Malware Behavioural Hash (mbh): An Entropy-driven Digital Forensic Framework For Large-scale Malware Attribution

• Author(s):

  Dr. Kiran Dodiya | Dr. Parvesh Sharma | Dr. Kapil Kumar

• Keywords:

  Digital Forensic Investigation, Malware Attribution, Behavioural Entropy, Malware Behavioural Hash (MBH), Capability Vectorisation, Locality-Sensitive Hashing, Cross-Case Correlation, Forensic Evidence Modelling

• Abstract:

  The Increasing Sophistication Of Polymorphic And Obfuscated Malware Has Significantly Weakened Traditional Static Hash-based Attribution Mechanisms In Digital Forensic Investigations. Minor Code Mutations, Packing Techniques, And Structural Transformations Render Cryptographic And Fuzzy Hashes Ineffective For Evidentiary Correlation. This Paper Proposes A Novel Entropy-driven Malware Behavioural Hash (MBH) Framework Designed Specifically For Digital Forensic Investigation And Large-scale Attribution. The Proposed Model Integrates Forensic Evidence Acquisition, Behavioral Artifact Extraction, Capability Vectorisation, Entropy Profiling, Dimensionality Reduction, And Locality-sensitive Hashing To Produce A Mutation-resilient Behavioural Fingerprint. Unlike Conventional Binary Hashes, MBH Preserves Semantic Behavioural Similarity While Enabling Scalable Cross-case Correlation, Campaign Attribution, And Courtroom Defensibility. Experimental Modelling Demonstrates That The Entropy-guided Behavioural Compression Significantly Enhances Attribution Confidence While Reducing Storage And Computational Overhead. The Framework Contributes A Standardised Forensic Methodology For Behavioural Malware Compression And Evidentiary Linkage In Large-scale Investigations.

---

Other Details

• Paper id:

  IJSARTV12I2104580

• Published in:

  Volume: 12 Issue: 2 February 2026

• Publication Date:

  2026-02-14

Download Article