Techniques for analysing PDF malware

Caglar Ulucenk*, Vijay Varadharajan, Venkat Balakrishnan, Udaya Tupakula

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contribution

3 Citations (Scopus)

Abstract

Today, PDF is one of the widely used applications for sharing documents. Some of the important factors for the popular use of the PDF application are due to its platform independency and rich digital offerings such as ability to include multimedia files, direct URL access and HTTP communication. However its wider acceptance among the user community has also attracted the attackers to develop and spread malware using PDF files. Most of the existing security tools are not equipped to deal with the attacks related to PDF. In this paper we present different techniques that can be used by an attacker to generate PDF attacks. Then we propose portable document scanner (PDSCAN) which can detect the attacks by analyzing the suspicious objects and the scripts that are embedded in the documents. PDSCAN makes use of dynamic and static analysis techniques to deal with the malware. Finally we present detail analysis of a malicious PDF file in VirtualBox environment.

Original languageEnglish
Title of host publicationProceedings of the 18th Asia-Pacific Software Engineering Conference, APSEC 2011
Place of PublicationLos Alamitos, Calif.
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages41-48
Number of pages8
ISBN (Print)9780769546094
DOIs
Publication statusPublished - 2011
Event18th Asia Pacific Software Engineering Conference, APSEC 2011 - Ho Chi Minh, Viet Nam
Duration: 5 Dec 20118 Dec 2011

Other

Other18th Asia Pacific Software Engineering Conference, APSEC 2011
CountryViet Nam
CityHo Chi Minh
Period5/12/118/12/11

Fingerprint Dive into the research topics of 'Techniques for analysing PDF malware'. Together they form a unique fingerprint.

Cite this