Fuzzy-import hashing: A malware analysis approach

Nitin Kumar Naik; Paul Jenkins; Nick Savage; Longzhi Yang; Tossapon Boongoen; Natthakan Iam-On

doi:10.1109/FUZZ48607.2020.9177636

Fuzzy-import hashing: A malware analysis approach

Nitin Kumar Naik, Paul Jenkins, Nick Savage, Longzhi Yang, Tossapon Boongoen, Natthakan Iam-On

Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion Cynhadledd › Trafodion Cynhadledd (Nid-Cyfnodolyn fathau)

16 Dyfyniadau (Scopus)

Crynodeb

Malware has remained a consistent threat since its emergence, growing into a plethora of types and in large numbers. In recent years, numerous new malware variants have enabled the identification of new attack surfaces and vectors, and have become a major challenge to security experts, driving the enhancement and development of new malware analysis techniques to contain the contagion. One of the preliminary steps of malware analysis is to remove the abundance of counterfeit malware samples from the large collection of suspicious samples. This process assists in the management of man and machine resources effectively in the analysis of both unknown and likely malware samples. Hashing techniques are one of the fastest and efficient techniques for performing this preliminary analysis such as fuzzy hashing and import hashing. However, both hashing methods have their limitations and they may not be effective on their own, instead the combination of two distinctive methods may assist in improving the detection accuracy and overall performance of the analysis. This paper proposes a Fuzzy-Import hashing technique which is the combination of fuzzy hashing and import hashing to improve the detection accuracy and overall performance of malware analysis. This proposed Fuzzy-Import hashing offers several benefits which are demonstrated through the experimentation performed on the collected malware samples and compared against stand-alone techniques of fuzzy hashing and import hashing.

Iaith wreiddiol	Saesneg
Teitl	International Conference on Fuzzy Systems
Is-deitl	FUZZ 2020 - Proceedings
Cyhoeddwr	IEEE Press
Tudalennau	1-8
Nifer y tudalennau	8
ISBN (Electronig)	9781728169323
Dynodwyr Gwrthrych Digidol (DOIs)	https://doi.org/10.1109/FUZZ48607.2020.9177636
Statws	Cyhoeddwyd - 19 Gorff 2020
Cyhoeddwyd yn allanol	Ie
Digwyddiad	2020 IEEE International Conference on Fuzzy Systems, FUZZ 2020 - Glasgow, Teyrnas Unedig Prydain Fawr a Gogledd Iwerddon Hyd: 19 Gorff 2020 → 24 Gorff 2020

Cyfres gyhoeddiadau

Enw	IEEE International Conference on Fuzzy Systems
Cyfrol	2020-July
ISSN (Argraffiad)	1098-7584

Cynhadledd

Cynhadledd	2020 IEEE International Conference on Fuzzy Systems, FUZZ 2020
Gwlad/Tiriogaeth	Teyrnas Unedig Prydain Fawr a Gogledd Iwerddon
Dinas	Glasgow
Cyfnod	19 Gorff 2020 → 24 Gorff 2020

Mynediad at Ddogfen

10.1109/FUZZ48607.2020.9177636

Cysylltiad parhaol

Dolen barhaus

Ffeiliau eraill a chysylltiadau

Dolen i’r cyhoeddiad yn Scopus

Dyfynnu hyn

@inproceedings{ade190dd41744f4baae85c0f0a25d7ad,

title = "Fuzzy-import hashing: A malware analysis approach",

abstract = "Malware has remained a consistent threat since its emergence, growing into a plethora of types and in large numbers. In recent years, numerous new malware variants have enabled the identification of new attack surfaces and vectors, and have become a major challenge to security experts, driving the enhancement and development of new malware analysis techniques to contain the contagion. One of the preliminary steps of malware analysis is to remove the abundance of counterfeit malware samples from the large collection of suspicious samples. This process assists in the management of man and machine resources effectively in the analysis of both unknown and likely malware samples. Hashing techniques are one of the fastest and efficient techniques for performing this preliminary analysis such as fuzzy hashing and import hashing. However, both hashing methods have their limitations and they may not be effective on their own, instead the combination of two distinctive methods may assist in improving the detection accuracy and overall performance of the analysis. This paper proposes a Fuzzy-Import hashing technique which is the combination of fuzzy hashing and import hashing to improve the detection accuracy and overall performance of malware analysis. This proposed Fuzzy-Import hashing offers several benefits which are demonstrated through the experimentation performed on the collected malware samples and compared against stand-alone techniques of fuzzy hashing and import hashing.",

keywords = "Fuzzy C-Means Clustering, Fuzzy Hashing, Fuzzy-Import Hashing, Import Hashing, Malware Analysis, Ransomware",

author = "Naik, {Nitin Kumar} and Paul Jenkins and Nick Savage and Longzhi Yang and Tossapon Boongoen and Natthakan Iam-On",

note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 2020 IEEE International Conference on Fuzzy Systems, FUZZ 2020 ; Conference date: 19-07-2020 Through 24-07-2020",

