Paper Info
Title
Detection of malicious PDF files and directions for enhancements: A state-of-the art survey.
Abstract
Initial penetration is one of the first steps of an Advanced Persistent Threat (APT) attack, and it is considered one of the most significant means of initiating cyber-attacks aimed at organizations. Such an attack usually results in the loss of sensitive and confidential information. Because email communication is an integral part of daily business operations, APT attackers frequently leverage email as an attack vector for initial penetration of the targeted organization. Emails allow the attacker to deliver malicious attachments or links to malicious websites. Attackers usually use social engineering in order to make the recipient open the malicious email, open the attachment, or press a link. Existing defensive solutions within organizations prevent executables from entering organizational networks via emails, therefore, recent APT attacks tend to attach non-executable files (PDF, MS Office etc.) which are widely used in organizations and mistakenly considered less suspicious or malicious. This article surveys existing academic methods for the detection of malicious PDF files. The article outlines an Active Learning framework and highlights the correlation between structural incompatibility of PDF files and their likelihood of maliciousness. Finally, we provide comparisons, insights and conclusions, as well as avenues for future research in order to enhance the detection of malicious PDFs.
Year
DOI
Venue
2015
10.1016/j.cose.2014.10.014
Computers & Security
Keywords
DocType
Volume
APT,PDF,Malicious code,Malware,Detection,Email,Organizations,Cyber-attack
Journal
48
Issue
ISSN
Citations 
C
0167-4048
4
PageRank 
References 
Authors
0.40
56
4
Name
Order
Citations
PageRank
Nir Nissim119919.42
Aviad Cohen240.40
Chanan Glezer355830.58
Yuval Elovici42583204.53