Filters








9,633 Hits in 8.6 sec

Combining static and dynamic analysis for the detection of malicious documents

Zacharias Tzermias, Giorgos Sykiotakis, Michalis Polychronakis, Evangelos P. Markatos
<span title="">2011</span> <i title="ACM Press"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/b4qzgyin4fe6dhc32zaudydyja" style="color: black;">Proceedings of the Fourth European Workshop on System Security - EUROSEC &#39;11</a> </i> &nbsp;
In this paper we present MDScan, a standalone malicious document scanner that combines static document analysis and dynamic code execution to detect previously unknown PDF threats.  ...  The widespread adoption of the PDF format for document exchange has given rise to the use of PDF files as a prime vector for malware propagation.  ...  Through the combination of static analysis of the document format representation, and dynamic analysis of the embedded script code, MDScan can detect PDF documents that exploit even previously unknown  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1972551.1972555">doi:10.1145/1972551.1972555</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/eurosec/TzermiasSPM11.html">dblp:conf/eurosec/TzermiasSPM11</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/2qsvoikwbjeddpbu3fojj3x4ie">fatcat:2qsvoikwbjeddpbu3fojj3x4ie</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170809041636/http://nsl.cs.columbia.edu/papers/2011/mdscan.eurosec11.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/9b/78/9b78c56c7573d6ffe5b43b29c53cb6c2c9adbdd2.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1972551.1972555"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>

Easy to Fool? Testing the Anti-evasion Capabilities of PDF Malware Scanners [article]

Saeed Ehteshamifar, Thomas R. Gross (ETH Zurich), Michael Pradel
<span title="2019-01-22">2019</span> <i > arXiv </i> &nbsp; <span class="release-stage" >pre-print</span>
Malware scanners try to protect users from opening malicious documents by statically or dynamically analyzing documents.  ...  We find that many static and dynamic scanners can be easily fooled by relatively simple evasions and that the effectiveness of different evasions varies drastically.  ...  To detect PDF documents that contain malicious JavaScript code, combinations of static and dynamic analysis of the embedded JavaScript code search for suspicious operations that rarely occur in benign  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1901.05674v2">arXiv:1901.05674v2</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/t2xil5wyxzhrvd2gpr3whmjyim">fatcat:t2xil5wyxzhrvd2gpr3whmjyim</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200907163632/https://arxiv.org/pdf/1901.05674v2.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/77/10/77109b749822acba6f199d3dc9e2fca7c0d179a2.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1901.05674v2" title="arxiv.org access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> arxiv.org </button> </a>

De-obfuscation and Detection of Malicious PDF Files with High Accuracy

Xun Lu, Jianwei Zhuge, Ruoyu Wang, Yinzhi Cao, Yan Chen
<span title="">2013</span> <i title="IEEE"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/zlnwsi4sefbkvlcgv2zcupjqum" style="color: black;">2013 46th Hawaii International Conference on System Sciences</a> </i> &nbsp;
Therefore, in this paper, we present MPScan, a scanner that combines dynamic JavaScript de-obfuscation and static malware detection.  ...  To detect malicious PDF files, the first step is to extract and de-obfuscate JavaScript codes from the document, for which an effective technique is yet to be created.  ...  Hybrid Emulated Method: This category combines the advantages of both dynamic and static methods, and it is gradually be-coming the mainstream method for malicious PDF analysis.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/hicss.2013.166">doi:10.1109/hicss.2013.166</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/hicss/LuZWCC13.html">dblp:conf/hicss/LuZWCC13</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/uzey3f3p7jdkncqejlaikf27ve">fatcat:uzey3f3p7jdkncqejlaikf27ve</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20130409151758/http://www.cs.northwestern.edu/~yca179/Lu-hicss/Lu-hicss.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/f1/74/f174dba3ab7f80746bc021663c64097abf9def2a.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1109/hicss.2013.166"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> ieee.com </button> </a>

HAPSSA: Holistic Approach to PDF Malware Detection Using Signal and Statistical Analysis [article]

Tajuddin Manhar Mohammed, Lakshmanan Nataraj, Satish Chikkagoudar, Shivkumar Chandrasekaran, B.S. Manjunath
<span title="2021-11-08">2021</span> <i > arXiv </i> &nbsp; <span class="release-stage" >pre-print</span>
This includes combining orthogonal feature space models from various static and dynamic malware detection methods to enable generalized robustness when faced with code obfuscations.  ...  Malicious PDF documents present a serious threat to various security organizations that require modern threat intelligence platforms to effectively analyze and characterize the identity and behavior of  ...  The views expressed in this paper are the opinions of the authors and do not represent official positions of the Department of the Navy.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/2111.04703v1">arXiv:2111.04703v1</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/vekvcukv2nhm5b6nnk4unaqpwy">fatcat:vekvcukv2nhm5b6nnk4unaqpwy</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20211113181204/https://arxiv.org/pdf/2111.04703v1.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/5b/7f/5b7f904445c3a1d6b862f81726ecdac8cb35f846.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/2111.04703v1" title="arxiv.org access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> arxiv.org </button> </a>

