Detailed Information

Cited 0 time in webofscience Cited 0 time in scopus
Metadata Downloads

Machine learning-based detection method for malicious PDF files: A temporal classification approach

Authors
Choi, Doo-SeopKim, TaeguenKang, BoojoongIm, Eul Gyu
Issue Date
Mar-2026
Publisher
ELSEVIER
Keywords
Analysis of temporal feature evolution; Machine learning; Malware detection; Non-executable malware; PDF malware
Citation
Applied Soft Computing, v.189, pp 1 - 22
Pages
22
Indexed
SCIE
SCOPUS
Journal Title
Applied Soft Computing
Volume
189
Start Page
1
End Page
22
URI
https://scholarworks.bwise.kr/hanyang/handle/2021.sw.hanyang/210734
DOI
10.1016/j.asoc.2025.114461
ISSN
1568-4946
1872-9681
Abstract
Cybercriminals increasingly exploit non-executable files that can bypass antivirus software detection and are often opened by users without suspicion. In particular, PDF files have become a primary attack vector for adversaries due to their platform-independent nature and ability to preserve document components across different systems. Malicious PDF files continuously evolve to avoid detection, and traditional detection methods, which rely primarily on static features from older PDF datasets, show limitations in identifying evolving malicious PDF files. This paper identifies temporal evolution in feature distributions and proposes a novel framework to detect malicious PDF files by introducing temporal classification and addressing the evolved characteristics of recent threats. Through in-depth statistical analysis, we revealed that recent malicious PDF files closely mimic the structural characteristics of legitimate files, exhibiting an 11-fold increase in graphic components and a 21-fold increase in hyperlinks compared to older samples. This finding indicates a significant shift in attack methodologies from traditional script injection to social engineering techniques. To address this challenge, we enhanced the basic feature set, comprising 31 structural and metadata-based features initially defined in the CIC-Evasive-PDFMal2022 dataset, by integrating 12 newly identified features, resulting in an enhanced set of 43 features. Experimental results demonstrate that our framework with the enhanced feature set achieves 97.80 % detection accuracy using the random forest algorithm, representing a 4.12 % improvement over the basic feature set. The framework maintains balanced performance across all metrics with a recall of 0.96, a precision of 0.98, an F1-score of 0.97, and an AUC of 0.99. Additionally, the framework reduced the false positive rate (FPR) from 2.84 % to 1.12 %, a 1.72 percentage points reduction, which is critical for practical deployment in real-world security environments. The proposed enhanced feature set provides an effective approach for strengthening real-world detection systems, including email attachment scanners and antivirus engines, against evolving PDF-based attacks
Files in This Item
Go to Link
Appears in
Collections
서울 공과대학 > 서울 미래자동차공학과 > 1. Journal Articles
서울 공과대학 > 서울 컴퓨터소프트웨어학부 > 1. Journal Articles

qrcode

Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.

Related Researcher

Researcher Im, Eul Gyu photo

Im, Eul Gyu
COLLEGE OF ENGINEERING (SCHOOL OF COMPUTER SCIENCE)
Read more

Altmetrics

Total Views & Downloads

BROWSE