Poster: Unacceptable Behavior: Robust PDF Malware Detection Using Abstract Interpretation

Poster: Unacceptable Behavior: Robust PDF Malware Detection Using Abstract Interpretation

Alexander Jordan, Francois Gauthier, Behnaz Hassanshahi

20 February 2022

The popularity of the PDF format and the rich JavaScript environment that PDF viewers offer make PDF documents an attractive attack vector for malware developers. Because machine learning-based approaches are subject to adversarial attacks that mimic the structure of benign documents, we propose to detect malicious code inside a PDF by statically reasoning about its possible behaviours using abstract interpretation. A comparison with state-of-the-art PDF malware detection tools shows that our conservative abstract interpretation approach achieves similar accuracy, is more resilient to evasion attacks, and provides explainable reports.


Venue : Cyber Security Summer School & Cyber Defence and Next Generation Conference

File Name : Unacceptable_Behavior:_Robust_PDF_Malware_Detection_Using_Abstract_Interpretation.pdf