Yara规则在Android中的实现

2023 International Conference on Computer Communication and Informatics (ICCCI) Pub Date : 2023-01-23 DOI:10.1109/ICCCI56745.2023.10128288

Pragya Bharti, Shreya Saha Roy, A. Suresh

{"title":"Yara规则在Android中的实现","authors":"Pragya Bharti, Shreya Saha Roy, A. Suresh","doi":"10.1109/ICCCI56745.2023.10128288","DOIUrl":null,"url":null,"abstract":"Malwares are malicious softwares aimed to damage and destroy computer systems and networks. Malware can exist in a wide variety of devices and operating systems. Cryptographic hashing and fuzzy hashing are two types of signature-based malware detection and classification techniques. In this paper we have tried to study the implementation of YARA rules in Android operating system, the properties of YARA rules and how it helps in an efficient detection of malicious android applications in the market. We outline the syntactical structure of YARA rules, their use cases, and how to create a YARA rule for a single malware or a family of malwares using Androguard and Cuckoo.","PeriodicalId":205683,"journal":{"name":"2023 International Conference on Computer Communication and Informatics (ICCCI)","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Implementation of Yara Rules in Android\",\"authors\":\"Pragya Bharti, Shreya Saha Roy, A. Suresh\",\"doi\":\"10.1109/ICCCI56745.2023.10128288\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Malwares are malicious softwares aimed to damage and destroy computer systems and networks. Malware can exist in a wide variety of devices and operating systems. Cryptographic hashing and fuzzy hashing are two types of signature-based malware detection and classification techniques. In this paper we have tried to study the implementation of YARA rules in Android operating system, the properties of YARA rules and how it helps in an efficient detection of malicious android applications in the market. We outline the syntactical structure of YARA rules, their use cases, and how to create a YARA rule for a single malware or a family of malwares using Androguard and Cuckoo.\",\"PeriodicalId\":205683,\"journal\":{\"name\":\"2023 International Conference on Computer Communication and Informatics (ICCCI)\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 International Conference on Computer Communication and Informatics (ICCCI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICCCI56745.2023.10128288\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 International Conference on Computer Communication and Informatics (ICCCI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCI56745.2023.10128288","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

恶意软件是旨在破坏和破坏计算机系统和网络的恶意软件。恶意软件可以存在于各种各样的设备和操作系统中。加密哈希和模糊哈希是两种基于签名的恶意软件检测和分类技术。本文试图研究YARA规则在Android操作系统中的实现，YARA规则的特性，以及它如何帮助有效检测市场上的恶意Android应用程序。我们概述了YARA规则的语法结构，它们的用例，以及如何使用Androguard和Cuckoo为单个恶意软件或一系列恶意软件创建YARA规则。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Implementation of Yara Rules in Android

Malwares are malicious softwares aimed to damage and destroy computer systems and networks. Malware can exist in a wide variety of devices and operating systems. Cryptographic hashing and fuzzy hashing are two types of signature-based malware detection and classification techniques. In this paper we have tried to study the implementation of YARA rules in Android operating system, the properties of YARA rules and how it helps in an efficient detection of malicious android applications in the market. We outline the syntactical structure of YARA rules, their use cases, and how to create a YARA rule for a single malware or a family of malwares using Androguard and Cuckoo.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2023 International Conference on Computer Communication and Informatics (ICCCI)

自引率

0.00%

发文量