Malicious PDF detection suffers from unstable feature representations and vulnerability to adversarial perturbations, largely due to outdated, hand-crafted feature engineering. To address these challenges, we propose a robust dual-perspective analysis framework integrating semantic and structural cues. Specifically, we introduce PDFObj IR—a novel assembly-like intermediate representation—to uniformly encode the semantic behavior of PDF objects; construct an Object Reference Graph (ORG) to model structural dependencies among objects; and, for the first time, synergistically combine program analysis principles with pre-trained language model (LLM)-based semantic encoding, graph neural networks (GNNs), and adversarial robust training for PDF security analysis. Evaluated on standard benchmarks, our method achieves a false positive rate of only 0.07% and demonstrates significantly superior robustness against diverse PDF adversarial samples compared to state-of-the-art approaches—advancing both reliability and interpretability in malicious PDF detection.

Malicious PDF files have emerged as a persistent threat and become a popular attack vector in web-based attacks. While machine learning-based PDF malware classifiers have shown promise, these classifiers are often susceptible to adversarial attacks, undermining their reliability. To address this issue, recent studies have aimed to enhance the robustness of PDF classifiers. Despite these efforts, the feature engineering underlying these studies remains outdated. Consequently, even with the application of cutting-edge machine learning techniques, these approaches fail to fundamentally resolve the issue of feature instability. To tackle this, we propose a novel approach for PDF feature extraction and PDF malware detection. We introduce the PDFObj IR (PDF Object Intermediate Representation), an assembly-like language framework for PDF objects, from which we extract semantic features using a pretrained language model. Additionally, we construct an Object Reference Graph to capture structural features, drawing inspiration from program analysis. This dual approach enables us to analyze and detect PDF malware based on both semantic and structural features. Experimental results demonstrate that our proposed classifier achieves strong adversarial robustness while maintaining an exceptionally low false positive rate of only 0.07% on baseline dataset compared to state-of-the-art PDF malware classifiers.