Implementasi Fuzzy Hashing untuk Signature Malware
Cryptographic hash value has long been used as a database of signatures to identify malware. The most widely used is the MD5 and/or SHA256. In addition, there are fuzzy hashing that slightly different from the traditional hash: length hash value is not fixed and hash value can be used to calculate the degree of similarity of some malware that may still be a variant. This research use ssdeep tool to calculate fuzzy hash. Database signature with fuzzy hash is smaller than SHA256 and larger than MD5. The level of accuracy for the detection of script-based malware variants is greater than the executable-based malware variants.
Index Terms—file signature, fuzzy hashing, malware signature, rolling hashing, sha
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.