Browsing by Author "Awan, Irfan U."

Now showing 1 - 3 of 3
  • Thumbnail Image
    Item
    Detection of Malicious Portable Executables using Evidence Combinational Theory with Fuzzy Hashing
    (IEEE, 2016) Namanya, Anitta Patience; Khan Ali Mirza, Qublai; Al-Mohannadi, Hamad; Awan, Irfan U.; Ferdinand Pagna Disso, Jules
    Fuzzy hashing is a known technique that has been adopted to speed up malware analysis processes. However, Hashing has not been fully implemented for malware detection because it can easily be evaded by applying a simple obfuscation technique such as packing. This challenge has limited the usage of hashing to triaging of the samples based on the percentage of similarity between the known and unknown. In this paper, we explore the different ways fuzzy hashing can be used to detect similarities in a file by investigating particular hashes of interest. Each hashing method produces independent but related interesting results which are presented herein. We further investigate combination techniques that can be used to improve the detection rates in hashing methods. Two such evidence combination theory based methods are applied in this work in order propose a novel way of combining the results achieved from different hashing algorithms. This study focuses on file and section Ssdeep hashing, PeHash and Imphash techniques to calculate the similarity of the Portable Executable files. Our results show that the detection rates are improved when evidence combination techniques are used.
  • Thumbnail Image
    Item
    Similarity hash based scoring of portable executable files for efficient malware detection in IoT
    (Future Generation Computer Systems, 2020) Namanya, Anitta Patience; Awan, Irfan U.; Pagna Disso, Jules; Younas, Muhammad
    The current rise in malicious attacks shows that existing security systems are bypassed by malicious files. Similarity hashing has been adopted for sample triaging in malware analysis and detection. File similarity is used to cluster malware into families such that their common signature can be designed. This paper explores four hash types currently used in malware analysis for portable executable (PE) files. Although each hashing technique produces interesting results, when applied independently, they have high false detection rates. This paper investigates into a central issue of how different hashing techniques can be combined to provide a quantitative malware score and to achieve better detection rates. We design and develop a novel approach for malware scoring based on the hashes results. The proposed approach is evaluated through a number of experiments. Evaluation clearly demonstrates a significant improvement (> 90%) in true detection rates of malware.
  • Thumbnail Image
    Item
    The World of Malware: An Overview
    (IEEE, 2018) Namanya, Anitta Patience; Cullen, Andrea; Awan, Irfan U.; Pagna Disso, Jules
    Malware, short for malicious software is a program code that is hostile and often used to corrupt or misuse a system. Introducing malware into a computer network environment has different effects depending on the design intent of the malware and the network layout. Malware detection and prevention systems are bypassed by malicious files in computer systems as malware become more complex and large in numbers. This paper presents an overview of the world of malware with the intent of providing the underlying information for the intended study into developing malware detection approaches.