Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Malicious PDF document detection method based on active learning

A technology of active learning and detection methods, applied in machine learning, program/content distribution protection, instruments, etc., to achieve good detection results, improved model performance, and high processing efficiency.

Inactive Publication Date: 2021-01-15
BEIJING INSTITUTE OF TECHNOLOGYGY
View PDF2 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0024] The purpose of the present invention is to solve the technical problem of how to effectively detect malicious PDF documents, and propose a malicious PDF document detection method based on active learning

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Malicious PDF document detection method based on active learning
  • Malicious PDF document detection method based on active learning
  • Malicious PDF document detection method based on active learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0068] This embodiment uses some benign samples and malicious samples downloaded from the Contagio data warehouse as the original data set (including 9000 benign samples and 9000 malicious samples) to train the model, and evaluate the performance after the training. The specific operation is as follows:

[0069] First, feature extraction is performed on PDF documents.

[0070] The feature extraction uses the poppler tool, and the implementation of the extractor mainly includes such as Figure 8 cpp documentation as shown. The feature extraction in the implementation process first takes 80% of the samples as the training set and 20% of the samples as the test set, uses the extractor to extract the features of each input PDF document, and counts the number of occurrences of each feature; then the number of occurrences in the training set Structural paths with more than 300 times are used as features, that is, the occurrence threshold is set to 300, and pdf (features are numeri...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a malicious PDF document detection method based on active learning, is used for detecting malicious documents in PDF files, and belongs to the technical field of data storagesecurity. According to the method, a machine learning method and malicious PDF document detection are combined, the structural features of the PDF document are extracted, the features are processed ina structural multi-mapping and structural path merging mode, and feature drifting is limited within a certain period of time while hidden attacks are reduced. Malicious PDF document feature distribution is learned by using a full-connection deep model, for the condition that an identification result is uncertain, an active learning method is adopted to improve the model performance, and a commonprotocol analysis method is adopted to select a small part of samples with rich information amount and add the samples into a training set for the next round of training. On the premise of not increasing too many samples, the model performance is remarkably improved, and the trained recognizer can reliably and effectively recognize malicious PDF documents.

Description

technical field [0001] The invention relates to a method for detecting malicious PDF documents based on active learning, which is used for detecting malicious documents in PDF files and belongs to the technical field of data storage security. Background technique [0002] PDF (Portable Document Format), a portable document format, is a document format that supports consistent rendering and printing, independent of the underlying environment. [0003] A PDF file consists of four components: file header, file body, cross-reference table, and document footer, such as figure 1 As shown, the meaning of each component is as follows: [0004] ·File header: store the version number of the PDF file. [0005] Document Body: The main part of a PDF file, consisting of multiple objects that define the operations to be performed by the file. [0006] ·Cross-reference table: the address index table of indirect objects, and random access to indirect objects can be performed by querying t...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/10G06N20/00G06N3/04
CPCG06F21/10G06N20/00G06N3/045
Inventor 李元章王鑫鑫庞琳薛源马煜杰王亚潇谭毓安张全新
Owner BEIJING INSTITUTE OF TECHNOLOGYGY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products