Detecting malicious PDF files based on system events
Other Title(s)
اكتشاف البرامج الخبيثة في نسق المستند المنقول على أساس نظام الأحداث
Dissertant
Thesis advisor
Comitee Members
al-Qasaymah, Malik
Hadi, Ali
al-Qatawnah, Jafar
University
Princess Sumaya University for Technology
Faculty
King Hussein Faculty for Computing Sciences
Department
Department of Computer Sciences
University Country
Jordan
Degree
Master
Degree Date
2017
English Abstract
Portable Document Format (PDF) file is a popular medium for documentation with a high degree of portability among the different systems.
Therefore, they are presently turned into the primary target medium for the attacker and malware authors for spreading evil contents.
The content of PDF files is analyzed in different methodologies.
In this research dynamic behavior based detection has implemented.
A standout among the most effective ones are the behavior based methods that use the system calls which called by a program as rule feature for malware detection.
In a first part of this thesis, we used dynamic behavior based detection approach for detected suspicious PDF events.
Our methodology first analyzes a PDF file (benign and malicious) in controlled environment to create events log file that characterizes its behavior.
Such events log file describes the information flows between the system calls essential to the PDF activity, and then we extracted the PDF events responsible for such information flows.
For detection suspicious events, we conduct a comparison between events of benign and malicious PDF file.
From our experiment we extracted a set of suspicious events.
In a second part, we present a scanner system to automatically extract PDF events from a given PDF file then matching them against our suspicious events, depending on matching result the PDF file will be classify as suspicious or benign.
To validate the efficacy of our scanner system, we conduct a series of experiments using a set of malicious and benign PDF documents.
Our experiments results show that used extracted suspicious events as features for classify PDF document behavior achieve an accuracy of 95%.
Main Subjects
Information Technology and Computer Science
Topics
No. of Pages
70
Table of Contents
Table of contents.
Abstract.
Abstract in Arabic.
Chapter One : Introduction.
Chapter Two : Background and related work.
Chapter Three : Methodology analysis.
Chapter Four : Experimental work.
Chapter Five : Conclusion and future work.
References.
American Psychological Association (APA)
al-Mani, Nur Yasin Nuri. (2017). Detecting malicious PDF files based on system events. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-743839
Modern Language Association (MLA)
al-Mani, Nur Yasin Nuri. Detecting malicious PDF files based on system events. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology. (2017).
https://search.emarefa.net/detail/BIM-743839
American Medical Association (AMA)
al-Mani, Nur Yasin Nuri. (2017). Detecting malicious PDF files based on system events. (Master's theses Theses and Dissertations Master). Princess Sumaya University for Technology, Jordan
https://search.emarefa.net/detail/BIM-743839
Language
English
Data Type
Arab Theses
Record ID
BIM-743839
