loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Bonan Cuan 1 ; Aliénor Damien 2 ; Claire Delaplace 3 and Mathieu Valois 4

Affiliations: 1 INSA Lyon, CNRS, LIRIS, Lyon and France ; 2 Thales Group, Toulouse, France, CNRS, LAAS, Toulouse and France ; 3 Univ Rennes 1, CNRS, IRISA, 35000 Rennes, France, Univ. Lille, CRIStAL, 59655 Villeneuve d’Ascq and France ; 4 Normandie Univ., UNICAEN, ENSICAEN, CNRS, GREYC, 14000 Caen and France

Keyword(s): Malicious PDF Detection, SVM, Evasion Attacks, Gradient-Descent, Feature Selections, Adversarial Learning.

Related Ontology Subjects/Areas/Topics: Information and Systems Security ; Intrusion Detection & Prevention

Abstract: We present how we used machine learning techniques to detect malicious behaviours in PDF files. At this aim, we first set up a SVM (Support Machine Vector) classifier that was able to detect 99.7% of malware. However, this classifier was easy to lure with malicious PDF files, which we forged to make them look like clean ones. For instance, we implemented a gradient-descent attack to evade this SVM. This attack was almost 100% successful. Next, we provided counter-measures to this attack: a more elaborated features selection and the use of a threshold allowed us to stop up to 99.99% of this attack. Finally, using adversarial learning techniques, we were able to prevent gradient-descent attacks by iteratively feeding the SVM with malicious forged PDF files. We found that after 3 iterations, every gradient-descent forged PDF file were detected, completely preventing the attack.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 3.143.218.180

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Cuan, B.; Damien, A.; Delaplace, C. and Valois, M. (2018). Malware Detection in PDF Files using Machine Learning. In Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - SECRYPT; ISBN 978-989-758-319-3; ISSN 2184-3236, SciTePress, pages 412-419. DOI: 10.5220/0006884705780585

@conference{secrypt18,
author={Bonan Cuan. and Aliénor Damien. and Claire Delaplace. and Mathieu Valois.},
title={Malware Detection in PDF Files using Machine Learning},
booktitle={Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - SECRYPT},
year={2018},
pages={412-419},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006884705780585},
isbn={978-989-758-319-3},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the 15th International Joint Conference on e-Business and Telecommunications - SECRYPT
TI - Malware Detection in PDF Files using Machine Learning
SN - 978-989-758-319-3
IS - 2184-3236
AU - Cuan, B.
AU - Damien, A.
AU - Delaplace, C.
AU - Valois, M.
PY - 2018
SP - 412
EP - 419
DO - 10.5220/0006884705780585
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic