Assessing the Effectiveness of YARA Rules for Signature-Based Malware Detection and Classification
This addresses malware detection for cybersecurity practitioners, but appears incremental as it compares existing methods without introducing new techniques.
The paper tackles the problem of malware detection and classification by evaluating the effectiveness of YARA rules compared to cryptographic and fuzzy hashing methods, but no concrete results or numbers are provided in the abstract.
Malware often uses obfuscation techniques or is modified slightly to evade signature detection from antivirus software and malware analysis tools. Traditionally, to determine if a file is malicious and identify what type of malware a sample is, a cryptographic hash of a file is calculated. A more recent and flexible solution for malware detection is YARA, which enables the creation of rules to identify and classify malware based on a file's binary patterns. In this paper, the author will critically evaluate the effectiveness of YARA rules for signature-based detection and classification of malware in comparison to alternative methods, which include cryptographic and fuzzy hashing.