{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T00:28:24Z","timestamp":1766449704457,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2013,5,8]],"date-time":"2013-05-08T00:00:00Z","timestamp":1367971200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2013,5,8]]},"DOI":"10.1145\/2484313.2484327","type":"proceedings-article","created":{"date-parts":[[2013,5,14]],"date-time":"2013-05-14T12:15:27Z","timestamp":1368533727000},"page":"119-130","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":75,"title":["Looking at the bag is not enough to find the bomb"],"prefix":"10.1145","author":[{"given":"Davide","family":"Maiorca","sequence":"first","affiliation":[{"name":"Department of Electrical and Electronic Engineering, University of Cagliari, Cagliari, Italy"}]},{"given":"Igino","family":"Corona","sequence":"additional","affiliation":[{"name":"Department of Electrical and Electronic Engineering, University of Cagliari, Cagliari, Italy"}]},{"given":"Giorgio","family":"Giacinto","sequence":"additional","affiliation":[{"name":"Department of Electrical and Electronic Engineering, University of Cagliari, Cagliari, Italy"}]}],"member":"320","published-online":{"date-parts":[[2013,5,8]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Contagio. http:\/\/contagiodump.blogspot.it.  Contagio. http:\/\/contagiodump.blogspot.it."},{"key":"e_1_3_2_1_2_1","unstructured":"Malware tracker. http:\/\/www.malwaretracker.com\/pdfthreat.php.  Malware tracker. http:\/\/www.malwaretracker.com\/pdfthreat.php."},{"key":"e_1_3_2_1_3_1","unstructured":"Metasploit framework. Http:\/\/www.metasploit.com\/.  Metasploit framework. Http:\/\/www.metasploit.com\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Origami framework. Http:\/\/esec-lab.sogeti.com\/pages\/Origami.  Origami framework. Http:\/\/esec-lab.sogeti.com\/pages\/Origami."},{"key":"e_1_3_2_1_5_1","unstructured":"Pdf tools.texttthttp:\/\/blog.didierstevens.com\/programs\/pdf-tools\/.  Pdf tools.texttthttp:\/\/blog.didierstevens.com\/programs\/pdf-tools\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Pdfrate. http:\/\/pdfrate.com.  Pdfrate. http:\/\/pdfrate.com."},{"key":"e_1_3_2_1_7_1","unstructured":"Peepdf. Http:\/\/eternal-todo.com\/tools\/peepdf-pdf-analysis-tool.  Peepdf. Http:\/\/eternal-todo.com\/tools\/peepdf-pdf-analysis-tool."},{"key":"e_1_3_2_1_8_1","unstructured":"Pypdf. http:\/\/pybrary.net\/pyPdf\/.  Pypdf. http:\/\/pybrary.net\/pyPdf\/."},{"key":"e_1_3_2_1_9_1","unstructured":"Social engineering toolkit. Https:\/\/www.secmaniac.com\/.  Social engineering toolkit. Https:\/\/www.secmaniac.com\/."},{"key":"e_1_3_2_1_10_1","unstructured":"Wepawet. Http:\/\/wepawet.iseclab.org\/index.php.  Wepawet. Http:\/\/wepawet.iseclab.org\/index.php."},{"key":"e_1_3_2_1_11_1","volume-title":"Adobe","author":"Reference PDF","year":"2006","unstructured":"PDF Reference . Adobe Portable Document Format Version 1.7 . Adobe , November 2006 . PDF Reference. Adobe Portable Document Format Version 1.7. Adobe, November 2006."},{"key":"e_1_3_2_1_12_1","unstructured":"Adobe Supplement to ISO 32000. Adobe June 2008.  Adobe Supplement to ISO 32000. Adobe June 2008."},{"key":"e_1_3_2_1_13_1","volume-title":"November","author":"Foxit","year":"2010","unstructured":"Foxit reader stack overflow exploit. http:\/\/www.exploit-db.com\/foxit-reader-stack-overflow-exploit-egghunter\/ , November 2010 . Foxit reader stack overflow exploit. http:\/\/www.exploit-db.com\/foxit-reader-stack-overflow-exploit-egghunter\/, November 2010."},{"key":"e_1_3_2_1_14_1","volume-title":"http:\/\/blog.rsmoorthy.net\/2012\/01\/add-javascript-to-existing-pdf-files.html","author":"Add","year":"2012","unstructured":"Add javascript to existing pdf files (python). http:\/\/blog.rsmoorthy.net\/2012\/01\/add-javascript-to-existing-pdf-files.html , 2012 . Add javascript to existing pdf files (python). http:\/\/blog.rsmoorthy.net\/2012\/01\/add-javascript-to-existing-pdf-files.html, 2012."