Malicious PDF detection by using Association Rule

Malicious PDF files have been applied to compromise computer security in recent years because of their portablity and popularity. In addition, common anti malware products are ineffective against new malicious PDF files and adding an intelligent complimentary technique to them is essential. In this paper, we propsed a novel approach for malicious PDF files detection. At first, a set of unique static features are extracted from PDF structure. Then, by applying association rule mining, frequent patterns are extracted from them and an effective classifier is built with them. We analyzed about 6000 malicious PDF and 6000 benign PDF and show that the proposed system achieved better results compared to other related works. Furthermore, this method has robustness against evasion and can be applied to anti malware products with low overhead.