Classification of Ransomware Families Based on Hashing Techniques

Abstract

The primary objective of this research is to propose a novel method for analyzing malware through the utilization of hashing techniques. The proposed approach integrates the use of Import Hash, Fuzzy Hash, and Section Level Fuzzy Hash (SLFH) to create a highly optimized, efficient, and accurate technique to classify ransomware families. To test the proposed methodology, we collected a comprehensive dataset from reputable sources and manually labelled each sample to augment the reliability and precision of our analysis. During the development of the proposed methodology, we introduced new steps and conditions to identify ransomware families, resulting in the highest performance level. The major contributions of this research include the combination of various hashing techniques and the proposal of a hash comparison strategy that facilitates the comparison of section hashes between ransomware and the pre-build database.