Over the last decade, malicious software (or malware, for short) has shown an increasing sophistication and proliferation, fueled by a flourishing underground economy, in response to the increasing complexity of modern defense mechanisms. PDF documents are among the major vectors used to convey malware, thanks to the flexibility of their structure and the ability of embedding different kinds of content, ranging from images to JavaScript code. Despite the numerous efforts made by the research and industrial communities, PDF malware is still one of the major threats on the cyber-security landscape. In this paper, we provide an overview of the current attack techniques used to convey PDF malware, and discuss state-of-the-art PDF malware analysis tools that provide valuable support to digital forensic investigations. We finally discuss limitations and open issues of the current defense mechanisms, and sketch some interesting future research directions.

Digital Investigation of PDF Files: Unveiling Traces of Embedded Malware

Davide Maiorca
Primo
;
Battista Biggio
Secondo
2019

Abstract

Over the last decade, malicious software (or malware, for short) has shown an increasing sophistication and proliferation, fueled by a flourishing underground economy, in response to the increasing complexity of modern defense mechanisms. PDF documents are among the major vectors used to convey malware, thanks to the flexibility of their structure and the ability of embedding different kinds of content, ranging from images to JavaScript code. Despite the numerous efforts made by the research and industrial communities, PDF malware is still one of the major threats on the cyber-security landscape. In this paper, we provide an overview of the current attack techniques used to convey PDF malware, and discuss state-of-the-art PDF malware analysis tools that provide valuable support to digital forensic investigations. We finally discuss limitations and open issues of the current defense mechanisms, and sketch some interesting future research directions.
Computer Science - Cryptography and Security; Computer Science - Cryptography and Security
File in questo prodotto:
File Dimensione Formato  
maiorca19-sp.pdf

accesso aperto

Descrizione: Articolo Principale
Tipologia: versione pre-print
Dimensione 838.95 kB
Formato Adobe PDF
838.95 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11584/262931
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 16
  • ???jsp.display-item.citation.isi??? 9
social impact