TY - GEN
T1 - Fuzzy-import hashing
T2 - 2020 IEEE International Conference on Fuzzy Systems, FUZZ 2020
AU - Naik, Nitin
AU - Jenkins, Paul
AU - Savage, Nick
AU - Yang, Longzhi
AU - Boongoen, Tossapon
AU - Iam-On, Natthakan
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/8/26
Y1 - 2020/8/26
N2 - Malware has remained a consistent threat since its emergence, growing into a plethora of types and in large numbers. In recent years, numerous new malware variants have enabled the identification of new attack surfaces and vectors, and have become a major challenge to security experts, driving the enhancement and development of new malware analysis techniques to contain the contagion. One of the preliminary steps of malware analysis is to remove the abundance of counterfeit malware samples from the large collection of suspicious samples. This process assists in the management of man and machine resources effectively in the analysis of both unknown and likely malware samples. Hashing techniques are one of the fastest and efficient techniques for performing this preliminary analysis such as fuzzy hashing and import hashing. However, both hashing methods have their limitations and they may not be effective on their own, instead the combination of two distinctive methods may assist in improving the detection accuracy and overall performance of the analysis. This paper proposes a Fuzzy-Import hashing technique which is the combination of fuzzy hashing and import hashing to improve the detection accuracy and overall performance of malware analysis. This proposed Fuzzy-Import hashing offers several benefits which are demonstrated through the experimentation performed on the collected malware samples and compared against stand-alone techniques of fuzzy hashing and import hashing.
AB - Malware has remained a consistent threat since its emergence, growing into a plethora of types and in large numbers. In recent years, numerous new malware variants have enabled the identification of new attack surfaces and vectors, and have become a major challenge to security experts, driving the enhancement and development of new malware analysis techniques to contain the contagion. One of the preliminary steps of malware analysis is to remove the abundance of counterfeit malware samples from the large collection of suspicious samples. This process assists in the management of man and machine resources effectively in the analysis of both unknown and likely malware samples. Hashing techniques are one of the fastest and efficient techniques for performing this preliminary analysis such as fuzzy hashing and import hashing. However, both hashing methods have their limitations and they may not be effective on their own, instead the combination of two distinctive methods may assist in improving the detection accuracy and overall performance of the analysis. This paper proposes a Fuzzy-Import hashing technique which is the combination of fuzzy hashing and import hashing to improve the detection accuracy and overall performance of malware analysis. This proposed Fuzzy-Import hashing offers several benefits which are demonstrated through the experimentation performed on the collected malware samples and compared against stand-alone techniques of fuzzy hashing and import hashing.
KW - Fuzzy C-Means Clustering
KW - Fuzzy Hashing
KW - Fuzzy-Import Hashing
KW - Import Hashing
KW - Malware Analysis
KW - Ransomware
UR - http://www.scopus.com/inward/record.url?scp=85090501496&partnerID=8YFLogxK
U2 - 10.1109/FUZZ48607.2020.9177636
DO - 10.1109/FUZZ48607.2020.9177636
M3 - Conference contribution
AN - SCOPUS:85090501496
T3 - IEEE International Conference on Fuzzy Systems
BT - 2020 IEEE International Conference on Fuzzy Systems, FUZZ 2020 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 19 July 2020 through 24 July 2020
ER -