Malicious web script-based cyber attack protection technology [article]

JongHun Jung, Hwan-Kuk Kim, Soojin Yoon
<span title="2015-02-13">2015</span> <i > arXiv </i> &nbsp; <span class="release-stage" >pre-print</span>
To cope with these issues, in this article, a proposal is made for techniques that are used to detect malicious scripts through real-time web content analysis and to automatically generate detection signatures  ...  These attacks can be made just by accessing a web site without distribution of malicious codes and infection.  ...  In this article, a proposal is made for techniques that are used to detect malicious scripts through collection of HTTP Web traffics and static/dynamic analysis, and to generate a detection signature automatically  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1502.03872v1">arXiv:1502.03872v1</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/xt6qqpg4q5cdtb42qa4i3zi2nu">fatcat:xt6qqpg4q5cdtb42qa4i3zi2nu</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20191020090546/https://arxiv.org/pdf/1502.03872v1.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/bc/5f/bc5f1a52504e30a3072fd22c342f1fe09ac8f70f.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1502.03872v1" title="arxiv.org access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> arxiv.org </button> </a>

The Protection Technology of Script-Based Cyber Attack

Jong-Hun Jung, Hwan-Kuk Kim, Hyun-lock Choo, Lim ByungUk
<span title="2015-02-28">2015</span> <i title="David Publishing Company"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/hwpmew3ui5clrdgzlxfsrdlrve" style="color: black;">Journal of Communication and Computer</a> </i> &nbsp;
To cope with these issues, in this article, a proposal is made for techniques that are used to detect malicious scripts through real-time web content analysis and to automatically generate detection signatures  ...  These attacks can be made just by accessing a web site without distribution of malicious codes and infection.  ...  In this article, a proposal is made for techniques that are used to detect malicious scripts through collection of HTTP Web traffics and static/dynamic analysis, and to generate a detection signature automatically  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.17265/1548-7709/2015.02.008">doi:10.17265/1548-7709/2015.02.008</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/5wxs3k4jsfhznmh3rtgzgy22nu">fatcat:5wxs3k4jsfhznmh3rtgzgy22nu</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20190426213119/http://www.davidpublisher.org/Public/uploads/Contribute/557a77b893acb.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/b6/7f/b67fab78d53615cfe6e9c42ae28a744e103ffb0a.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.17265/1548-7709/2015.02.008"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> Publisher / doi.org </button> </a>

A Study of Malcode-Bearing Documents [chapter]

Wei-Jen Li, Salvatore Stolfo, Angelos Stavrou, Elli Androulaki, Angelos D. Keromytis
<span title="">2007</span> <i title="Springer Berlin Heidelberg"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2w3awgokqne6te4nvlofavy5a4" style="color: black;">Lecture Notes in Computer Science</a> </i> &nbsp;
We investigate the possibility of detecting embedded malcode in Word documents using two techniques: static content analysis using statistical models of typical document content, and run-time dynamic tests  ...  Such attacks can be very selective and difficult to detect compared to the typical network worm threat, owing to the complexity of these applications and data formats, as well as the multitude of document-exchange  ...  Our results indicate that both static statistical and dynamic detection techniques can be employed to detect malicious documents.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-540-73614-1_14">doi:10.1007/978-3-540-73614-1_14</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/r4xyai2zyvcmpezufyi4chujye">fatcat:r4xyai2zyvcmpezufyi4chujye</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20100613160659/http://www.cs.gmu.edu/~astavrou/resume/research/studymalcode_dimva.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/fa/0c/fa0c758eaa19b47167fa92c030a69047f9be369a.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-540-73614-1_14"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>

Capturing the symptoms of malicious code in electronic documents by file's entropy signal combined with Machine learning [article]

Luping Liu, Xiaohai He, Liang Liu, Lingbo Qing, Yong Fang, Jiayong Liu
<span title="2019-03-25">2019</span> <i > arXiv </i> &nbsp; <span class="release-stage" >pre-print</span>
In this study, a new Framework named ESRMD (Entropy signal Reflects the Malicious document) is proposed, which can detect malicious document based on the entropy distribution of the file.  ...  What makes it distinctive is that it extracts global and structural entropy features from the entropy of the malicious documents rather than the structural data or metadata of the file, enduing it the  ...  [37] detects malicious documents by using static content analysis.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1903.10208v1">arXiv:1903.10208v1</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/honhnoepxjcspfkbcblkzq5mby">fatcat:honhnoepxjcspfkbcblkzq5mby</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20191013084011/https://arxiv.org/pdf/1903.10208v1.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/7e/cd/7ecd2285030307feca01dc7cfc001409e309b5d3.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/1903.10208v1" title="arxiv.org access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> arxiv.org </button> </a>

