PDF Malware Detection Using Machine Learning

Abstract

With the increasing reliance on digital documents, Portable Document Format (PDF) files have become a common vector for cyberattacks. Attackers exploit the flexibility and rich feature set of PDFs to embed malicious content such as JavaScript, executables, or hidden links, which can compromise user systems upon opening. Traditional signature-based malware detection methods often fail to identify novel or obfuscated threats, highlighting the urgent need for more adaptive and intelligent solutions. This report presents a machine learning-based approach to detect malicious PDF files effectively. We begin by analyzing the structural characteristics of both benign and malicious PDFs, extracting meaningful features such as the presence of embedded JavaScript, object counts, entropy values, and metadata anomalies. These features are then used to train various supervised learning models, including Decision Trees, Random Forests, Support Vector Machines (SVM), and Gradient Boosting algorithms. Emphasis is placed on achieving high detection accuracy while maintaining low false positive rates.

Introduction

The project focuses on enhancing malware detection by using a machine learning-based system capable of analyzing multiple files collectively rather than individually. Traditional signature-based antivirus methods are insufficient against modern, sophisticated malware that spreads across various file types (e.g., .exe, .pdf, .docx, .zip, .rar) and employs evasion techniques like polymorphism and obfuscation.

The proposed framework extracts both static features (metadata, entropy, internal structures) and dynamic behaviors (system calls, API usage) from files, feeding them into machine learning models such as Random Forest, SVM, and Neural Networks for classification. This approach aims to improve detection accuracy, reduce false positives, and provide detailed behavioral reports while enabling real-time and scalable analysis.

The literature survey highlights the importance and effectiveness of machine learning for detecting malware, particularly focusing on PDF files and polymorphic malware. The system's key goals include adaptive, multi-format detection, minimizing manual intervention, and handling high data volumes efficiently.

Test results showed high detection accuracy (~92-95%), strong precision and recall, and effective handling of diverse file formats. The system supports batch scanning and visualizes performance metrics such as confusion matrices and ROC curves. The project ultimately aims to provide a robust, automated, and proactive malware detection tool that adapts to evolving cyber threats.

Conclusion

The growing sophistication of modern malware demands advanced, intelligent detection systems that go beyond traditional signature-based methods. This project successfully demonstrates the effectiveness of a machine learning-based approach to detect malware hidden within multiple file types, including PDFs, executables, and compressed archives. By combining static and dynamic analysis techniques with feature-based modeling, the system was able to identify both known and previously unseen threats with high accuracy. The integration of algorithms such as Random Forest, SVM, and Neural Networks allowed for robust classification, while the inclusion of behavioral features (like entropy and API usage) enhanced the system\'s ability to detect obfuscated and polymorphic malware. The results indicate strong performance across several metrics — including precision, recall, and F1-score — confirming that machine learning can be a reliable tool for malware detection. Moreover, the system’s support for multi-format file scanning and batch processing makes it scalable and practical for real-world deployment. In conclusion, the proposed system not only improves malware detection accuracy but also provides valuable insights through detailed reports and visual feedback. It stands as a proactive and adaptive solution in the evolving field of cybersecurity, capable of helping users and organizations better defend against complex malware threats.

References

[1] Saxe, J., & Berlin, K. (2020). Deep neural network based malware detection using two dimensional binary program features. Proceedings of the 10th International Conference on Malicious and Unwanted Software (MALWARE), IEEE. [2] Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., & Nicholas, C. (2021). Malware detection by eating a whole EXE. Workshops at the Thirty-Second AAAI Conference on Artificial Intelligence. [3] Kolosnjaji, B., Zarras, A., Webster, G., & Eckert, C. (2022). Deep learning for classification of malware system call sequences. Australasian Joint Conference on Artificial Intelligence, Springer. [4] Shijo, G., & Salim, A. (2015). Integrated static and dynamic analysis for malware detection. Procedia Computer Science, 46, 804–811. [5] Ye, Y., Li, T., Adjeroh, D., & Iyengar, S. S. (2019). A survey on malware detection using data mining techniques. ACM Computing Surveys (CSUR), 50(3), 1–40. [6] VirusShare.(2023).https://virusshare.com(Used as a malware sample repository for training and testing) [7] Kaggle.(2023).MalwareDetectionDatasets.https://www.kaggle.com (Used for acquiring labeled malware and benign samples). [8] Ucci, D., Aniello, L., & Baldoni, R. (2019). Survey of machine learning techniques for malware analysis. Computers & Security, 81, 123–147. [9] Huang, W., Stokes, J. W. (2024). MtNet: A multi-task neural network for dynamic malware classification. International Joint Conference on Neural Networks (IJCNN), IEEE. [10] Anderson, H. S., & Roth, P. (2024). EMBER: An open dataset for training static PE malware machine learning models. arXiv preprint arXiv:1804.04637. [11] Kruegel, C., & Vigna, G. (2024). Anomaly detection of web-based attacks. Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS).

Copyright

Copyright © 2025 Mohammad Kaif Mohammad Hanif Sayyed, Pulate Nilesh Kondiram, Rahane Rohit Sandip , Aher Atharva Sanjay, Prof. R. N. Muneshwar. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.