A Feature Set of Small Size for the PDF Malware Detection

TL;DR

This paper introduces a concise set of 12 features for PDF malware detection, achieving high accuracy with minimal domain knowledge and comparable results to larger feature sets.

Contribution

The study proposes a small, effective feature set for PDF malware detection that simplifies the process without sacrificing accuracy.

Findings

Achieved 99.75% accuracy with Random Forest.

Proposed features are among the most concise in the field.

Comparable performance to state-of-the-art larger feature sets.

Abstract

Machine learning (ML)-based malware detection systems are becoming increasingly important as malware threats increase and get more sophisticated. PDF files are often used as vectors for phishing attacks because they are widely regarded as trustworthy data resources, and are accessible across different platforms. Therefore, researchers have developed many different PDF malware detection methods. Performance in detecting PDF malware is greatly influenced by feature selection. In this research, we propose a small features set that don't require too much domain knowledge of the PDF file. We evaluate proposed features with six different machine learning models. We report the best accuracy of 99.75% when using Random Forest model. Our proposed feature set, which consists of just 12 features, is one of the most conciseness in the field of PDF malware detection. Despite its modest size, we obtain comparable results to state-of-the-art that employ a much larger set of features.