![[2602.15376] A Unified Evaluation of Learning-Based Similarity Techniques for Malware Detection](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.15376] A Unified Evaluation of Learning-Based Similarity Techniques for Malware Detection
Summary
This paper presents a systematic evaluation of learning-based similarity techniques for malware detection, comparing various methods under a unified framework to identify their strengths and weaknesses.
Why It Matters
As cybersecurity threats evolve, traditional methods of malware detection are often inadequate. This study highlights the importance of using a combination of similarity techniques to enhance malware analysis and threat detection, providing a foundation for future research and practical applications in security.
Key Takeaways
- The study benchmarks various learning-based similarity techniques for malware detection.
- No single method excels across all evaluation metrics; each has distinct trade-offs.
- Combining different techniques can enhance effectiveness in malware analysis.
- The research utilizes large, publicly available datasets for a comprehensive comparison.
- This is the first reproducible study to evaluate these techniques side by side.
Computer Science > Cryptography and Security arXiv:2602.15376 (cs) [Submitted on 17 Feb 2026] Title:A Unified Evaluation of Learning-Based Similarity Techniques for Malware Detection Authors:Udbhav Prasad, Aniesh Chawla View a PDF of the paper titled A Unified Evaluation of Learning-Based Similarity Techniques for Malware Detection, by Udbhav Prasad and Aniesh Chawla View PDF HTML (experimental) Abstract:Cryptographic digests (e.g., MD5, SHA-256) are designed to provide exact identity. Any single-bit change in the input produces a completely different hash, which is ideal for integrity verification but limits their usefulness in many real-world tasks like threat hunting, malware analysis and digital forensics, where adversaries routinely introduce minor transformations. Similarity-based techniques address this limitation by enabling approximate matching, allowing related byte sequences to produce measurably similar fingerprints. Modern enterprises manage tens of thousands of endpoints with billions of files, making the effectiveness and scalability of the proposed techniques more important than ever in security applications. Security researchers have proposed a range of approaches, including similarity digests and locality-sensitive hashes (e.g., ssdeep, sdhash, TLSH), as well as more recent machine-learning-based methods that generate embeddings from file features. However, these techniques have largely been evaluated in isolation, using disparate datasets and evaluation ...
