Fuzzy-import hashing:A malware analysis approach

Abstract

Malware has remained a consistent threat since its emergence, growing into a plethora of types and in large numbers. In recent years, numerous new malware variants have enabled the identification of new attack surfaces and vectors, and have become a major challenge to security experts, driving the enhancement and development of new malware analysis techniques to contain the contagion. One of the preliminary steps of malware analysis is to remove the abundance of counterfeit malware samples from the large collection of suspicious samples. This process assists in the management of man and machine resources effectively in the analysis of both unknown and likely malware samples. Hashing techniques are one of the fastest and efficient techniques for performing this preliminary analysis such as fuzzy hashing and import hashing. However, both hashing methods have their limitations and they may not be effective on their own, instead the combination of two distinctive methods may assist in improving the detection accuracy and overall performance of the analysis. This paper proposes a Fuzzy-Import hashing technique which is the combination of fuzzy hashing and import hashing to improve the detection accuracy and overall performance of malware analysis. This proposed Fuzzy-Import hashing offers several benefits which are demonstrated through the experimentation performed on the collected malware samples and compared against stand-alone techniques of fuzzy hashing and import hashing.

Publication DOI: https://doi.org/10.1109/FUZZ48607.2020.9177636
Divisions: College of Engineering & Physical Sciences
Aston University (General)
Funding Information: The authors gratefully acknowledge the support of Hybrid-
Additional Information: © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Event Title: 2020 IEEE International Conference on Fuzzy Systems, FUZZ 2020
Event Type: Other
Event Dates: 2020-07-19 - 2020-07-24
Uncontrolled Keywords: Fuzzy C-Means Clustering,Fuzzy Hashing,Fuzzy-Import Hashing,Import Hashing,Malware Analysis,Ransomware,Software,Theoretical Computer Science,Artificial Intelligence,Applied Mathematics
ISBN: 9781728169323
Last Modified: 29 Nov 2024 08:26
Date Deposited: 05 Nov 2020 10:10
Full Text Link:
Related URLs: http://www.scop ... tnerID=8YFLogxK (Scopus URL)
https://ieeexpl ... ocument/9177636 (Publisher URL)
PURE Output Type: Conference contribution
Published Date: 2020-08-26
Accepted Date: 2020-07-01
Authors: Naik, Nitin (ORCID Profile 0000-0002-0659-9646)
Jenkins, Paul
Savage, Nick
Yang, Longzhi
Boongoen, Tossapon
Iam-On, Natthakan

Download

[img]

Version: Accepted Version

| Preview

Export / Share Citation


Statistics

Additional statistics for this record