A universal malicious documents static detection framework based on feature generalization
Authors
Lu, X
Wang, F
Jiang, C
Lio, P
Publication Date
2021Journal Title
Applied Sciences (Switzerland)
ISSN
2076-3417
Publisher
MDPI AG
Volume
11
Issue
24
Language
en
Type
Article
This Version
VoR
Metadata
Show full item recordCitation
Lu, X., Wang, F., Jiang, C., & Lio, P. (2021). A universal malicious documents static detection framework based on feature generalization. Applied Sciences (Switzerland), 11 (24) https://doi.org/10.3390/app112412134
Abstract
<jats:p>In this study, Portable Document Format (PDF), Word, Excel, Rich Test format (RTF) and image documents are taken as the research objects to study a static and fast method by which to detect malicious documents. Malicious PDF and Word document features are abstracted and extended, which can be used to detect other types of documents. A universal static detection framework for malicious documents based on feature generalization is then proposed. The generalized features include specification check errors, the structure path, code keywords, and the number of objects. The proposed method is verified on two datasets, and is compared with Kaspersky, NOD32, and McAfee antivirus software. The experimental results demonstrate that the proposed method achieves good performance in terms of the detection accuracy, runtime, and scalability. The average F1-score of all types of documents is found to be 0.99, and the average detection time of a document is 0.5926 s, which is at the same level as the compared antivirus software.</jats:p>
Keywords
malicious document detection, static detection, feature generalization, machine learning
Sponsorship
National Natural Science Foundation of China (62136006)
National Key R& (2020YFB2104700)
Identifiers
External DOI: https://doi.org/10.3390/app112412134
This record's URL: https://www.repository.cam.ac.uk/handle/1810/332070
Rights
Licence:
https://creativecommons.org/licenses/by/4.0/
Statistics
Total file downloads (since January 2020). For more information on metrics see the
IRUS guide.
Recommended or similar items
The current recommendation prototype on the Apollo Repository will be turned off on 03 February 2023. Although the pilot has been fruitful for both parties, the service provider IKVA is focusing on horizon scanning products and so the recommender service can no longer be supported. We recognise the importance of recommender services in supporting research discovery and are evaluating offerings from other service providers. If you would like to offer feedback on this decision please contact us on: support@repository.cam.ac.uk