Thank you for replying me, from my understanding of my project, i am required to make a prototype malware detection system using Fuzzy Yara Rule and the datasets will be taken from probably Malshare.
Yara rules are one of the most popular and widely used methods for malware detection. Yara rules basically describe patterns that identify particular strains or entire families of malware. Its success or failure is dependent on the quality of rules employed for malware triaging. Yara rules define everything in binary logic, either true or false, which may lead to inaccuracy in malware detection. Fuzzy inference systems use fuzzy rules to reason, where fuzzy rules extend the traditional binary logic to infinite valued logic, which therefore can be used to address the drawbacks of Yara rules. This project aims to develop a prototype fuzzy Yara rule system for malware detection using publicly available datasets. (python) So i think I need to make a yara rules python script and fuzzy hashing python script and one main function script(fuzzy hashing and yara rule) for the implementation part because what I would do now is focusing on the main function first then only the user functionality and design This is the link to the research paper https://ieeexplore.ieee.org/document/9177856 <https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fieeexplore.ieee.org%2Fdocument%2F9177856&data=04%7C01%7Cryan.choy%40northumbria.ac.uk%7C61a42e831dfe42a21c6d08d8d5172f88%7Ce757cfdd1f354457af8f7c9c6b1437e3%7C0%7C0%7C637493642873954149%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=AwcgZ9z4D0quPDbBtauC5Mumqt7NjPVKJnaBRmqw8HY%3D&reserved=0> This is my synthesis phase 5. Design 5.1 Design Documentation 5.2 Software structure 6. Implementation (Coding) 6.1 System structure 6.2 User functionality 7 Testing 7.1 Experimental Work 7.2 Test Results On Thu, 18 Feb 2021 at 7:53 pm, Fernando Mercês <nand...@gmail.com> wrote: > Hi Ryan, > > > > I found your message a bit confusing. You started talking about malware > (samples), then you mentioned you created a web app to detect malicious > URLs. And then you say you’re lost, but what exactly are you targeting? I > don’t think Yara is that binary. Some thoughts: > > > > - The sensitivity of a Yara rule can be lowered to simulate what a > fuzzy approach would be. For example, instead of “all of them” you can have > conditions like “2 of them” or “any of them”. So, a system may have > different rulesets more or less aggressive, depending on what you want. > - AFAIK Virus Total API is limited to 4 requests per minute if you are > not paid user. This can create a bottleneck in your system. Actually, why > do you need Virus Total in this case? > - Yara has support for ssdeep, which is a fuzzy hash algorithm. Also, > it can be extended to include TLSH [2] and telfhash [3] for instance. Or > any other fuzzy, or locally sensitive hash you want. You just have to > create a module and that would be a great contribution to Yara. 😊 > > > > Hope that helps and sorry if I didn’t really answer your question. > > > > [1] https://ssdeep-project.github.io/ssdeep/index.html > > [2] https://github.com/trendmicro/tlsh > > [3] https://github.com/trendmicro/telfhash > > > > Thanks, > > Fernando > > > > > > *From: *yara-project@googlegroups.com <yara-project@googlegroups.com> on > behalf of Ryan Choy <ryan.choyjia...@gmail.com> > *Date: *Monday, 15 February 2021 21:15 > *To: *YARA <yara-project@googlegroups.com> > *Subject: *Malware Detection using Fuzzy Yara Rules > > I am currently doing a dissertation/project and below is the description > of the project > > Yara rules are one of the most popular and widely used methods for malware > detection. Yara rules basically describe patterns that identify particular > strains or entire families of malware. Its success or failure is dependent > on the quality of rules employed for malware triaging. Yara rules define > everything in binary logic, either true or false, which may lead to > inaccuracy in malware detection. Fuzzy inference systems use fuzzy rules to > reason, where fuzzy rules extend the traditional binary logic to infinite > valued logic, which therefore can be used to address the drawbacks of Yara > rules. This project aims to develop a prototype fuzzy Yara rule system for > malware detection using publicly available datasets. (python) > > What i did so far is creating a web application built using django to > detect malicious URL(s) which include phishing/social engineering/malware > infected URL(s) (I could just focus on maybe ransomeware) as I have only > done the web user interface only and for the malware database I planned to > get from github and will be using VirusTotal API. I am really lost right > now :( > > Anyone could just guide me just the brief of what to do will be good > enough as the implementation is the hardest for me > > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to yara-project+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/yara-project/77a039e6-e5b8-4085-b5e2-360c94f0033an%40googlegroups.com > <https://groups.google.com/d/msgid/yara-project/77a039e6-e5b8-4085-b5e2-360c94f0033an%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > -- > You received this message because you are subscribed to a topic in the > Google Groups "YARA" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/yara-project/LBmx3h5SxQk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > yara-project+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/yara-project/DM6PR10MB3900FD30A44DC0BAC8D11A6AA6859%40DM6PR10MB3900.namprd10.prod.outlook.com > <https://groups.google.com/d/msgid/yara-project/DM6PR10MB3900FD30A44DC0BAC8D11A6AA6859%40DM6PR10MB3900.namprd10.prod.outlook.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to yara-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/yara-project/CAEhWxK99So1KCAq5s2mnzz-XaKiSqVaEvN8XGHVvvv2khdpd8Q%40mail.gmail.com.
