• English
    • Welsh
  • English 
    • English
    • Welsh
  • Login
Search DSpace:
  • Home
  • Research at Cardiff Met
  • Library Services
  • Contact Us
View item 
  • DSpace home
  • Cardiff School of Technologies
  • School of Technologies Research
  • View item
  • DSpace home
  • Cardiff School of Technologies
  • School of Technologies Research
  • View item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Embedded YARA rules: strengthening YARA rules utilising fuzzy hashing and fuzzy rules for malware analysis

Thumbnail
Author
Naik, Nitin
Jenkins, Paul
Savage, Nick
Yang, Longzhi
Boongoen, Tossapon
Iam-On, Natthakan
Naik, Kshirasagar
Song, Jingping
Date
2020-11-23
Acceptance date
2020-11-05
Type
Article
Publisher
Springer International Publishing
ISSN
2199-4536
2198-6053 (electronic)
Metadata
Show full item record
Abstract
The YARA rules technique is used in cybersecurity to scan for malware, often in its default form, where rules are created either manually or automatically. Creating YARA rules that enable analysts to label files as suspected malware is a highly technical skill, requiring expertise in cybersecurity. Therefore, in cases where rules are either created manually or automatically, it is desirable to improve both the performance and detection outcomes of the process. In this paper, two methods are proposed utilising the techniques of fuzzy hashing and fuzzy rules, to increase the effectiveness of YARA rules without escalating the complexity and overheads associated with YARA rules. The first proposed method utilises fuzzy hashing referred to as enhanced YARA rules in this paper, where if existing YARA rules fails to detect the inspected file as malware, then it is subjected to fuzzy hashing to assess whether this technique would identify it as malware. The second proposed technique called embedded YARA rules utilises fuzzy hashing and fuzzy rules to improve the outcomes further. Fuzzy rules countenance circumstances where data are imprecise or uncertain, generating a probabilistic outcome indicating the likelihood of whether a file is malware or not. The paper discusses the success of the proposed enhanced YARA rules and embedded YARA rules through several experiments on the collected malware and goodware corpus and their comparative evaluation against YARA rules.
Journal/conference proceeding
Complex & Intelligent Systems
Citation
Naik, N., Jenkins, P., Savage, N., Yang, L., Boongoen, T., Iam-On, N., Naik, K. and Song, J. (2021) 'Embedded YARA rules: strengthening YARA rules utilising fuzzy hashing and fuzzy rules for malware analysis', Complex & Intelligent Systems, 7(2), pp.687-702. https://doi.org/10.1007/s40747-020-00233-5
URI
http://hdl.handle.net/10369/11375
DOI
https://doi.org/10.1007/s40747-020-00233-5
Description
Article published in Complex & Intelligent Systems available open access at https://doi.org/10.1007/s40747-020-00233-5
Rights
http://creativecommons.org/licenses/by/4.0/
Sponsorship
Portsmouth University
Collections
  • School of Technologies Research [170]

Related items

Showing items related by title, author, subject and abstract.

  • Thumbnail

    Fuzzy-import hashing: A static analysis technique for malware detection 

    Naik, Nitin; Jenkins, Paul; Savage, Nick; Yang, Longzhi; Boongoen, Tossapon; Iam-On, Natthakan (Elsevier, 2021-04-01)
    The advent of new malware types and their attack vectors poses serious challenges for security experts in discovering effective malware detection and analysis techniques. The preliminary step in malware analysis is filtering ...
  • Thumbnail

    A Fuzzy Cooperative Localisation Framework for Underwater Robotic Swarms 

    Sabra, Adham; Fung, Wai Keung (MDPI, 2020-09-25)
    This article proposes a holistic localisation framework for underwater robotic swarms to dynamically fuse multiple position estimates of an autonomous underwater vehicle while using fuzzy decision support system. A number ...
  • Thumbnail

    Investigation of sketch interpretation techniques into 2D and 3D conceptual design geometry 

    Qin, Sheng-Feng (Cardiff Metropolitan University, 2000)
    This thesis presents the results of new techniques investigated for applying on-line sketching into 2D and 3D conceptual design geometry throughout a whole development process: data collection, concrete curve segmentation ...

Browse

DSpace at Cardiff MetCommunities & CollectionsBy issue dateAuthorsTitlesSubjectsThis collectionBy issue dateAuthorsTitlesSubjects

My Account

Login

Statistics

Most Popular ItemsStatistics by CountryMost Popular Authors

DSpace software copyright © 2002-2015  DuraSpace
Contact us | Send feedback | Administrator