To search, Click below search items.


All Published Papers Search Service


Enhanced Analysis Method for Suspicious PDF Files


Suleiman J. Khitan, Ali Hadi, Jalal Atoum


Vol. 15  No. 5  pp. 32-38


This paper presents an enhanced method for analyzing suspicious PDF files. Since recently these files are considered as common, reliable and secure documents used by attackers as a container to attack users. Attackers have shifted their methods from server-side to client-side attacks. The attackers used them to carry out malicious code on the computer systems of the users. This attack makes a threat to the institution’s asset that could be exploited. The enhanced method is based on scan the PDF file structure according to predefined set of keywords together with the new defined keywords. Also define the vulnerabilities and the most common techniques the attackers use to be protected from discovery. The new defined keywords are identified as objects, have been used by attackers, recently embedded in the PDF files. The enhanced method identifies malicious PDF documents by searching for embedded objects that are considered as suspicious keywords in the documents. The importance of this paper lies on develop a method to detect suspicious PDF files which depends on extracting and pointing out malicious objects that are often used for attacks. This enhanced method will be of great importance to users who deal with threat every day.


Malware analysis, PDF documents, Malicious PDF, Suspicious PDF, Structure Scan.