Unified Detection and Response Technology for Malicious Script-Based Attack

<span title="">2016</span> <i title="ARC Publications Pvt Ltd."> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/rkkfxzxgw5dzxk5qpjscazezwu" style="color: black;">International Journal of Research Studies in Computer Science and Engineering</a> </i> &nbsp;
Dynamic functions using scripts are being implemented in web browsers, and the threat exists of attacks such as DoS or information leaks that exploit such functions.  ...  In this paper, we propose an integrated response technology that combines proxy-type detection and corresponding signature generation.  ...  The content processing system Unified Detection and Response Technology for Malicious Script-Based Attack combines the collected scripts and performs static analysis, then judges whether dynamic analysis  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.20431/2349-4859.0304005">doi:10.20431/2349-4859.0304005</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/urjoseakxrg25nvvfoyay4swfu">fatcat:urjoseakxrg25nvvfoyay4swfu</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20180603063728/https://www.arcjournals.org/pdfs/ijrscse/v3-i4/5.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/21/02/2102e5680868e2f317b056b3132146dad250546e.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.20431/2349-4859.0304005"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> Publisher / doi.org </button> </a>

Static detection of malicious JavaScript-bearing PDF documents

Pavel Laskov, Nedim Šrndić
<span title="">2011</span> <i title="ACM Press"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/5i22f6noqzcuzalvmf6ckdmcmy" style="color: black;">Proceedings of the 27th Annual Computer Security Applications Conference on - ACSAC &#39;11</a> </i> &nbsp;
In this contribution we present a technique for detection of JavaScript-bearing malicious PDF documents based on static analysis of extracted JavaScript code.  ...  Compared to previous work, mostly based on dynamic analysis, our method incurs an order of magnitude lower run-time overhead and does not require special instrumentation.  ...  Acknowledgements The authors wish to acknowledge finantial support by the Heiseberg Fellowship of the Deutsche Forschungsgemeinschaft (DFG) and by the German Federal Office for Information Security.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/2076732.2076785">doi:10.1145/2076732.2076785</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/acsac/LaskovS11.html">dblp:conf/acsac/LaskovS11</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/47thhi4obnfb7jmafy5dkcodj4">fatcat:47thhi4obnfb7jmafy5dkcodj4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20150417073915/http://www-rsec.cs.uni-tuebingen.de:80/laskov/papers/acsac2011.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/49/70/4970c5d579ecfe05d033cf54ae6526725d0b8122.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/2076732.2076785"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>

A Universal Malicious Documents Static Detection Framework Based on Feature Generalization

Xiaofeng Lu, Fei Wang, Cheng Jiang, Pietro Lio
<span title="2021-12-20">2021</span> <i title="MDPI AG"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/smrngspzhzce7dy6ofycrfxbim" style="color: black;">Applied Sciences</a> </i> &nbsp;
A universal static detection framework for malicious documents based on feature generalization is then proposed.  ...  In this study, Portable Document Format (PDF), Word, Excel, Rich Test format (RTF) and image documents are taken as the research objects to study a static and fast method by which to detect malicious documents  ...  Static Analysis Method Malicious document detection methods are mainly divided into static analysis and dynamic analysis.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.3390/app112412134">doi:10.3390/app112412134</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/hzpq4dhjdrfb7joxiaexqpokva">fatcat:hzpq4dhjdrfb7joxiaexqpokva</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20220430204540/https://mdpi-res.com/d_attachment/applsci/applsci-11-12134/article_deploy/applsci-11-12134.pdf?version=1639994912" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/57/38/5738fbc5a1265bdf67f16310edd3f0e58ec8eabb.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.3390/app112412134"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> mdpi.com </button> </a>

A Half-Dynamic Classification Method on Obfuscated Malicious JavaScript Detection

