An enhanced feature-based hybrid approach for adversarial PDF malware detection

Author Identifier

Iqbal H. Sarker

https://orcid.org/0000-0003-1740-5517

Document Type

Conference Proceeding

Publication Title

2024 International Conference on Advances in Computing, Communication, Electrical, and Smart Systems (iCACCESS), Dhaka, Bangladesh

First Page

101

Last Page

106

Publisher

IEEE

School

Security Research Institute

RAS ID

70478

Comments

G. M. S. Hossain, K. Deb and I. H. Sarker, "An Enhanced Feature-Based Hybrid Approach for Adversarial PDF Malware Detection," 2024 6th International Conference on Electrical Engineering and Information & Communication Technology (ICEEICT), Dhaka, Bangladesh, 2024, pp. 101-106 https://doi.org/10.1109/ICEEICT62016.2024.10534412

Abstract

Cyber scammers frequently use PDF (Portable Document Format) files to install malicious code and infect consumers' systems. Standard remedies and techniques for identifying adversarial PDF malware are often insufficient to stop it completely. This is because adversarial PDF malware is flexible and doesn't depend on a single set of features. Therefore, this study focuses on efficiently detecting adversarial PDF malware to mitigate the existing challenges. Inspection of adversarial PDF files introduced a flag feature set of 13 freshly discovered flag features. These were combined with the standard feature set to develop an efficient, enhanced feature set. Furthermore, a hybrid approach PDFMALDET consisting of a Random Forest classifier and a Deep Neural Network of just two hidden layers was proposed for adversarial PDF malware detection. The recommended model was executed using the standard, flag, and enhanced feature sets to assess the proposed model's effectiveness. The findings revealed that the suggested approach outperformed various baseline machine learning classifiers by yielding an accuracy of 99.57% on the enhanced feature set. Moreover, the proposed hybrid model performed better than several state-of-the-art works for detecting adversarial PDF malware.

DOI

10.1109/ICEEICT62016.2024.10534412

Access Rights

subscription content

Link to Full Text

Share

 
COinS