Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Home
  • Attend
    • Registration Information
    • Registration Discounts
    • Venue, Hotel, and Travel
    • Co-located Workshops
  • Program
    • Workshop Program
  • Participate
    • Instructions for Participants
    • Call for Papers
  • Sponsorship
  • About
    • Workshop Organizers
    • Services
    • Questions
    • Help Promote!
    • Past Workshops
  • Home
  • Attend
  • Program
  • Participate
    • Instructions for Participants
    • Call for Papers
  • Sponsorship
  • About
    • Workshop Organizers
    • Services
    • Questions
    • Help Promote!
    • Past Workshops

sponsors

Media Sponsor

help promote

CSET '16 button

connect with us


  •  Twitter
  •  Facebook
  •  LinkedIn
  •  Google+
  •  YouTube

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Experimental Study of Fuzzy Hashing in Malware Clustering Analysis
Tweet

connect with us

Experimental Study of Fuzzy Hashing in Malware Clustering Analysis

Authors: 

Yuping Li, Sathya Chandran Sundaramurthy, Alexandru G. Bardas, Xinming Ou, and Doina Caragea, Kansas State University; Xin Hu and Jiyong Jang, IBM Research

Abstract: 

Malware triaging is the process of analyzing malicious software applications’ behavior to develop detection signatures. This task is challenging, especially due to the enormous number of samples received by the vendors with limited amount of analyst time. Triaging usually starts with an analyst classifying samples into known and unknown malware. Recently, there have been various attempts to automate the process of grouping similar malware using a technique called fuzzy hashing – a type of compression functions for computing the similarity between individual digital files. Unfortunately, there has been no rigorous experimentation or evaluation of fuzzy hashing algorithms for malware similarity analysis in the research literature. In this paper, we perform extensive study of existing fuzzy hashing algorithms with the goal of understanding their applicability in clustering similar malware. Our experiments indicate that current popular fuzzy hashing algorithms suffer from serious limitations that preclude them from being used in similarity analysis. We identified novel ways to construct fuzzy hashing algorithms and experiments show that our algorithms have better performance than existing algorithms.

Yuping Li, Kansas State University

Sathya Chandran Sundaramurthy, Kansas State University

Alexandru G. Bardas, Kansas State University

Xinming Ou, Kansas State University

Doina Caragea, Kansas State University

Xin Hu, IBM Research

Jiyong Jang, IBM Research

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {191669,
author = {Yuping Li and Sathya Chandran Sundaramurthy and Alexandru G. Bardas and Xinming Ou and Doina Caragea and Xin Hu and Jiyong Jang},
title = {Experimental Study of Fuzzy Hashing in Malware Clustering Analysis},
booktitle = {8th Workshop on Cyber Security Experimentation and Test (CSET 15)},
year = {2015},
address = {Washington, D.C.},
url = {https://www.usenix.org/conference/cset15/workshop-program/presentation/li},
publisher = {USENIX Association},
month = aug,
}
Download
Li PDF
View the slides
  • Log in or    Register to post comments

Media Sponsors & Industry Partners

© USENIX

  • Privacy Policy
  • Contact Us