Detection of Malicious Portable Executables using Evidence Combinational Theory with Fuzzy Hashing
Loading...
Date
2016
Journal Title
Journal ISSN
Volume Title
Publisher
IEEE
Abstract
Fuzzy hashing is a known technique that has
been adopted to speed up malware analysis processes. However,
Hashing has not been fully implemented for malware detection
because it can easily be evaded by applying a simple obfuscation
technique such as packing. This challenge has limited the usage
of hashing to triaging of the samples based on the percentage of
similarity between the known and unknown. In this paper, we
explore the different ways fuzzy hashing can be used to detect
similarities in a file by investigating particular hashes of interest.
Each hashing method produces independent but related
interesting results which are presented herein. We further
investigate combination techniques that can be used to improve
the detection rates in hashing methods. Two such evidence
combination theory based methods are applied in this work in
order propose a novel way of combining the results achieved
from different hashing algorithms. This study focuses on file and
section Ssdeep hashing, PeHash and Imphash techniques to
calculate the similarity of the Portable Executable files. Our
results show that the detection rates are improved when evidence
combination techniques are used.
Description
Keywords
Malware detection, Fuzzy hash, Evidence combinational theory, Common Factor Model, Fuzzy Logic, Portable executable
Citation
Namanya, A. P., Mirza, Q. K. A., Al-Mohannadi, H., Awan, I. U., & Disso, J. F. P. (2016, August). Detection of malicious portable executables using evidence combinational theory with fuzzy hashing. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud) (pp. 91-98). IEEE. DOI 10.1109/FiCloud.2016.21