Skip to main content
Springer Nature Link
Log in

Hierarchical Heterogeneous Ant Colony Optimization Based Approach to Optimize File Similarity Searches Using ssDeep

  • Conference paper
  • First Online:
Advances in Swarm Intelligence (ICSI 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13968))

Included in the following conference series:

  • 578 Accesses

Abstract

Identifying files similar to a particular file helps forensic investigators to identify malwares. The computational complexity of the existing approaches in literature for identifying similar files using ssDeep signatures is high. Brian Wallace had proposed an approach to optimize ssDeep comparisons. However, the drawback is that the substrings of the incoming chunks are checked for a match with the substrings of chunks in the reference list before an edit distance method is applied. Thus to further optimize the search space, a Hierarchical Heterogeneous Ant Colony Optimization based approach to detect similarity in ssDeep signatures (HHACOS) algorithm is proposed. The substrings of the chunks and double chunks of the incoming ssDeep message digest is compared with the substrings of the chunks and the double chunks of the ssDeep digests in the reference list. An ant agent identifies the search space and the number of substrings of the chunks and double chunks of the message digest in the reference list matching with the incoming ssDeep digest is found and the similarity between the files is computed. It is shown that HHACOS algorithm scales well compared to the existing approaches in terms of computational complexity. Also, the accuracy of detecting file similarity is efficient.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Wallace, B.: Optimizing ssDeep for Use at Scale. Cylance, USA (2015). Grooten, M. (ed.)

    Google Scholar 

  2. Broder, A.Z.: On the resemblance and containment of documents. In: Proceedings of the 1997 International Conference on Compression and Complexity of Sequences, pp. 21–29, June 1997 (1997)

    Google Scholar 

  3. Breitinger, F., Guttman, B., McCarrin, M., Roussev, V., White, D.: Approximate matching: definition and terminology. Natl. Inst. Stand. Technol. 800, Article ID 168 (2014)

    Google Scholar 

  4. Wu, G.: String Similarity Metrics, Edit Distance. https://www.baeldung.com/cs/author/gangwu

  5. Jianzhong, Z., Kai, P., Yuntao, Y., Jingdong, X.: iCTPH: an approach to publish and lookup CTPH digests in chord. In: Hsu, C.-H., Yang, L.T., Park, J.H., Yeo, S.-S. (eds.) ICA3PP 2010. LNCS, vol. 6082, pp. 244–253. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13136-3_25

    Chapter  Google Scholar 

  6. Abrahamy, J.: Intezer Community Tip: How to Optimize ssDeep Comparisons with ElasticSearch. https://www.intezer.com/blog/malware-analysis/intezer-community-tip-ssdeep-comparisons-with-elasticsearch/. Accessed 19 Sept 2017

  7. Rusin, M., Zaitseva, E.: Hierarchical heterogeneous ant colony optimization. In: Proceedings of the IEEE Federated Conference on Computer Science and Information Systems, pp. 197–203 (2012)

    Google Scholar 

  8. Sreelaja, N.K., Sreeja, N.K.: An ant colony optimization based approach for binary search. In: Tan, Y., Shi, Y. (eds.) ICSI 2021. LNCS, vol. 12689, pp. 311–321. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-78743-1_28

    Chapter  Google Scholar 

  9. Moia, V.H.G., Henriques, M.A.A.: Similarity digest search: a survey and comparative analysis of strategies to perform known file filtering using approximate matching. Secur. Commun. Netw. 2017, 17 (2017). Article ID 1306802

    Google Scholar 

  10. Winter, C., Schneider, M., Yannikos, Y.: F2S2: fast forensic similarity search through indexing piecewise hash signatures. Digit. Investig. 10(4), 361–371 (2013)

    Google Scholar 

  11. http://ssdeep.sourceforge.net/ (http://ssdeep.sourceforge.net/)

  12. https://www.nist.gov/itl/ssd/software-quality-group/ssdeep-datasets

Download references

Author information

Authors and Affiliations

  1. PSG College of Technology, Coimbatore, India

    N. K. Sreelaja & N. K. Sreeja

Authors
  1. N. K. Sreelaja
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. N. K. Sreeja
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to N. K. Sreelaja .

Editor information

Editors and Affiliations

  1. Peking University, Beijing, China

    Ying Tan

  2. Southern University of Science and Technology, Shenzhen, China

    Yuhui Shi

  3. Harbin Institute of Technology, Shenzhen, China

    Wenjian Luo

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Sreelaja, N.K., Sreeja, N.K. (2023). Hierarchical Heterogeneous Ant Colony Optimization Based Approach to Optimize File Similarity Searches Using ssDeep. In: Tan, Y., Shi, Y., Luo, W. (eds) Advances in Swarm Intelligence. ICSI 2023. Lecture Notes in Computer Science, vol 13968. Springer, Cham. https://doi.org/10.1007/978-3-031-36622-2_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-36622-2_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-36621-5

  • Online ISBN: 978-3-031-36622-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics