Similarity hash based scoring of portable executable files for efficient malware detection in IoT

Anitta Patience Namanya; Irfan U. Awan; Jules Pagna Disso; Muhammad Younas

首页> 外文期刊>Future generation computer systems >Similarity hash based scoring of portable executable files for efficient malware detection in IoT

【24h】

Similarity hash based scoring of portable executable files for efficient malware detection in IoT

机译：基于相似性散列的便携式可执行文件评分，以便在IOT中有效恶意软件检测

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

The current rise in malicious attacks shows that existing security systems are bypassed by malicious files. Similarity hashing has been adopted for sample triaging in malware analysis and detection. File similarity is used to cluster malware into families such that their common signature can be designed. This paper explores four hash types currently used in malware analysis for portable executable (PE) files. Although each hashing technique produces interesting results, when applied independently, they have high false detection rates. This paper investigates into a central issue of how different hashing techniques can be combined to provide a quantitative malware score and to achieve better detection rates. We design and develop a novel approach for malware scoring based on the hashes results. The proposed approach is evaluated through a number of experiments. Evaluation clearly demonstrates a significant improvement (＞ 90%) in true detection rates of malware.

机译：恶意攻击的当前增加表明，现有的安全系统被恶意文件绕过。在恶意软件分析和检测中采用样品三脉冲采用了相似性散列。文件相似度用于将恶意软件群集到家庭中，以便设计其常用签名。本文探讨了用于便携式可执行（PE）文件的恶意软件分析中使用的四种哈希类型。虽然每个散列技术都会产生有趣的结果，但在独立应用时，它们具有高误检测率。本文调查了如何组合不同散列技术的核心问题，以提供定量恶意软件评分并实现更好的检测率。我们设计并开发了基于哈希结果的恶意软件评分的新方法。所提出的方法通过许多实验进行评估。评估清楚地证明了恶意软件的真实检测率的显着改善（> 90％）。

著录项

来源
《Future generation computer systems》 |2020年第9期|824-832|共9页
作者
Anitta Patience Namanya; Irfan U. Awan; Jules Pagna Disso; Muhammad Younas;
展开▼
作者单位

School of Electrical Engineering and Computer Science University of Bradford UK;

School of Electrical Engineering and Computer Science University of Bradford UK;

Cyber Risk Intelligence BNP Paribas London UK;

School of Engineering Computing and Mathematics Oxford Brookes University UK;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Malware; Static analysis; Detection; Hashes; Internet of things;

机译：恶意软件;静态分析;检测;哈希;物联网;

相似文献

外文文献
中文文献
专利

1. Understanding uses and misuses of similarity hashing functions for malware detection and family clustering in actual scenarios [J] . Botacin Marcus, Moia Vitor Hugo Galhardo, Ceschin Fabricio, Digital investigation . 2021,第1期

机译：在实际情况下了解类似于恶意软件检测和族聚类的相似性散列函数的使用和滥用
2. Integrated Feature Extraction Approach Towards Detection of Polymorphic Malware In Executable Files [J] . Emmanuel Masabo, Kyanda Swaib Kaawaase, Julianne Sansa-Otim, International Journal of Computer Science and Security . 2017,第2期

机译：面向可执行文件中多态恶意软件检测的集成特征提取方法
3. Study on Assembly Code Based Malware Classification Method in Executable File [J] . Advanced Science Letters . 2016,第10期

机译：基于汇编代码的恶意软件分类方法在可执行文件中的研究
4. IoT-Malware Detection Based on Byte Sequences of Executable Files [C] . Tzu-Ling Wan, Tao Ban, Yen-Ting Lee, Asia Joint Conference on Information Security . 2020

机译：基于可执行文件字节序列的物联网恶意软件检测
5. Similarity Hashing of Malware on IoT Devices [D] . Hughes, Michael B. 2019

机译：IOT设备上恶意软件的相似性散列
6. An Efficient DenseNet-Based Deep Learning Model for Malware Detection [O] . Jeyaprakash Hemalatha, S. Abijah Roseline, Subbiah Geetha, 2021

机译：基于高效的恶意软件检测的深度学习模型
7. Similarity hash based scoring of portable executable files for efficient malware detection in IoT [O] . Anitta Patience Namanya, Irfan U. Awan, Jules Pagna Disso, 2020

机译：基于相似性散列的便携式可执行文件评分，以便在IOT中有效恶意软件检测

Similarity hash based scoring of portable executable files for efficient malware detection in IoT

摘要

著录项

相似文献

相关主题

期刊订阅