{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T01:01:27Z","timestamp":1780707687345,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":27,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,12,3]],"date-time":"2012-12-03T00:00:00Z","timestamp":1354492800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,12,3]]},"DOI":"10.1145\/2420950.2420987","type":"proceedings-article","created":{"date-parts":[[2012,12,19]],"date-time":"2012-12-19T14:12:22Z","timestamp":1355926342000},"page":"239-248","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":183,"title":["Malicious PDF detection using metadata and structural features"],"prefix":"10.1145","author":[{"given":"Charles","family":"Smutz","sequence":"first","affiliation":[{"name":"George Mason University, Fairfax, VA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Angelos","family":"Stavrou","sequence":"additional","affiliation":[{"name":"George Mason University, Fairfax, VA"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2012,12,3]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Adobe Inc. Adobe security advisories: APSA11-04 - security advisory for adobe reader and acrobat. http:\/\/www.adobe.com\/support\/security\/advisories\/apsa11-04.html.  Adobe Inc. Adobe security advisories: APSA11-04 - security advisory for adobe reader and acrobat. http:\/\/www.adobe.com\/support\/security\/advisories\/apsa11-04.html."},{"key":"e_1_3_2_1_2_1","unstructured":"D. Alperovitch and M. (Firm). Revealed operation shady RAT. http:\/\/www.mcafee.com\/us\/resources\/whitepapers\/wp-operation-shady-rat.pdf 2011.  D. Alperovitch and M. (Firm). Revealed operation shady RAT. http:\/\/www.mcafee.com\/us\/resources\/whitepapers\/wp-operation-shady-rat.pdf 2011."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.5555\/1924931.1924942"},{"key":"e_1_3_2_1_4_1","volume-title":"Conference on Email and Anti-Spam","author":"Beverly R.","year":"2008","unstructured":"R. Beverly and K. Sollins . Exploiting transport-level characteristics of spam . In Conference on Email and Anti-Spam , 2008 . R. Beverly and K. Sollins. Exploiting transport-level characteristics of spam. In Conference on Email and Anti-Spam, 2008."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772720"},{"key":"e_1_3_2_1_7_1","unstructured":"R. Dhamankar M. Dausin M. Eisenbarth and J. King. The top cyber security risks. http:\/\/www.sans.org\/top-cyber-security-risks\/ Sept. 2009.  R. Dhamankar M. Dausin M. Eisenbarth and J. King. The top cyber security risks. http:\/\/www.sans.org\/top-cyber-security-risks\/ Sept. 2009."},{"key":"e_1_3_2_1_8_1","volume-title":"Exploiting memory corruption vulnerabilities in the java runtime","author":"Drake J.","year":"2011","unstructured":"J. Drake . Exploiting memory corruption vulnerabilities in the java runtime . 2011 . J. Drake. Exploiting memory corruption vulnerabilities in the java runtime. 2011."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02918-9_6"},{"key":"e_1_3_2_1_10_1","unstructured":"F-Secure. PDF most common file type in targeted attacks - F-Secure weblog: News from the lab. http:\/\/www.f-secure.com\/weblog\/archives\/00001676.html.  F-Secure. PDF most common file type in targeted attacks - F-Secure weblog: News from the lab. http:\/\/www.f-secure.com\/weblog\/archives\/00001676.html."},{"key":"e_1_3_2_1_11_1","volume-title":"Citeseer","author":"Grier C.","year":"2009","unstructured":"C. Grier , S. King , and D. Wallach . How i learned to stop worrying and love plugins. In In Web 2.0 Security and Privacy . Citeseer , 2009 . C. Grier, S. King, and D. Wallach. How i learned to stop worrying and love plugins. In In Web 2.0 Security and Privacy. Citeseer, 2009."