Design And Implementation Of Malicious Pdf Document Detection System Based On The Static Analysis Technology

As the penetration of Internet in our life and work,the scope of the application of PDF document become more and more widely,it has become the important format of document storage in our computer and network transmission.With the wide use of PDF,the phenomenon of attackers using PDF documents to make the attack emerge in endlessly,according to the safety report of F-Secure,one of the most popular types of files in targeted attacks is a PDF file,so the testing research aimed to malicious PDF document is urgently needed.In this,through the in-depth study of existing static testing methods,combining with the present document detection technology,on the basis of the existing detection methods,the paper puts forward a malicious PDF document static detection method based on structural characteristics.This paper uses the method as core,and then designs and implements a malicious PDF document detection system based on static analysis technology,combining with OSSEC intrusion detection tools.The automation and practicability of system are improved.The specific work is listed as follows:Improve and implement a malicious PDF document detection method based on structural characteristics.The method adopts the structure of PDF document path as a feature vector.First,the paper use document frequency feature selection algorithm to select useful path and reduce the vector dimensions.Then,it reuse of TF-IDF algorithm to calculate weight of the characteristics of path.Finally,the last training is generated by the method of cross validation SVM classifier.In this paper,the method is verified by the experimental data that it has a good performance in the error detection rate and the time efficiency.Design and implement a real-time monitoring scheme for PDF format.By mainly using OS SEC intrusion detection tool,it implements the real-time monitoring of the destination folder in the host.When there is an operation of PDF file,like adding,modifying,or deleting,it generates log information and transmits it to the server.The server parses the information and generates alarm information containing the file name,file path and file operations types.Design and implement a malicious PDF document detection system based on static analysis.The system will combine file monitoring system and PDF malicious document detection system.It can do automation testing of PDF document in the target folder and manual testing on specific PDF document.