China
Africa
Explore chapters and articles related to this topic
Machine Learning
Published in Ravi Das, Practical AI for Cybersecurity, 2021
“Fuzzy” hashing techniques can be used to thwart some of these simple modifications to the malware binary and still detect these metamorphic versions. Context Triggered Piecewise Hash (CTPH) [Source a] is an example of this approach. Rather than compute a single hash across the entire file, a hash is generated for many segments of the file. In this case, a single bit change would only affect one of the hashes, leaving the remaining hashes to identify the malware sample. Even in this case, multiple small changes throughout the file can result in different hashes for each segment of the file.
System Threats
Published in Nicholas Kolokotronis, Stavros Shiaeles, Cyber-Security Threats, Actors, and Dynamic Mitigation, 2021
Konstantinos-Panagiotis Grammatikakis, Nicholas Kolokotronis
Fuzzy hashing techniques can also be used, allowing samples to be grouped in clusters (or malware families) of samples with similar contents and structure. For example, a number of malware analysis services and public sandboxes (VirusTotal3 being one of them) generate SSDeep hashes for every file received.
Optimization of virtual machines performance using fuzzy hashing and genetic algorithm-based memory deduplication of static pages
Published in Automatika, 2023
N. Jagadeeswari, V. Mohanraj, Y. Suresh, J. Senthilkumar
Due to a huge number of unwanted page comparisons, the KSM approach will not be efficient, since it consumes enormous CPU cycles. For this reason, all pages are classified into various categories to avoid unnecessary comparisons. The same category pages are having higher priority of being shared and other categories of different groups are not shared. Furthermore, the similarity detection of pages is limited based on their similar category. The implementation of this application classification is done in offline mode. The method of fuzzy hashing, often referred to as similarity hashing, is used to identify an application that is nearly identical to other applications but not quite. In contrast, cryptographic hash algorithms are made to produce dramatically different hashes for even the smallest variations. The following benefits of the clustering (or classification) method known as agglomerative hierarchical clustering (AHC) include: It begins with the differences among the items to be classified together. The type of dissimilarity can be appropriate for the topic being examined and the type of data being used. Algorithm 1 shows the grouping of similar applications using fuzzy hashing and clusters are formed by the Agglomerative hierarchical clustering approach.