SGWeS: A Framework to Safeguard Web Servers from PDF Malware Attacks

Abstract

Web Servers are a critical asset in the Information Technology sector that are exposed to the Internet on a generic basis. The major players in the industry dealing in sectors like healthcare, education institutes, telecom, ecommerce, etc. create massive business through their Web presence. The intrusion through the organization’s web server can harm the industry’s day-to-day activities. Many organizations are required to have PDF files uploaded from the user of the website, that are being sent to Web Servers. Cyber Attackers or hackers widely target web servers using PDF malware attacks. A PDF file can contain malicious code, links, or attachments that, when accessed or downloaded on the web server, can infect the server or network. The existing methodologies work on the principle of checking malicious files on the web server. In this research paper, a framework is proposed to check the authenticity of PDF malware attacks at the client machine only using machine learning-trained models. The machine learning-trained embedded script is trained using the Evasive-PDFMal2022 dataset. This dataset contains the all-relevant features of benign and malicious PDF files that can be utilized to train Artificial intelligence-based techniques. The proposed methodology is validated using machine learning models like the decision tree classifier and the performance of the machine learning trained model is enhanced with XGBoost methodology. XGBoost outperforms and results in improved metrics used for evaluation.