Implementasi Fuzzy Hashing untuk Signature Malware

  • Aditia Rinaldi Universitas Multimedia Nusantara

Abstract

Cryptographic hash value has long been used as a database of signatures to identify malware. The most widely used is the MD5 and/or SHA256. In addition, there are fuzzy hashing that slightly different from the traditional hash: length hash value is not fixed and hash value can be used to calculate the degree of similarity of some malware that may still be a variant. This research use ssdeep tool to calculate fuzzy hash. Database signature with fuzzy hash is smaller than SHA256 and larger than MD5. The level of accuracy for the detection of script-based malware variants is greater than the executable-based malware variants.

Index Terms—file signature, fuzzy hashing, malware signature, rolling hashing, sha

Downloads

Download data is not yet available.
Published
2014-06-01
How to Cite
Rinaldi, A. (2014). Implementasi Fuzzy Hashing untuk Signature Malware. Ultima Computing : Jurnal Sistem Komputer, 6(1), 33-38. https://doi.org/https://doi.org/10.31937/sk.v6i1.293