ALPD: Active Learning Framework for Enhancing the Detection of Malicious PDF Files
JISIC(2014)
摘要
Email communication carrying malicious attachments or links is often used as an attack vector for initial penetration of the targeted organization. Existing defense solutions prevent executables from entering organizational networks via emails, therefore recent attacks tend to use non-executable files such as PDF. Machine learning algorithms have recently been applied for detecting malicious PDF files. These techniques, however, lack an essential element --they cannot be updated daily. In this study we present ALPD, a framework that is based on active learning methods that are specially designed to efficiently assist anti-virus vendors to focus their analytical efforts. This is done by identifying and acquiring new PDF files that are most likely malicious, as well as informative benign PDF documents. These files are used for retraining and enhancing the knowledge stores. Evaluation results show that in the final day of the experiment, Combination, one of our AL methods, outperformed all the others, enriching the anti-virus's signature repository with almost seven times more new PDF malware while also improving the detection model's performance on a daily basis.
更多查看译文
关键词
malicious pdf file detection,active learning, machine learning, pdf, malware,computer viruses,email communication,antivirus signature repository,pdf,machine learning algorithms,learning (artificial intelligence),organizational networks,alpd,active learning,malicious attachments,informative benign pdf documents,digital signatures,machine learning,attack vector,emails,malware,pdf malware,active learning framework
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络