SAFE-PDF: Robust Detection of JavaScript PDF Malware Using Abstract Interpretation
作者: François Gauthier , Alexander Jordan , Behnaz Hassanshahi , David Zhao
DOI:
关键词:
摘要: The popularity of the PDF format and rich JavaScript environment that viewers offer make documents an attractive attack vector for malware developers. present a serious threat to security organizations because most users are unsuspecting them thus likely open from untrusted sources. We propose identify malicious PDFs by using conservative abstract interpretation statically reason about behavior embedded code. Currently, state-of-the-art tools either: (1) based on structural similarity known samples; or (2) dynamically execute code detect behavior. These two approaches subject evasion attacks mimic structure benign do not exhibit their when being analyzed dynamically. In contrast, is oblivious both types evasions. A comparison with detection shows our approach achieves similar accuracy, while more resilient attacks.
arxiv.org
harvard.edu参考文章(25)
Charlie Curtsinger, Benjamin Livshits, Benjamin Zorn, Christian Seifert, ZOZZLE: fast and precise in-browser JavaScript malware detection usenix security symposium. pp. 3- 3 ,(2011)
Fabian Monrose, Srinivas Krishnan, Kevin Z. Snow, Niels Provos, SHELLOS: enabling fast detection and forensic analysis of code injection attacks usenix security symposium. pp. 9- 9 ,(2011)
Simon Holm Jensen, Anders Møller, Peter Thiemann, None, Type Analysis for JavaScript static analysis symposium. pp. 238- 255 ,(2009) , 10.1007/978-3-642-03237-0_17
Paruj Ratanaworabhan, Benjamin Livshits, Benjamin Zorn, NOZZLE: a defense against heap-spraying code injection attacks usenix security symposium. pp. 169- 186 ,(2009)
Flemming Nielson, Chris Hankin, Hanne R. Nielson, Principles of program analysis ,(1999)
Daiping Liu, Haining Wang, Angelos Stavrou, Detecting Malicious Javascript in PDF through Document Instrumentation dependable systems and networks. pp. 100- 111 ,(2014) , 10.1109/DSN.2014.92
Pavel Laskov, Nedim Šrndić, Static detection of malicious JavaScript-bearing PDF documents annual computer security applications conference. pp. 373- 382 ,(2011) , 10.1145/2076732.2076785
Cristina Vatamanu, Dragoş Gavriluţ, Răzvan Benchea, None, A practical approach on clustering malicious PDF documents Journal of Computer Virology and Hacking Techniques. ,vol. 8, pp. 151- 163 ,(2012) , 10.1007/S11416-012-0166-Z
Zacharias Tzermias, Giorgos Sykiotakis, Michalis Polychronakis, Evangelos P. Markatos, Combining static and dynamic analysis for the detection of malicious documents Proceedings of the Fourth European Workshop on System Security - EUROSEC '11. pp. 4- ,(2011) , 10.1145/1972551.1972555