Detecting malicious PDF documents
作者: Jarle Kittilsen
DOI:
关键词:
摘要: As the internet has become new playground for organized crime and foreign intelligence, sophistication of attacks increased. The traditional targeting listening services on target computer is no longer as viable it used to, much thanks to firewalls, NAT more secure administration servers. This forced attackers find targets, which they have found in client applications, users themselves. Client-side are now most method attack internet. A popular vector conducting such malicious PDF documents. Traditional signature based network intrusion detection systems (IDS) a hard time detecting threats, good alternative solutions been discovered. In this thesis we seek answer question ”How can PDF-documents transferred be detected? “ An anomaly IDS approach was chosen, several machine learning classifiers were investigated Support Vector Machines gave best accuracy performance. Several features PDFs analyzed order retrieve those significant Experiments performed combination SVM configurations maximize performance algorithm. real world study also by implementing algorithm belonging Norwegian Defence.
bibsys.no 参考文章(23)
Asa Ben-Hur, Jason Weston, None, A User's Guide to Support Vector Machines Methods of Molecular Biology. ,vol. 609, pp. 223- 239 ,(2010) , 10.1007/978-1-60327-241-4_13
Tom Liston, Ed Skoudis, Counter hack reloaded, second edition: a step-by-step guide to computer attacks and effective defenses Prentice Hall Press. ,(2005)
Shon Harris, Allen Harper, Chris Eagle, Jonathan Ness, Michael Lester, None, Gray Hat Hacking : The Ethical Hacker's Handbook ,(2004)
Panayiotis Mavrommatis, Niels Provos, Dean McNamee, Nagendra Modadugu, Ke Wang, The ghost in the browser analysis of web-based malware conference on workshop on hot topics in understanding botnets. pp. 4- 4 ,(2007)
Ke Wang, Janak J. Parekh, Salvatore J. Stolfo, Anagram: A Content Anomaly Detector Resistant to Mimicry Attack Lecture Notes in Computer Science. pp. 226- 248 ,(2006) , 10.1007/11856214_12
Martin Roesch, Snort - Lightweight Intrusion Detection for Networks usenix large installation systems administration conference. pp. 229- 238 ,(1999)
Robin Sommer, Vern Paxson, Outside the Closed World: On Using Machine Learning for Network Intrusion Detection ieee symposium on security and privacy. pp. 305- 316 ,(2010) , 10.1109/SP.2010.25
John McHugh, Testing Intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 262- 294 ,(2000) , 10.1145/382912.382923
Bernhard E. Boser, Isabelle M. Guyon, Vladimir N. Vapnik, A training algorithm for optimal margin classifiers conference on learning theory. pp. 144- 152 ,(1992) , 10.1145/130385.130401
Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, Ali A. Ghorbani, A detailed analysis of the KDD CUP 99 data set computational intelligence and security. pp. 53- 58 ,(2009) , 10.1109/CISDA.2009.5356528