Wuhan University Professor Solves PDF Malware Resistance Challenge

Recently, Professor Peng Guojun from the National Cybersecurity College at Wuhan University guided a paper that has been accepted for presentation at the 32nd ACM Conference on Computer and Communications Security (ACM CCS 2025). The paper, titled "Analyzing PDFs like Binaries: Adversarially Robust PDF Malware Analysis via Intermediate Representation and Language Model," was authored by Liu Side, a doctoral student from the 2021 cohort, and Professor Peng served as the corresponding author. The paper introduces a novel approach to analyzing PDF files, which have become a prevalent and persistent vector for cyber attacks. Despite the high accuracy of existing machine learning-based PDF malware classifiers, they remain vulnerable to adversarial attacks, undermining their reliability. While previous studies have attempted to improve the robustness of these classifiers, they often rely on outdated feature engineering methods. This limits the effectiveness of even the most advanced machine learning techniques in addressing the inherent instability of extracted features. To tackle this issue, the paper proposes a new method for PDF feature extraction and malware detection. It introduces PDFObjIR, the first PDF object intermediate representation framework akin to assembly language. This framework leverages pre-trained language models to extract semantic features, while also employing program analysis concepts to construct an object reference graph, similar to a control flow graph, to capture structural features. This dual analysis mechanism allows for comprehensive PDF malware detection from both semantic and structural perspectives. Experimental results demonstrate that the proposed classifier outperforms state-of-the-art PDF malware classifiers by maintaining an extremely low false positive rate of just 0.07% on baseline datasets, while showcasing significant resilience against adversarial attacks. The 32nd ACM Conference on Computer and Communications Security (ACM CCS 2025) will be held from October 13 to 17, 2025, in Taipei, China. First established in 1993, ACM CCS has a storied history spanning over three decades. It is recognized as one of the flagship conferences in the field of information security, alongside IEEE S&P, USENIX Security, and NDSS. Recommended as an A-class conference by the Chinese Computer Federation (CCF), ACM CCS maintains a rigorous selection process, with an acceptance rate of approximately 18% over the past decade. Accepted papers reflect the latest and most cutting-edge research in the cybersecurity domain. This achievement underscores the significant progress being made in the development of more robust and reliable methods for detecting and mitigating PDF-based cyber threats. It highlights the ongoing commitment of researchers at Wuhan University to advancing the field of cybersecurity.