Naik, Nitin, Jenkins, Paul, Cooke, Roger, Gillett, Jonathan and Jin, Yaochu (2021). Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness. IN: 2020 IEEE Symposium Series on Computational Intelligence, SSCI 2020. 2020 IEEE Symposium Series on Computational Intelligence, SSCI 2020 . AUS: IEEE.
Abstract
Emerging as a widely accepted technique for malware analysis, YARA rules due to its flexible and customisable nature, allows malware analysts to develop rules according to the requirements of a specific security domain. YARA rules can be automatically generated using tools, however, they may require post-processing for their optimisation, and may not be effective for the specific security domain. This compels the requirement to enhance automatically generated YARA rules and increase their effectiveness for malware analysis without increasing computational overheads. Reflecting on the above requirement, this paper initially evaluates automatically generated YARA rules using three YARA tools: yarGen, yaraGenerator and yabin. These tools are Python-based open-source tools used to generate YARA rules automatically utilising different underlying techniques. Subsequently, it proposes a method to enhance automatically generated YARA rules using a fuzzy hashing method. This proposed enhancement method can improve the effectiveness of YARA rules irrespective of the chosen YARA tool used to generate YARA rules, which is demonstrated through several experiments on samples of collected malware and goodware.
| Publication DOI: | https://doi.org/10.1109/SSCI47803.2020.9308179 |
|---|---|
| Divisions: | College of Engineering & Physical Sciences Aston University (General) |
| Additional Information: | © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. |
| Event Title: | 2020 IEEE Symposium Series on Computational Intelligence (SSCI) |
| Event Type: | Other |
| Event Dates: | 2020-12-01 - 2020-12-04 |
| Uncontrolled Keywords: | Fuzzy Hashing,Indicator of Compromise,IoC String.,Malware Analysis,Malware Analysis; YARA Rules; Fuzzy Hashing; yarGen,Ransomware,YARA Rules,yabin,yarGen, yaraGenerator,yaraGenerator; yabin; Ransomware; Indicator of Compromise; IoC String.,Artificial Intelligence,Computer Science Applications,Decision Sciences (miscellaneous) |
| ISBN: | 978-1-7281-2548-0, 978-1-7281-2547-3 |
| Last Modified: | 18 Nov 2024 08:55 |
| Date Deposited: | 11 Jan 2021 12:22 |
| Full Text Link: | |
| Related URLs: |
https://ieeexpl ... ocument/9308179
(Publisher URL) http://www.scop ... tnerID=8YFLogxK (Scopus URL) |
PURE Output Type: | Conference contribution |
| Published Date: | 2021-01-05 |
| Authors: |
Naik, Nitin
(
0000-0002-0659-9646)
Jenkins, Paul Cooke, Roger Gillett, Jonathan Jin, Yaochu |
CORE (COnnecting REpositories)
CORE (COnnecting REpositories)