Zhaolin Fang, Renhuan Zhu, Weihui Zhang, Bo Chen
<span title="2015-06-30">2015</span> <i title="Science and Engineering Research Support Society"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/4h7flaxsjnh6he3qbiwvxbekxe" style="color: black;">International Journal of Security and Its Applications</a> </i> &nbsp;
The traditional static detection method for malicious JavaScript detection has high efficiency without the need of code executing, but it cannot detect new malicious script.  ...  In this paper, we propose a half-dynamic detection method for classification, which can solve the problem of obfuscated malicious JavaScript.  ...  The other is to combine the static and dynamic detection method to design quick and efficient malicious script detection method.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.14257/ijsia.2015.9.6.24">doi:10.14257/ijsia.2015.9.6.24</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/jahwbwxjjnbinpm3fr4pivgs7y">fatcat:jahwbwxjjnbinpm3fr4pivgs7y</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20180603014730/http://www.sersc.org/journals/IJSIA/vol9_no6_2015/24.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/6a/ea/6aea743129c121c2236c1e9815cecfbe852a64f8.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.14257/ijsia.2015.9.6.24"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> Publisher / doi.org </button> </a>

Adapting Text Categorization for Manifest based Android Malware Detection

Onder Coban, Selma Ozel
<span title="">2019</span> <i title="AGHU University of Science and Technology Press"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/7bci47kvi5ed7epwn4ly4x2hoi" style="color: black;">Computer Science</a> </i> &nbsp;
There are mainly three different approaches to detect malware: i) static, ii) dynamic, and iii) hybrid. Static approach analyzes the suspicious program without executing it.  ...  Our experimental results revealed that our approach is capable of detecting malicious applications with an accuracy between 94.0% and 99.3%.  ...  The hybrid analysis is a combination of static and dynamic methods, and it creates a framework to perform both of the analyses [2, 7, 31, 49] .  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.7494/csci.2019.20.3.3285">doi:10.7494/csci.2019.20.3.3285</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/swc7lm4fzrczxjxzuhwcoegfme">fatcat:swc7lm4fzrczxjxzuhwcoegfme</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200209134054/https://journals.agh.edu.pl/csci/article/download/3285/2301" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/74/c7/74c7cb9592fea8142dfafdc8cc2fbfbc58c517f2.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.7494/csci.2019.20.3.3285"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> Publisher / doi.org </button> </a>

PDF-Malware: An Overview on Threats, Detection and Evasion Attacks [article]

Nicolas Fleury, Theo Dubrunquez, Ihsen Alouani
<span title="2021-07-27">2021</span> <i > arXiv </i> &nbsp; <span class="release-stage" >pre-print</span>
Several analysis techniques has been proposed in the literature, be it static or dynamic, to extract the main features that allow the discrimination of malware files from benign ones.  ...  In the recent years, Portable Document Format, commonly known as PDF, has become a democratized standard for document exchange and dissemination.  ...  In previous work [35] , combination of static and dynamic features seems to improve the detection rate of malicious Mobile App, and we think that it is worth exploring to utilize it in PDF-malware context  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/2107.12873v1">arXiv:2107.12873v1</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/pbjo3gujrnf5lla2nl5olcp2my">fatcat:pbjo3gujrnf5lla2nl5olcp2my</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20210731083834/https://arxiv.org/pdf/2107.12873v1.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/f6/fd/f6fd3f88d2aa6959b042dc92c22719243e48404a.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener" href="https://arxiv.org/abs/2107.12873v1" title="arxiv.org access"> <button class="ui compact blue labeled icon button serp-button"> <i class="file alternate outline icon"></i> arxiv.org </button> </a>

Prophiler

Davide Canali, Marco Cova, Giovanni Vigna, Christopher Kruegel
<span title="">2011</span> <i title="ACM Press"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/s4hirppq3jalbopssw22crbwwa" style="color: black;">Proceedings of the 20th international conference on World wide web - WWW &#39;11</a> </i> &nbsp;
To detect drive-by-download exploits, researchers have developed a number of systems that analyze web pages for the presence of malicious code. Most of these systems use dynamic analysis.  ...  In this paper, we describe the design and implementation of such a filter. Our filter, called Prophiler, uses static analysis techniques to quickly examine a web page for malicious content.  ...  We would like to thank Justin Ma for analyzing our comparison dataset and providing us with the results of the system he is author of.  ... 
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1963405.1963436">doi:10.1145/1963405.1963436</a> <a target="_blank" rel="external noopener" href="https://dblp.org/rec/conf/www/CanaliCVK11.html">dblp:conf/www/CanaliCVK11</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/tk3jauwshne5rjww5hexqyfco4">fatcat:tk3jauwshne5rjww5hexqyfco4</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20170808214338/http://www3.nccu.edu.tw/~yuf/SoftwareSecurity/prophiler.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/bd/a4/bda4f33576eafe0d542d41759e89873cada1135e.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1145/1963405.1963436"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> acm.org </button> </a>
&laquo; Previous Showing results 1 &mdash; 15 out of 9,633 results