Cyberthreat Hunting - Part 1: Triaging Ransomware using Fuzzy Hashing, Import Hashing and YARA Rules

Naik, Nitin, Jenkins, Paul, Savage, Nick and Yang, Longzhi (2019) Cyberthreat Hunting - Part 1: Triaging Ransomware using Fuzzy Hashing, Import Hashing and YARA Rules. In: Fuzzy Systems (FUZZ-IEEE), IEEE International Conference. IEEE, Piscataway, NJ. ISBN 9781538617281

[img]
Preview
Text
FUZZ_IEEE_19_CyberThreatHunting_I.pdf - Accepted Version

Download (209kB) | Preview

Abstract

Ransomware is currently one of the most significant cyberthreats to both national infrastructure and the individual, often requiring severe treatment as an antidote. Triaging ransomware based on its similarity with well-known ransomware samples is an imperative preliminary step in preventing a ransomware pandemic. Selecting the most appropriate triaging method can improve the precision of further static and dynamic analysis in addition to saving significant time and effort. Currently, the most popular and proven triaging methods are fuzzy hashing, import hashing and YARA rules, which can ascertain whether, or to what degree, two ransomware samples are similar to each other. However, the mechanisms of these three methods are quite different and their comparative assessment is difficult. Therefore, this paper presents an evaluation of these three methods for triaging the four most pertinent ransomware categories WannaCry, Locky, Cerber and CryptoWall. It evaluates their triaging performance and run-time system performance, highlighting the limitations of each method.

Item Type: Book Section
Subjects: G400 Computer Science
Department: Faculties > Engineering and Environment > Computer and Information Sciences
Depositing User: Becky Skoyles
Date Deposited: 10 Apr 2019 08:20
Last Modified: 31 Jul 2021 17:46
URI: http://nrl.northumbria.ac.uk/id/eprint/38877

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics