NFDD: A Dynamic Malicious Document Detection Method Without Manual Feature Dictionary

Machine learning method based on feature dictionary is currently the most popular in the field of malicious document (maldoc) detection. But building and updating the feature dictionary is a complex task that requires a lot of manual work. The detection effect of feature dictionary is limited by expert experience, and it cannot deal with unknown samples. To overcome the above limitations, we propose the no manual feature dictionary detection model (NFDD). We introduce a neural network based on word embedding and combine it with dynamic analysis that can capture behavioral information of unknown samples. Also, we have implemented traditional models based on feature dictionary for comparison. Experiments show that NFDD can effectively improve the accuracy to 99.05\(\%\) on 27,500 Office compound and open XML documents. NFDD can detect unknown samples that cannot be detected by traditional methods.