Embedding Fuzzy Rules with YARA Rules for Performance Optimisation of Malware Analysis

Nitin Naik, Paul Jenkins, Nick Savage, Longzhi Yang, Kshirasagar Naik, Jingping Song

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

11 Citations (Scopus)
594 Downloads (Pure)

Abstract

YARA rules utilises string or pattern matching to perform malware analysis and is one of the most effective methods in use today. However, its effectiveness is dependent on the quality and quantity of YARA rules employed in the analysis. This can be managed through the rule optimisation process, although, this may not necessarily guarantee effective utilisation of YARA rules and its generated findings during its execution phase, as the main focus of YARA rules is in determining whether to trigger a rule or not, for a suspect sample after examining its rule condition. YARA rule conditions are Boolean expressions, mostly focused on the binary outcome of the malware analysis, which may limit the optimised use of YARA rules and its findings despite generating significant information during the execution phase. Therefore, this paper proposes embedding fuzzy rules with YARA rules to optimise its performance during the execution phase. Fuzzy rules can manage imprecise and incomplete data and encompass a broad range of conditions, which may not be possible in Boolean logic. This embedding may be more advantageous when the YARA rules become more complex, resulting in multiple complex conditions, which may not be processed efficiently utilising Boolean expressions alone, thus compromising effective decision-making. This proposed embedded approach is applied on a collected malware corpus and is tested against the standard and enhanced YARA rules to demonstrate its success.

Original languageEnglish
Title of host publication2020 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE)
Place of PublicationPiscataway
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages7
ISBN (Electronic)9781728169323
ISBN (Print)9781728169330
DOIs
Publication statusPublished - Jul 2020
EventIEEE WCCI 2020: FUZZ-IEEE 2020 - Glasgow, United Kingdom
Duration: 19 Jul 202024 Jul 2020
https://wcci2020.org/

Publication series

NameIEEE International Conference on Fuzzy Systems
Volume2020-July
ISSN (Print)1098-7584

Conference

ConferenceIEEE WCCI 2020
Country/TerritoryUnited Kingdom
CityGlasgow
Period19/07/2024/07/20
Internet address

Keywords

  • Fuzzy Hashing
  • Fuzzy Logic
  • Fuzzy Rules
  • Malware Analysis
  • Performance Optimisation
  • Ransomware
  • YARA Rules

Fingerprint

Dive into the research topics of 'Embedding Fuzzy Rules with YARA Rules for Performance Optimisation of Malware Analysis'. Together they form a unique fingerprint.

Cite this