},{"key":"e_1_3_2_1_15_1","volume-title":"Symantec","author":"Threat Reports Internet Security","year":"2011","unstructured":"Internet Security Threat Reports . 2011 Trends . Symantec , April 2012. Internet Security Threat Reports. 2011 Trends. Symantec, April 2012."},{"key":"e_1_3_2_1_16_1","unstructured":"P. Bania. Jit spraying and mitigations. CoRR http:\/\/www.piotrbania.com\/all\/articles\/pbania-jit-mitigations2010.pdf 2010.  P. Bania. Jit spraying and mitigations. CoRR http:\/\/www.piotrbania.com\/all\/articles\/pbania-jit-mitigations2010.pdf 2010."},{"key":"e_1_3_2_1_17_1","volume-title":"Black Hat '08","author":"Buchanan E.","year":"2008","unstructured":"E. Buchanan , R. Roemer , S. Sevage , and H. Shacham . Return-oriented programming: Exploitation without code injection . In Black Hat '08 , 2008 . E. Buchanan, R. Roemer, S. Sevage, and H. Shacham. Return-oriented programming: Exploitation without code injection. In Black Hat '08, 2008."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963436"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772720"},{"key":"e_1_3_2_1_20_1","volume-title":"Sandia National Laboratories","author":"Cross J. S.","year":"2011","unstructured":"J. S. Cross and M. A. Munson . Deep pdf parsing to extract features for detecting embedded malware. Technical report , Sandia National Laboratories , 2011 . J. S. Cross and M. A. Munson. Deep pdf parsing to extract features for detecting embedded malware. Technical report, Sandia National Laboratories, 2011."},{"key":"e_1_3_2_1_21_1","first-page":"3","volume-title":"Proceedings of the 20th USENIX conference on Security, SEC'11","author":"Curtsinger C.","year":"2011","unstructured":"C. Curtsinger , B. Livshits , B. Zorn , and C. Seifert . Zozzle: fast and precise in-browser javascript malware detection . In Proceedings of the 20th USENIX conference on Security, SEC'11 , pages 3 -- 3 , Berkeley, CA, USA , 2011 . USENIX Association. C. Curtsinger, B. Livshits, B. Zorn, and C. Seifert. Zozzle: fast and precise in-browser javascript malware detection. In Proceedings of the 20th USENIX conference on Security, SEC'11, pages 3--3, Berkeley, CA, USA, 2011. USENIX Association."},{"key":"e_1_3_2_1_22_1","volume-title":"Virus Bulletin","author":"Engleberth M.","year":"2009","unstructured":"M. Engleberth , C. Willems , and T. Holz . Detecting malicious documents with combined static and dynamic analysis. Technical report , Virus Bulletin , 2009 . M. Engleberth, C. Willems, and T. Holz. Detecting malicious documents with combined static and dynamic analysis. Technical report, Virus Bulletin, 2009."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.15"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076785"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73614-1_14"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31537-4_40"},{"key":"e_1_3_2_1_27_1","unstructured":"S. Porst. A brief analysis of a malicious pdf file which exploits this week's flash 0-day. http:\/\/blog.zynamics.com\/ 2010.  S. Porst. A brief analysis of a malicious pdf file which exploits this week's flash 0-day. http:\/\/blog.zynamics.com\/ 2010."},{"key":"e_1_3_2_1_28_1","volume-title":"Technical report","author":"Rahman M. A.","year":"2008","unstructured":"M. A. Rahman . Getting owned by malicious pdf - analysis. Technical report , SANS Institute , 2008 . M. A. Rahman. Getting owned by malicious pdf - analysis. Technical report, SANS Institute, 2008."