| Title |
Detection for Document-Type Malware Code using Deep Learning Model and PDF Object Analysis |
| Authors |
윤채은(Chae-Eun Yoon) ; 정혜현(Hye-hyeon Jeoung) ; 서창진(Chang-Jin Seo) |
| DOI |
https://doi.org/10.5370/KIEEP.2021.70.1.044 |
| Keywords |
PDF; keyword analysis; malware detection; benign; deep learning |
| Abstract |
Document-type malware is mainly used for APT(Advanced Persistent Threats) attacks using document files, and malicious code threats targeting PDF documents have been rapidly increasing recently by phishing mail related to Covid-19. Recently, document type malware is easy to bypass existing security programs, so we propose detecting malware using static analysis and deep learning.
In this paper, we construct a malicious PDF detection model into deep learning by extracting the information and frequency of keywords that exist between objects in normal, malicious PDF files. Evaluation of the classification performance metrics for the proposed method showed 98.75% accuracy for the Random Forest model and 98.33% accuracy for the Support Vector Machine model. The keywords of PDFs used as feature information in this study are insufficient to change, can extract information even when compressed or obfuscated and can respond effectively to variant malware because deep learning is used. |