},{"key":"e_1_3_2_1_12_1","volume-title":"LISA 2011, 25th Large Installation System Administration Conference","author":"Kakavelakis G.","year":"2011","unstructured":"G. Kakavelakis , R. Beverly , J. Young , T. Limoncelli , and D. Hughes . Auto-learning of SMTP TCP Transport-Layer features for spam and abusive message detection . In LISA 2011, 25th Large Installation System Administration Conference , Boston, MA, USA , Dec. 2011 . USENIX Association. G. Kakavelakis, R. Beverly, J. Young, T. Limoncelli, and D. Hughes. Auto-learning of SMTP TCP Transport-Layer features for spam and abusive message detection. In LISA 2011, 25th Large Installation System Administration Conference, Boston, MA, USA, Dec. 2011. USENIX Association."},{"key":"e_1_3_2_1_13_1","unstructured":"T. Kojm. ClamAV releases. http:\/\/lurker.clamav.net\/message\/20100816.145508.07ae1603.en.html Aug. 2010.  T. Kojm. ClamAV releases. http:\/\/lurker.clamav.net\/message\/20100816.145508.07ae1603.en.html Aug. 2010."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076785"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73614-1_14"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31537-4_40"},{"key":"e_1_3_2_1_18_1","first-page":"2011","volume":"4","author":"Parkour M.","unstructured":"M. Parkour . contagio : Version 4 april 2011 - 2011 ,355+ malicious documents - archive for signature testing and research. http:\/\/contagiodump.blogspot.com\/2010\/08\/malicious-documents-archive-for.html. M. Parkour. contagio: Version 4 april 2011 - 11,355+ malicious documents - archive for signature testing and research. http:\/\/contagiodump.blogspot.com\/2010\/08\/malicious-documents-archive-for.html.","journal-title":"Version"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2010.5665788"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2009.04.001"},{"key":"e_1_3_2_1_21_1","unstructured":"R project. http:\/\/www.r-project.org\/.  R project. http:\/\/www.r-project.org\/."},{"key":"e_1_3_2_1_22_1","volume-title":"AAAI 98 Workshop on Text Categorization","author":"Sahami M.","year":"1998","unstructured":"M. Sahami , S. Dumais , D. Heckerman , and E. Horvitz . A bayesian approach to filtering junk E-Mail . AAAI 98 Workshop on Text Categorization , July 1998 . M. Sahami, S. Dumais, D. Heckerman, and E. Horvitz. A bayesian approach to filtering junk E-Mail. AAAI 98 Workshop on Text Categorization, July 1998."},{"key":"e_1_3_2_1_23_1","unstructured":"Shadows in the cloud: Investigating cyber espionage 2.0. http:\/\/shadows-in-the-cloud.net\/ 2010.  Shadows in the cloud: Investigating cyber espionage 2.0. http:\/\/shadows-in-the-cloud.net\/ 2010."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_5"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.14"},{"key":"e_1_3_2_1_26_1","volume-title":"ACM CCS WORM","author":"Stolfo S.","year":"2005","unstructured":"S. Stolfo , K. Wang , and W. Li . Fileprint analysis for malware detection . ACM CCS WORM , 2005 . S. Stolfo, K. Wang, and W. Li. Fileprint analysis for malware detection. ACM CCS WORM, 2005."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2011.5935193"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1599272.1599278"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1972551.1972555"}],"event":{"name":"ACSAC '12: Annual Computer Security Applications Conference","location":"Orlando Florida USA","acronym":"ACSAC '12","sponsor":["ACSA Applied Computing Security Assoc"]},"container-title":["Proceedings of the 28th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2420950.2420987","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2420950.2420987","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T08:18:33Z","timestamp":1750234713000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2420950.2420987"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,12,3]]},"references-count":27,"alternative-id":["10.1145\/2420950.2420987","10.1145\/2420950"],"URL":"https:\/\/doi.org\/10.1145\/2420950.2420987","relation":{},"subject":[],"published":{"date-parts":[[2012,12,3]]},"assertion":[{"value":"2012-12-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}