Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness

Nitin Naik, Paul Jenkins, Roger Cooke, Jonathan Gillett, Yaochu Jin

Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion CynhadleddCyfraniad mewn cynhadleddadolygiad gan gymheiriaid

16 Dyfyniadau (Scopus)

Crynodeb

Emerging as a widely accepted technique for malware analysis, YARA rules due to its flexible and customisable nature, allows malware analysts to develop rules according to the requirements of a specific security domain. YARA rules can be automatically generated using tools, however, they may require post-processing for their optimisation, and may not be effective for the specific security domain. This compels the requirement to enhance automatically generated YARA rules and increase their effectiveness for malware analysis without increasing computational overheads. Reflecting on the above requirement, this paper initially evaluates automatically generated YARA rules using three YARA tools: yarGen, yaraGenerator and yabin. These tools are Python-based open-source tools used to generate YARA rules automatically utilising different underlying techniques. Subsequently, it proposes a method to enhance automatically generated YARA rules using a fuzzy hashing method. This proposed enhancement method can improve the effectiveness of YARA rules irrespective of the chosen YARA tool used to generate YARA rules, which is demonstrated through several experiments on samples of collected malware and goodware.

Iaith wreiddiolSaesneg
Teitl2020 IEEE Symposium Series on Computational Intelligence, SSCI 2020
CyhoeddwrInstitute of Electrical and Electronics Engineers Inc.
Tudalennau1146-1153
Nifer y tudalennau8
ISBN (Electronig)9781728125473
Dynodwyr Gwrthrych Digidol (DOIs)
StatwsCyhoeddwyd - 1 Rhag 2020
Cyhoeddwyd yn allanolIe
Digwyddiad2020 IEEE Symposium Series on Computational Intelligence, SSCI 2020 - Virtual, Canberra, Awstralia
Hyd: 1 Rhag 20204 Rhag 2020

Cyfres gyhoeddiadau

Enw2020 IEEE Symposium Series on Computational Intelligence, SSCI 2020

Cynhadledd

Cynhadledd2020 IEEE Symposium Series on Computational Intelligence, SSCI 2020
Gwlad/TiriogaethAwstralia
DinasVirtual, Canberra
Cyfnod1/12/204/12/20

Dyfynnu hyn