loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Haoping Liu 1 ; Josiah Hagen 1 ; Muqeet Ali 1 and Jonathan Oliver 2

Affiliations: 1 TrendMicro Research, U.S.A. ; 2 The University of Queensland, Australia

Keyword(s): Malware Triage, Similarity Hashes, Approximate Matching.

Abstract: Detection of polymorphic malware variants is crucial in cyber security. Searching and clustering are crucial tools for security analysts and SOC operators in malware analysis and hunting. Similarity hashing generates similarity digests based on binary files, allowing for the calculation of similarity scores, saving time and resources in malware triage operations. In this paper, we compare the accuracy and run time of TLSH and LZJD algorithms, both based on windows-based malware samples. TLSH is widely used in industry, while LZJD is newly developed and released in academia. TLSH hashes skip-n-grams into a histogram, providing distance scores based on histogram similarity, while LZJD converts byte strings into sub-strings, providing similarity scores between the sets. Our experiments show that TLSH performs slightly better than LZJD in detection rate, but vastly outperforms LZJD in index and search time.

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 74.48.170.251

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Liu, H. ; Hagen, J. ; Ali, M. and Oliver, J. (2023). An Evaluation of Malware Triage Similarity Hashes. In Proceedings of the 25th International Conference on Enterprise Information Systems - Volume 1: ICEIS; ISBN 978-989-758-648-4; ISSN 2184-4992, SciTePress, pages 431-435. DOI: 10.5220/0011728500003467

@conference{iceis23,
author={Haoping Liu and Josiah Hagen and Muqeet Ali and Jonathan Oliver},
title={An Evaluation of Malware Triage Similarity Hashes},
booktitle={Proceedings of the 25th International Conference on Enterprise Information Systems - Volume 1: ICEIS},
year={2023},
pages={431-435},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011728500003467},
isbn={978-989-758-648-4},
issn={2184-4992},
}

TY - CONF

JO - Proceedings of the 25th International Conference on Enterprise Information Systems - Volume 1: ICEIS
TI - An Evaluation of Malware Triage Similarity Hashes
SN - 978-989-758-648-4
IS - 2184-4992
AU - Liu, H.
AU - Hagen, J.
AU - Ali, M.
AU - Oliver, J.
PY - 2023
SP - 431
EP - 435
DO - 10.5220/0011728500003467
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: [email protected]

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic