MLPdf: An Effective Machine Learning Based Approach for PDF Malware Detection

TL;DR

This paper introduces MLPdf, a neural network-based method that effectively detects PDF malware with high accuracy, outperforming commercial antivirus solutions in identifying malicious PDFs.

Contribution

The paper presents a novel MLP neural network approach for PDF malware detection, utilizing high-quality features and demonstrating superior performance over existing antivirus tools.

Findings

Achieved a true positive rate of 95.12%.

Maintained a false positive rate of only 0.08%.

Outperformed eight well-known commercial antivirus scanners.

Abstract

Due to the popularity of portable document format (PDF) and increasing number of vulnerabilities in major PDF viewer applications, malware writers continue to use it to deliver malware via web downloads, email attachments and other methods in both targeted and non-targeted attacks. The topic on how to effectively block malicious PDF documents has received huge research interests in both cyber security industry and academia with no sign of slowing down. In this paper, we propose a novel approach based on a multilayer perceptron (MLP) neural network model, termed MLPdf, for the detection of PDF based malware. More specifically, the MLPdf model uses a backpropagation algorithm with stochastic gradient decent search for model update. A group of high quality features are extracted from two real-world datasets which comprise around 105000 benign and malicious PDF documents. Evaluation results indicate that the proposed MLPdf approach exhibits excellent performance which significantly outperforms all evaluated eight well known commercial anti-virus scanners with a much higher true positive rate of 95.12% achieved while maintaining a very low false positive rate of 0.08%.