Malicious Portable Executables Scoring Methodology using Evidence Combinational Theory with Fuzzy Hashing.

Malicious Portable Executables Scoring Methodology using Evidence Combinational Theory with Fuzzy Hashing.

You are invited to ACM Event for Monday 20th June, 2016 holding in Horton D 0.15  at 2.00pm. The event is an academic talk with the presentation details:
Speaker:   Anitta Patience Namanya

Topic :        

Malicious Portable Executables Scoring Methodology using Evidence Combinational Theory with Fuzzy Hashing.

 
Abstract:

Malware detection and prevention n systems are bypassed by malicious file in computer systems as malware become more complex and vast in number. With the growing need for high performance secure systems, new, efficient and faster malware detection algorithms are required. This implies that better alternatives present day methods have developed or existing methods need to be optimised with new approaches. Fuzzy hashing is an existing static method that has been adopted for sample triaging in malware analysis and detection to speed up the malware analysis processes. File similarity is used to cluster malware into families whose common signature can then be designed. This work explores some of the different hashing techniques that are used in malware analysis now. Although each hashing technique produces interesting results independently, detection of malicious samples based on these results is misleading. Therefore, this study introduces and investigates how different hashing results can be combined to achieve better detection rates. Two evidence combination theory based methods are applied in this work in order propose a novel way of combining the results achieved from different hashing algorithms. Our results show that the detection rates are improved when evidence combination techniques are applied.


Contents :

  • Introduction – The world of malware evolution.
  • Problem statement
  • Aims and Objectives
  • My contribution to safer computing.
  • Background:
    • Hashing Algorithms
    • Evidence Combinational theory
  • Related Works
  • Proposed method design and architecture
  • Evaluation methods
  • Experimentation setup and scenarios
  • Initial study results and analysis
  • Extended study results and analysis
  • Why does this method work and why is it better?
  • Conclusion and future work.
  • Acknowledgments
  • Q&A