya2020iclr-detecting/}
}