search menu icon-carat-right cmu-wordmark

Posts by David French

Writing Effective YARA Signatures to Identify Malware

Writing Effective YARA Signatures to Identify Malware

• Blog
David French

In previous blog posts, I have written about applying similarity measures to malicious code to identify related files and reduce analysis expense. Another way to observe similarity in malicious code is to leverage analyst insights by identifying files that possess some property in common with a particular file of interest. One way to do this is by using YARA, an open-source project that helps researchers identify and classify malware. YARA has gained enormous popularity in...

Read More
Fuzzy Hashing Against Different Types of Malware

Fuzzy Hashing Against Different Types of Malware

• Blog
David French

Malware, which is short for "malicious software," is a growing problem for government and commercial organizations since it disrupts or denies important operations, gathers private information without consent, gains unauthorized access to system resources, and other inappropriate behaviors. A previous blog postdescribed the use of "fuzzy hashing" to determine whether two files suspected of being malware are similar, which helps analysts potentially save time by identifying opportunities to leverage previous analysis of malware when confronted...

Read More
Fuzzy Hashing Techniques in Applied Malware Analysis

Fuzzy Hashing Techniques in Applied Malware Analysis

• Blog
David French

Malware--generically defined as software designed to access a computer system without the owner's informed consent--is a growing problem for government and commercial organizations. In recent years, research into malware focused on similarity metrics to decide whether two suspected malicious files are similar to one another. Analysts use these metrics to determine whether a suspected malicious file bears any resemblance to already verified malicious files. Using these metrics allows analysts to potentially save time, by identifying...

Read More

Contact the Author

David French

SEI Digital Library

SEI Publications

Visit the SEI Digital Library to see other publications by David French

View publications