@inproceedings{6c3e78e0e70d42b983d48b2dc9cfd240,
title = "ALPD: Active learning framework for enhancing the detection of malicious PDF files",
abstract = "Email communication carrying malicious attachments or links is often used as an attack vector for initial penetration of the targeted organization. Existing defense solutions prevent executables from entering organizational networks via emails, therefore recent attacks tend to use non-executable files such as PDF. Machine learning algorithms have recently been applied for detecting malicious PDF files. These techniques, however, lack an essential element-they cannot be updated daily. In this study we present ALPD, a framework that is based on active learning methods that are specially designed to efficiently assist anti-virus vendors to focus their analytical efforts. This is done by identifying and acquiring new PDF files that are most likely malicious, as well as informative benign PDF documents. These files are used for retraining and enhancing the knowledge stores. Evaluation results show that in the final day of the experiment, Combination, one of our AL methods, outperformed all the others, enriching the anti-virus's signature repository with almost seven times more new PDF malware while also improving the detection model's performance on a daily basis.",
keywords = "Active Learning, Machine Learning, Malware, PDF",
author = "Nir Nissim and Aviad Cohen and Robert Moskovitch and Assaf Shabtai and Mattan Edry and Oren Bar-Ad and Yuval Elovici",
note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 2014 IEEE Joint Intelligence and Security Informatics Conference, JISIC 2014 ; Conference date: 24-09-2014 Through 26-09-2014",
year = "2014",
month = dec,
day = "4",
doi = "10.1109/JISIC.2014.23",
language = "English",
series = "Proceedings - 2014 IEEE Joint Intelligence and Security Informatics Conference, JISIC 2014",
publisher = "Institute of Electrical and Electronics Engineers",
pages = "91--98",
booktitle = "Proceedings - 2014 IEEE Joint Intelligence and Security Informatics Conference, JISIC 2014",
address = "United States",
}