year = "2020",

month = jul,

day = "19",

doi = "10.1109/FUZZ48607.2020.9177636",

language = "English",

series = "IEEE International Conference on Fuzzy Systems",

publisher = "IEEE Press",

pages = "1--8",

booktitle = "International Conference on Fuzzy Systems",

address = "United States of America",

}

Naik, NK, Jenkins, P, Savage, N, Yang, L, Boongoen, T & Iam-On, N 2020, Fuzzy-import hashing: A malware analysis approach. yn International Conference on Fuzzy Systems: FUZZ 2020 - Proceedings., 9177636, IEEE International Conference on Fuzzy Systems, cyfrol. 2020-July, IEEE Press, tt. 1-8, 2020 IEEE International Conference on Fuzzy Systems, FUZZ 2020, Glasgow, Teyrnas Unedig Prydain Fawr a Gogledd Iwerddon, 19 Gorff 2020. https://doi.org/10.1109/FUZZ48607.2020.9177636

Fuzzy-import hashing: A malware analysis approach. / Naik, Nitin Kumar; Jenkins, Paul; Savage, Nick et al.
International Conference on Fuzzy Systems: FUZZ 2020 - Proceedings. IEEE Press, 2020. t. 1-8 9177636 (IEEE International Conference on Fuzzy Systems; Cyfrol 2020-July).

Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion Cynhadledd › Trafodion Cynhadledd (Nid-Cyfnodolyn fathau)

TY - GEN

T1 - Fuzzy-import hashing

T2 - 2020 IEEE International Conference on Fuzzy Systems, FUZZ 2020

AU - Naik, Nitin Kumar

AU - Jenkins, Paul

AU - Savage, Nick

AU - Yang, Longzhi

AU - Boongoen, Tossapon

AU - Iam-On, Natthakan

PY - 2020/7/19

Y1 - 2020/7/19

N2 - Malware has remained a consistent threat since its emergence, growing into a plethora of types and in large numbers. In recent years, numerous new malware variants have enabled the identification of new attack surfaces and vectors, and have become a major challenge to security experts, driving the enhancement and development of new malware analysis techniques to contain the contagion. One of the preliminary steps of malware analysis is to remove the abundance of counterfeit malware samples from the large collection of suspicious samples. This process assists in the management of man and machine resources effectively in the analysis of both unknown and likely malware samples. Hashing techniques are one of the fastest and efficient techniques for performing this preliminary analysis such as fuzzy hashing and import hashing. However, both hashing methods have their limitations and they may not be effective on their own, instead the combination of two distinctive methods may assist in improving the detection accuracy and overall performance of the analysis. This paper proposes a Fuzzy-Import hashing technique which is the combination of fuzzy hashing and import hashing to improve the detection accuracy and overall performance of malware analysis. This proposed Fuzzy-Import hashing offers several benefits which are demonstrated through the experimentation performed on the collected malware samples and compared against stand-alone techniques of fuzzy hashing and import hashing.

AB - Malware has remained a consistent threat since its emergence, growing into a plethora of types and in large numbers. In recent years, numerous new malware variants have enabled the identification of new attack surfaces and vectors, and have become a major challenge to security experts, driving the enhancement and development of new malware analysis techniques to contain the contagion. One of the preliminary steps of malware analysis is to remove the abundance of counterfeit malware samples from the large collection of suspicious samples. This process assists in the management of man and machine resources effectively in the analysis of both unknown and likely malware samples. Hashing techniques are one of the fastest and efficient techniques for performing this preliminary analysis such as fuzzy hashing and import hashing. However, both hashing methods have their limitations and they may not be effective on their own, instead the combination of two distinctive methods may assist in improving the detection accuracy and overall performance of the analysis. This paper proposes a Fuzzy-Import hashing technique which is the combination of fuzzy hashing and import hashing to improve the detection accuracy and overall performance of malware analysis. This proposed Fuzzy-Import hashing offers several benefits which are demonstrated through the experimentation performed on the collected malware samples and compared against stand-alone techniques of fuzzy hashing and import hashing.

KW - Fuzzy C-Means Clustering

KW - Fuzzy Hashing

KW - Fuzzy-Import Hashing

KW - Import Hashing

KW - Malware Analysis

KW - Ransomware

UR - http://www.scopus.com/inward/record.url?scp=85090501496&partnerID=8YFLogxK

U2 - 10.1109/FUZZ48607.2020.9177636

DO - 10.1109/FUZZ48607.2020.9177636

M3 - Conference Proceeding (Non-Journal item)

AN - SCOPUS:85090501496

T3 - IEEE International Conference on Fuzzy Systems

SP - 1

EP - 8

BT - International Conference on Fuzzy Systems

PB - IEEE Press

Y2 - 19 July 2020 through 24 July 2020

ER -

Fuzzy-import hashing: A malware analysis approach

Crynodeb

Cyfres gyhoeddiadau

Cynhadledd

Mynediad at Ddogfen

Cysylltiad parhaol

Ffeiliau eraill a chysylltiadau

Ôl bys

Dyfynnu hyn