Detection of Malicious Portable Executables Using Evidence Combinational Theory with Fuzzy Hashing

Tools

Namanya, Anitta Patience, Ali Mirza, Qublai Khan ORCID: 0000-0003-3403-2935, Al-Mohannadi, Hamad, Awan, Irfan U. and Disso, Jules Ferdinand Pagna (2016) Detection of Malicious Portable Executables Using Evidence Combinational Theory with Fuzzy Hashing. In: 2016 IEEE 4th International Conference on Future Internet of Things and Cloud, 22-24 Aug. 2016, Vienna, Austria. ISBN 9781509040520

Full text not available from this repository.

Abstract

Fuzzy hashing is a known technique that has been adopted to speed up malware analysis processes. However, Hashing has not been fully implemented for malware detection because it can easily be evaded by applying a simple obfuscation technique such as packing. This challenge has limited the usage of hashing to triaging of the samples based on the percentage of similarity between the known and unknown. In this paper, we explore the different ways fuzzy hashing can be used to detect similarities in a file by investigating particular hashes of interest. Each hashing method produces independent but related interesting results which are presented herein. We further investigate combination techniques that can be used to improve the detection rates in hashing methods. Two such evidence combination theory based methods are applied in this work in order propose a novel way of combining the results achieved from different hashing algorithms. This study focuses on file and section Ssdeep hashing, PeHash and Imphash techniques to calculate the similarity of the Portable Executable files. Our results show that the detection rates are improved when evidence combination techniques are used.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: Malware detection; Fuzzy hash; Evidence combinational theory; Common Factor Model; Fuzzy Logic; Portable executable
Subjects: Q Science > QA Mathematics > QA76 Computer software
Divisions: Schools and Research Institutes > School of Business, Computing and Social Sciences
Research Priority Areas: Applied Business & Technology
Depositing User: Susan Turner
Date Deposited: 15 Feb 2018 16:41
Last Modified: 31 Aug 2023 08:01
URI: https://eprints.glos.ac.uk/id/eprint/5386

University Staff: Request a correction | Repository Editors: Update this record

Altmetric
CORE (COnnecting REpositories)

University Of Gloucestershire

Bookmark and Share

Find Us On Social Media:

Social Media Icons Facebook Twitter Google+ YouTube Pinterest Linkedin

Other University Web Sites

University of Gloucestershire, The Park, Cheltenham, Gloucestershire, GL50 2RH. Telephone +44 (0)844 8010001.