Detection of Malicious PDF Files Based on Hierarchical Document Structure

In this paper, we propose an efficient static method for detection of malicious PDF documents which relies on essential differences in the structural properties of malicious and benign PDF files. We demonstrate its effectiveness on a data corpus containing about 600,000 real-world malicious and benign PDF files and evaluate its resistance against adversarial evasion attempts.