Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

Machine learning-based detection method for malicious PDF files: A temporal classification approach

Full metadata record
DC Field Value Language
dc.contributor.authorChoi, Doo-Seop-
dc.contributor.authorKim, Taeguen-
dc.contributor.authorKang, Boojoong-
dc.contributor.authorIm, Eul Gyu-
dc.date.accessioned2026-02-10T06:01:40Z-
dc.date.available2026-02-10T06:01:40Z-
dc.date.issued2026-03-
dc.identifier.issn1568-4946-
dc.identifier.issn1872-9681-
dc.identifier.urihttps://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/210734-
dc.description.abstractCybercriminals increasingly exploit non-executable files that can bypass antivirus software detection and are often opened by users without suspicion. In particular, PDF files have become a primary attack vector for adversaries due to their platform-independent nature and ability to preserve document components across different systems. Malicious PDF files continuously evolve to avoid detection, and traditional detection methods, which rely primarily on static features from older PDF datasets, show limitations in identifying evolving malicious PDF files. This paper identifies temporal evolution in feature distributions and proposes a novel framework to detect malicious PDF files by introducing temporal classification and addressing the evolved characteristics of recent threats. Through in-depth statistical analysis, we revealed that recent malicious PDF files closely mimic the structural characteristics of legitimate files, exhibiting an 11-fold increase in graphic components and a 21-fold increase in hyperlinks compared to older samples. This finding indicates a significant shift in attack methodologies from traditional script injection to social engineering techniques. To address this challenge, we enhanced the basic feature set, comprising 31 structural and metadata-based features initially defined in the CIC-Evasive-PDFMal2022 dataset, by integrating 12 newly identified features, resulting in an enhanced set of 43 features. Experimental results demonstrate that our framework with the enhanced feature set achieves 97.80 % detection accuracy using the random forest algorithm, representing a 4.12 % improvement over the basic feature set. The framework maintains balanced performance across all metrics with a recall of 0.96, a precision of 0.98, an F1-score of 0.97, and an AUC of 0.99. Additionally, the framework reduced the false positive rate (FPR) from 2.84 % to 1.12 %, a 1.72 percentage points reduction, which is critical for practical deployment in real-world security environments. The proposed enhanced feature set provides an effective approach for strengthening real-world detection systems, including email attachment scanners and antivirus engines, against evolving PDF-based attacks-
dc.format.extent22-
dc.language영어-
dc.language.isoENG-
dc.publisherELSEVIER-
dc.titleMachine learning-based detection method for malicious PDF files: A temporal classification approach-
dc.typeArticle-
dc.publisher.location네델란드-
dc.identifier.doi10.1016/j.asoc.2025.114461-
dc.identifier.scopusid2-s2.0-105027474566-
dc.identifier.wosid001658578000003-
dc.identifier.bibliographicCitationApplied Soft Computing, v.189, pp 1 - 22-
dc.citation.titleApplied Soft Computing-
dc.citation.volume189-
dc.citation.startPage1-
dc.citation.endPage22-
dc.type.docTypeArticle-
dc.description.isOpenAccessN-
dc.description.journalRegisteredClassscie-
dc.description.journalRegisteredClassscopus-
dc.relation.journalResearchAreaComputer Science-
dc.relation.journalWebOfScienceCategoryComputer Science, Artificial Intelligence-
dc.relation.journalWebOfScienceCategoryComputer Science, Interdisciplinary Applications-
dc.subject.keywordPlusClassification (of information)-
dc.subject.keywordPlusComputer viruses-
dc.subject.keywordPlusFeature extraction-
dc.subject.keywordPlusLearning algorithms-
dc.subject.keywordPlusNetwork security-
dc.subject.keywordAuthorAnalysis of temporal feature evolution-
dc.subject.keywordAuthorMachine learning-
dc.subject.keywordAuthorMalware detection-
dc.subject.keywordAuthorNon-executable malware-
dc.subject.keywordAuthorPDF malware-
dc.identifier.urlhttps://www.sciencedirect.com/science/article/pii/S1568494625017740?via%3Dihub-
Files in This Item
Go to Link
Appears in
Collections
서울 공과대학 > 서울 미래자동차공학과 > 1. Journal Articles
서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Im, Eul Gyu photo

Im, Eul Gyu
COLLEGE OF ENGINEERING (SCHOOL OF COMPUTER SCIENCE)
Read more

Altmetrics

Total Views & Downloads

BROWSE