To search, Click below search items.

 

All Published Papers Search Service

Title

PDF Forensic Analysis System using YARA

Author

Suleiman J. Khitan, Ali Hadi and Jalal Atoum

Citation

Vol. 17  No. 5  pp. 77-85

Abstract

This this paper presents an important enhanced method to detect suspicious PDF files by applying two scanning methods (structure scan and YARA scan), which depend on extracting and pointing out malicious objects that are often used for attacks. This enhanced method will be a great assistant to forensic analysts in analyzing PDF files and detecting malicious content in them. Testing both scanning methods was carried out through conducting several experiments on a real dataset. The results show an improvement for detecting malicious PDF files when applying both methods. The structure scan achieved an accuracy of 99.91% and the YARA scan achieved an accuracy of 98.05%.

Keywords

Malware Analysis, PDF Documents, Malicious PDF, Suspicious PDF, Structure Scan, YARA Rules, Learning Machines.

URL

http://paper.ijcsns.org/07_book/201705/20170511.pdf