Aarhus University Seal / Aarhus Universitets segl

Visit and talk by Alexander Jordan: Unacceptable Behavior: Robust PDF Malware Detection Using Abstract Interpretation

Alexander Jordan is visiting the CASA group and on Thursday December 19th he will give a talk titled: Unacceptable Behavior: Robust PDF Malware Detection Using Abstract Interpretation. 

Place: Turing 230


The popularity of the PDF format and the rich JavaScript environment that PDF viewers offer make PDF documents an attractive attack vector for malware developers. PDF documents present a serious threat to the security of organizations because most users are unsuspecting of them and thus likely to open documents from untrusted sources.
State-of-the-art approaches use machine learning to learn features that characterize PDF malware, which makes them subject to adversarial attacks that mimic the structure of benign documents. In this paper, we instead propose to detect malicious code inside a PDF by statically reasoning about its possible behavior using abstract interpretation. A comparison with state-of-the-art PDF malware detection tools shows that our conservative abstract interpretation approach achieves similar accuracy, is more resilient to evasion attacks, and provides interpretable reports.