Toward Automated Dynamic Malware Analysis Using CWSandbox
IEEE Security and Privacy
A Study of Malcode-Bearing Documents
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Embedded Malware Detection Using Markov n-Grams
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Learning and Classification of Malware Behavior
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Malware detection using statistical analysis of byte-level file content
Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics
Detection and analysis of drive-by-download attacks and malicious JavaScript code
Proceedings of the 19th international conference on World wide web
NOZZLE: a defense against heap-spraying code injection attacks
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Cujo: efficient detection and prevention of drive-by-download attacks
Proceedings of the 26th Annual Computer Security Applications Conference
Malicious PDF Documents Explained
IEEE Security and Privacy
Prophiler: a fast filter for the large-scale detection of malicious web pages
Proceedings of the 20th international conference on World wide web
Combining static and dynamic analysis for the detection of malicious documents
Proceedings of the Fourth European Workshop on System Security
ZOZZLE: fast and precise in-browser JavaScript malware detection
SEC'11 Proceedings of the 20th USENIX conference on Security
SHELLOS: enabling fast detection and forensic analysis of code injection attacks
SEC'11 Proceedings of the 20th USENIX conference on Security
Static detection of malicious JavaScript-bearing PDF documents
Proceedings of the 27th Annual Computer Security Applications Conference
Abusing File Processing in Malware Detectors for Fun and Profit
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
A pattern recognition system for malicious PDF files detection
MLDM'12 Proceedings of the 8th international conference on Machine Learning and Data Mining in Pattern Recognition
Malicious PDF detection using metadata and structural features
Proceedings of the 28th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
PDF files have proved to be excellent malicious-code bearing vectors. Thanks to their flexible logical structure, an attack can be hidden in several ways, and easily deceive protection mechanisms based on file-type filtering. Recent work showed that malicious PDF files can be accurately detected by analyzing their logical structure, with excellent results. In this paper, we present and practically demonstrate a novel evasion technique, called reverse mimicry, that can easily defeat such kind of analysis. We implement it using real samples and validate our approach by testing it against various PDF malware detectors proposed so far. Finally, we highlight the importance of developing systems robust to adversarial attacks and propose a framework to strengthen PDF malware detection against evasion.