A relational rule-based system for PDF malware detection

Abstract

Malware attacks are one of the significant issues in the cyber security domain. Many sectors, including financial, healthcare, IoT, etc., are affected by malicious activities through malware attacks. Every day, new malware variants are being released, and traditional solutions cannot detect new malware variants. This paper proposes a methodology using relational rules to detect Portable Document Format (PDF) malware. The methodology includes data pre-processing, relational rules, and PDF malware detection. The proposed methodology obtains 89 relational rules from PART, OneR, and JRip rule-based models. These 89 rules are applied, and the performance is tested on Evasive-PDFMal2022. The methodology achieves a higher accuracy of 99.1223% with 89 relational rules on Evasive-PDFMal2022. Further, the proposed methodology is also compared with traditional malware detection systems.