A novel visual interface enables human detection of malware in portable document format

• Published in: Journal of cybersecurity (Oxford) Vol. 10; no. 1
• Main Authors: Gutzwiller, Robert S, Fugate, Sunny J, Lukos, Jamie R, Wiegand, Karl
• Format: Journal Article
• Language: English
• Published: Oxford Oxford University Press 2024
• Subjects: Cybersecurity; Malware; Portable document format; Visualization; malware detection; human factors; ambient display; portable document format
• ISSN: 2057-2085; 2057-2093
• DOI: 10.1093/cybsec/tyae016

In this human subjects study, we sought to enable user-based detection of malware within portable document format (PDF) files. Such malware is often difficult to detect with traditional malware detection tools. Humans are excellent sensors and pattern detectors and could be a key to more robust malware detection but need something to sense. By design, malware is often hidden deep within a file and its presence or operation may be completely hidden from users. To combat this, we built a visualization to expose underlying file contents and conducted a study to assess whether the visualization would enable novice users to detect malware embedded within PDF files. We found that when users engaged with the tool, detection for PDF malware was well above chance performance, better than a control condition, and with high discriminability. The display significantly improved user detection of malware in PDF files; combined with feedback and the ability to provide aggregated detection information to security analysts in a future version, we believe it could enable more effective detection and response. This research highlights the need for integration as well as experimentation between human and machine to best improve cyber defense.