Similarity Digest Search: A Survey and Comparative Analysis of Strategies to Perform Known File Filtering Using Approximate Matching

Moia, Vitor Hugo Galhardo; Henriques, Marco Aurélio Amaral

doi:10.1155/2017/1306802

Cited by 7 publications

(9 citation statements)

References 30 publications

(60 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In this work, we provide a solution for malware (repacked) detection using static analysis with fuzzy hashes. Two approaches are used for malware analysis, i.e., static analysis [12] and dynamic analysis [13]. In this study, our focus is on the static analysis of malware with the help of fuzzy hashes.…”

Section: Introductionmentioning

confidence: 99%

Security Hardened and Privacy Preserved Android Malware Detection Using Fuzzy Hash of Reverse Engineered Source Code

Ali

Batool

Yousaf

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

The risk of malware has increased drastically in recent years due to advances in the IT industry but it also increased the need for malware analysis and prevention. Hackers inject malicious code using awful applications. In this research, a framework is proposed to identify malicious Android applications based on repacked malicious code. The sensitive features of android applications are extracted using source code. These extracted features are compared with existing malware signatures to identify repacked malicious android applications. Experiments are performed using 3490 android-based malware samples belonging to 21 different malware families. A threshold value for malware categorization is defined using fuzzy logic. If the fuzzy comparison match is greater than 40%, the application is malicious. Meanwhile, if the match is greater than 10% and less than 40%, the application is suspicious otherwise benign. Furthermore, the proposed framework presents around 74% of the repacked malware compared to other similar approaches.

show abstract

Section: Introductionmentioning

confidence: 99%

Security Hardened and Privacy Preserved Android Malware Detection Using Fuzzy Hash of Reverse Engineered Source Code

Ali

Batool

Yousaf

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In the context of database forensics and data acquisition, the challenges of big data analysis and data mining techniques for digital forensics [72], [73], and text clustering [74] were investigated. Moreover, a survey of techniques to perform similarity digest search is provided in [75].…”

Section: E Filesystems Memory and Data Storage Forensicsmentioning

confidence: 99%

Section: Challenge/limitation Referencesmentioning

confidence: 99%

“…[58], [61], [66], [67], [69], [75] Lack of standardized tools and technologies [59], [65], [66], [69], [70], [74] Forensic seizure and analysis of proprietary and/or distributed filesystems [58]- [60], [70], [71], [71], [73] Variety of format and content type. Not standard logging features and settings [61], [65]- [70], [73], [75] No validation/verification in real-life scenarios and large datasets [72], [74] Subjectivity of the evaluation of content retrieval algorithms [72], [74] Advanced knowledge and training of analysts and investigators [69], [72] Lack of guidance for investigators regarding selective search and seize. Subjectivity of search terms based on investigator's experience [69], [74] Difficulty to apply low-level analysis techniques, hindering correctness of the results [62], [70] Sophisticated malware implementing antiforensic techniques [61]- [63], [74] Volatile data acquisition due to hardware constraints [71] Stealthy non-memory-resident malware [64] Handling, execution and monitoring of memory [61], [63], […”

Section: Challenge/limitation Referencesmentioning

confidence: 99%

See 1 more Smart Citation

Research Trends, Challenges, and Emerging Topics in Digital Forensics: A Review of Reviews

et al. 2022

View full text Add to dashboard Cite

This work was supported by the European Commission under the Horizon 2020 Programme (H2020), as part of the projects LOCARD (https://locard.eu) (Grant Agreement no. 832735) and CyberSec4Europe (https://www.cybersec4europe.eu) (Grant Agreement no. 830929). F. Casino was supported by the Beatriu de Pinós programme of the Government of Catalonia (Grant No. 2020 BP 00035). The content of this article does not reflect the official opinion of the European Union. Responsibility for the information and views expressed therein lies entirely with the authors.

show abstract

“…O método para tornar a busca de similaridade mais eficiente varia para cada estratégia, podendo ser a utilização de tabelas hash ou deárvores de filtros de Bloom [Moia and Henriques 2017]. Apesar das vantagens trazidas por estas estratégias, elas apresentam problemas em relaçãoà alta quantidade de falsos positivos, istoé, os pares de arquivos que as estratégias afirmam serem similares não se provam similares quando se examina o conteúdo do dado, gerado pelo usuário.…”

Section: Trabalhos Relacionadosunclassified

Avaliação do impacto da remoção de características comuns em estratégias de busca de arquivos similares

Velho

Moia

Henriques

2021

Anais Do XXI Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2021)

Self Cite

View full text Add to dashboard Cite

Investigações de forense digital enfrentam um importante problema: a grande quantidade de arquivos armazenados em dispositivos apreendidos. Para analisar esses dispositivos de forma mais eficiente, utilizam-se estratégias de busca de similaridade, capazes de encontrar arquivos idênticos, ou até mesmo similares, à um dado conjunto de arquivos, usando técnicas de pareamento aproximado. No entanto, esta busca pode ser prejudicada devido a blocos comuns, como cabeçalhos, presentes em diferentes arquivos. Este trabalho objetiva avaliar o impacto da remoção de blocos comuns na performance das estratégias. Os resultados mostram uma redução significativa na taxa de falsos positivos com um aumento aceitável no tempo de execução.

show abstract

Similarity Digest Search: A Survey and Comparative Analysis of Strategies to Perform Known File Filtering Using Approximate Matching

Cited by 7 publications

References 30 publications

Security Hardened and Privacy Preserved Android Malware Detection Using Fuzzy Hash of Reverse Engineered Source Code

Security Hardened and Privacy Preserved Android Malware Detection Using Fuzzy Hash of Reverse Engineered Source Code

Research Trends, Challenges, and Emerging Topics in Digital Forensics: A Review of Reviews

Avaliação do impacto da remoção de características comuns em estratégias de busca de arquivos similares

Contact Info

Product

Resources

About