Source fingerprinting in adobe PDF files

Thumbnail Image
Files
13Dec_Donaldson_John.pdf (346.18 KB)
Authors
Donaldson, John P.
Subjects
Static analysis
Adobe
Portable Document Format
PDF
structural analysis
n-gram analysis
document authorship
Advisors
Eagle, Chris S.
Date of Issue
2013-12
Date
Dec-13
Publisher
Monterey, California: Naval Postgraduate School
Language
Abstract
Adobe Portable Document Format (PDF) documents are increasingly used as a vector for targeted attacks. Although there exist a number of tools and methodologies for performing content-level analysis to identify unwanted or malicious behavior or characteristics in these documents, these forms of analysis are hampered by increasingly complex obfuscation techniques and usually require execution of potentially malicious code. This thesis proposes a static analysis method that uses structural elements of PDF documents to identify the tools used to generate them. This method may be used to attribute malicious PDFs to particular toolkits.
Type
Thesis
Description
URI
https://hdl.handle.net/10945/38919
Series/Report No
Department
Computer Science
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Collections
Theses