Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness

Naik N, Jenkins P, Cooke R, Gillett J, Jin Y (2020)
In: 2020 IEEE Symposium Series on Computational Intelligence (SSCI). IEEE: 1146-1153.

Konferenzbeitrag | Veröffentlicht | Englisch
 
Download
Es wurden keine Dateien hochgeladen. Nur Publikationsnachweis!
Autor*in
Naik, Nitin; Jenkins, Paul; Cooke, Roger; Gillett, Jonathan; Jin, YaochuUniBi
Abstract / Bemerkung
Emerging as a widely accepted technique for malware analysis, YARA rules due to its flexible and customisable nature, allows malware analysts to develop rules according to the requirements of a specific security domain. YARA rules can be automatically generated using tools, however, they may require post-processing for their optimisation, and may not be effective for the specific security domain. This compels the requirement to enhance automatically generated YARA rules and increase their effectiveness for malware analysis without increasing computational overheads. Reflecting on the above requirement, this paper initially evaluates automatically generated YARA rules using three YARA tools: yarGen, yaraGenerator and yabin. These tools are Python-based open-source tools used to generate YARA rules automatically utilising different underlying techniques. Subsequently, it proposes a method to enhance automatically generated YARA rules using a fuzzy hashing method. This proposed enhancement method can improve the effectiveness of YARA rules irrespective of the chosen YARA tool used to generate YARA rules, which is demonstrated through several experiments on samples of collected malware and goodware.
Erscheinungsjahr
2020
Titel des Konferenzbandes
2020 IEEE Symposium Series on Computational Intelligence (SSCI)
Seite(n)
1146-1153
Konferenz
2020 IEEE Symposium Series on Computational Intelligence (SSCI)
Konferenzort
Canberra, ACT, Australia
Konferenzdatum
2020-12-01 – 2020-12-04
eISBN
978-1-7281-2547-3
Page URI
https://pub.uni-bielefeld.de/record/2978414

Zitieren

Naik N, Jenkins P, Cooke R, Gillett J, Jin Y. Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness. In: 2020 IEEE Symposium Series on Computational Intelligence (SSCI). IEEE; 2020: 1146-1153.
Naik, N., Jenkins, P., Cooke, R., Gillett, J., & Jin, Y. (2020). Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness. 2020 IEEE Symposium Series on Computational Intelligence (SSCI), 1146-1153. IEEE. https://doi.org/10.1109/SSCI47803.2020.9308179
Naik, Nitin, Jenkins, Paul, Cooke, Roger, Gillett, Jonathan, and Jin, Yaochu. 2020. “Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness”. In 2020 IEEE Symposium Series on Computational Intelligence (SSCI), 1146-1153. IEEE.
Naik, N., Jenkins, P., Cooke, R., Gillett, J., and Jin, Y. (2020). “Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness” in 2020 IEEE Symposium Series on Computational Intelligence (SSCI) (IEEE), 1146-1153.
Naik, N., et al., 2020. Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness. In 2020 IEEE Symposium Series on Computational Intelligence (SSCI). IEEE, pp. 1146-1153.
N. Naik, et al., “Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness”, 2020 IEEE Symposium Series on Computational Intelligence (SSCI), IEEE, 2020, pp.1146-1153.
Naik, N., Jenkins, P., Cooke, R., Gillett, J., Jin, Y.: Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness. 2020 IEEE Symposium Series on Computational Intelligence (SSCI). p. 1146-1153. IEEE (2020).
Naik, Nitin, Jenkins, Paul, Cooke, Roger, Gillett, Jonathan, and Jin, Yaochu. “Evaluating Automatically Generated YARA Rules and Enhancing Their Effectiveness”. 2020 IEEE Symposium Series on Computational Intelligence (SSCI). IEEE, 2020. 1146-1153.

Link(s) zu Volltext(en)
Access Level
Restricted Closed Access

Export

Markieren/ Markierung löschen
Markierte Publikationen

Open Data PUB

Suchen in

Google Scholar