},{"key":"e_1_3_2_1_29_1","first-page":"169","volume-title":"Proceedings of the 18th conference on USENIX security symposium, SSYM'09","author":"Ratanaworabhan P.","year":"2009","unstructured":"P. Ratanaworabhan , B. Livshits , and B. Zorn . Nozzle: a defense against heap-spraying code injection attacks . In Proceedings of the 18th conference on USENIX security symposium, SSYM'09 , pages 169 -- 186 , Berkeley, CA, USA , 2009 . USENIX Association. P. Ratanaworabhan, B. Livshits, and B. Zorn. Nozzle: a defense against heap-spraying code injection attacks. In Proceedings of the 18th conference on USENIX security symposium, SSYM'09, pages 169--186, Berkeley, CA, USA, 2009. USENIX Association."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_6"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920267"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_5"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420987"},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 20th USENIX conference on Security, SEC'11","author":"Snow K. Z.","year":"2011","unstructured":"K. Z. Snow , S. Krishnan , F. Monrose , and N. Provos . Shellos: enabling fast detection and forensic analysis of code injection attacks . In Proceedings of the 20th USENIX conference on Security, SEC'11 , 2011 . K. Z. Snow, S. Krishnan, F. Monrose, and N. Provos. Shellos: enabling fast detection and forensic analysis of code injection attacks. In Proceedings of the 20th USENIX conference on Security, SEC'11, 2011."},{"key":"e_1_3_2_1_35_1","volume-title":"http:\/\/blog.didierstevens.com\/2010\/03\/29\/escape-from-pdf\/","author":"Stevens D.","year":"2010","unstructured":"D. Stevens . Escape from pdf. http:\/\/blog.didierstevens.com\/2010\/03\/29\/escape-from-pdf\/ , 2010 . D. Stevens. Escape from pdf. http:\/\/blog.didierstevens.com\/2010\/03\/29\/escape-from-pdf\/, 2010."},{"key":"e_1_3_2_1_36_1","unstructured":"D. Stevens. Free Malicious PDF Analysis. http:\/\/didierstevens.com\/files\/data\/malicious-pdf-analysis-ebook.zip 2010.  D. Stevens. Free Malicious PDF Analysis. http:\/\/didierstevens.com\/files\/data\/malicious-pdf-analysis-ebook.zip 2010."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.14"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1599272.1599278"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1972551.1972555"},{"key":"e_1_3_2_1_40_1","volume-title":"Proceedings of the 20th Annual Network & Distributed System Security Symposium","author":"Laskov Srndi\u0107","year":"2013","unstructured":"N.v Srndi\u0107 and P. Laskov . Detection of malicious pdf files based on hierarchical document structure . In Proceedings of the 20th Annual Network & Distributed System Security Symposium , 2013 . N.vSrndi\u0107 and P. Laskov. Detection of malicious pdf files based on hierarchical document structure. In Proceedings of the 20th Annual Network & Distributed System Security Symposium, 2013."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"e_1_3_2_1_42_1","unstructured":"Yahoo. Search api. http:\/\/developer.yahoo.com December 2012.  Yahoo. Search api. http:\/\/developer.yahoo.com December 2012."}],"event":{"name":"ASIA CCS '13: 8th ACM Symposium on Information, Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Hangzhou China","acronym":"ASIA CCS '13"},"container-title":["Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2484313.2484327","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2484313.2484327","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T08:39:19Z","timestamp":1750235959000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2484313.2484327"}},"subtitle":["an evasion of structural methods for malicious PDF files detection"],"short-title":[],"issued":{"date-parts":[[2013,5,8]]},"references-count":42,"alternative-id":["10.1145\/2484313.2484327","10.1145\/2484313"],"URL":"https:\/\/doi.org\/10.1145\/2484313.2484327","relation":{},"subject":[],"published":{"date-parts":[[2013,5,8]]},"assertion":[{"value":"2013-05-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}