Malicious Portable Executables Scoring Methodology using Evidence Combinational Theory with Fuzzy Hashing.
Malware detection and prevention n systems are bypassed by malicious file in computer systems as malware become more complex and vast in number. With the growing need for high performance secure systems, new, efficient and faster malware detection algorithms are required. This implies that better alternatives present day methods have developed or existing methods need to be optimised with new approaches. Fuzzy hashing is an existing static method that has been adopted for sample triaging in malware analysis and detection to speed up the malware analysis processes. File similarity is used to cluster malware into families whose common signature can then be designed. This work explores some of the different hashing techniques that are used in malware analysis now. Although each hashing technique produces interesting results independently, detection of malicious samples based on these results is misleading. Therefore, this study introduces and investigates how different hashing results can be combined to achieve better detection rates. Two evidence combination theory based methods are applied in this work in order propose a novel way of combining the results achieved from different hashing algorithms. Our results show that the detection rates are improved when evidence combination techniques are applied.