Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.6.1327

Study of Static Analysis and Ensemble-Based Linux Malware Classification  

Hwang, Jun-ho (Hoseo University)
Lee, Tae-jin (Hoseo University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.6, 2019 , pp. 1327-1337 More about this Journal
Abstract
With the growth of the IoT market, malware security threats are steadily increasing for devices that use the linux architecture. However, except for the major malware causing serious security damage such as Mirai, there is no related technology or research of security community about linux malware. In addition, the diversity of devices, vendors, and architectures in the IoT environment is further intensifying, and the difficulty in handling linux malware is also increasing. Therefore, in this paper, we propose an analysis system based on ELF which is the main format of linux architecture, and a binary based analysis system considering IoT environment. The ELF-based analysis system can be pre-classified for a large number of malicious codes at a relatively high speed and a relatively low-speed binary-based analysis system can classify all the data that are not preprocessed. These two processes are supposed to complement each other and effectively classify linux-based malware.
Keywords
Linux Malware; Machine Learning; Static Analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Securelist.com, "Mobile malware evolution 2018", https://securelist.com/mobile-malware-evolution-2018/89689/, accessed Dec 10.
2 KISA & KrCERT, "2016 Mirai Malware Trends Report", https://www.krcert.or.kr/data/reportView.do?bulletin_writing_sequence=24864&queryString=cGFnZT0xJnNvcnRfY29kZT0mc2VhcmNoX3NvcnQ9dGl0bGVfbmFtZSZzZWFyY2hfd29yZD1taXJhaSZ4PTAmeT0w, accessed Dec 10.
3 Li. Jin, Sun. L, Yan. Q, Li. Z, Srisa-an. W and Ye. H, "Significant permission identification for machinelearning-based android malware detection," IEEE Transactions on Industrial Informatics, vol. 14, no. 7, pp. 3216-3225, July. 2018.   DOI
4 Kolosnjaji. B, Demontis. A, Biggio. B, Maiorca. D, Giacinto. G, Eckert. C and Roli. F, "Adversarial malware binaries: Evading deep learning for malware detection in executables," 2018 26th European Signal Processing Conference(EUSIPCO), IEEE, Dec. 2018.
5 Machiry. A, Redini. N, Gustafson. E, Fratantonio. Y, Choe. Y. R, Kruegel. C, and Vigna. G, "Using Loops For Malware Classification Resilient to Feature-unaware Perturbations," Proceedings of the 34th Annual Computer Security Applications Conference. ACM, pp. 112-123, Dec. 2018.
6 Kakisim. A. G, Nar. M, Carkaci. N and Sogukpinar. I, "Analysis and Evaluation of Dynamic Feature-Based Malware Detection Methods," International Conference on Security for Information Technology and Communications. Springer, Cham, pp. 247-258, Nov. 2018.
7 Raff. E, Zak. R, Cox. R, Sylvester. J, Yacci. P, Ward. R and Nicholas. C, "An investigation of byte n-gram features for malware classification," Journal of Computer Virology and Hacking Techniques, vol. 14, no. 1, pp. 1-20, Feb. 2018.   DOI
8 HaddadPajouh. H. Dehghantanha. A, Khayami. R and Choo. K. K. R, "A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting," Future Generation Computer Systems 85, vol. 85, pp. 88-98, Aug. 2018.   DOI
9 Cozzi. E, Graziano. M, Fratantonio and Balzarotti. D, "Understanding Linux Malware," IEEE Symposium on Security and Privacy, pp. 161-175, May. 2018.
10 Costin. A, Zaddach. J, Francillon. A and Balzarotti. D, "A large-scale analysis of the security of embedded firmwares." 23rd {USENIX} Security Symposium ({USENIX} Security 14), pp. 95-110, Aug. 2014.
11 U. Baldangombo, N. Jambaljav, SJ. Horng, "A Static Malware Detection System Using Data Mining Methods," Cornell University, Aug. 2013.
12 K. Iwamoto, K. Wasaki, "Malware Classification based on Extracted API Sequences using Static Analysis," Internet Engineering Conference, pp. 31-38, Nov. 2012.
13 Younghoon Lee, "A Study on Generic Unpacking using Entropy Variation Analysis," Journal of the Korean Institute of Information Security and Cryptology, vol. 22, no. 2, pp. 179-188, June. 2012.
14 ARM, "ARM ELF", https://www.uclibc.org/docs/psABI-arm.pdf, accessed Dec 10.
15 virusshare, "virusshare", https://virusshare.com/, accessed Dec 10.
16 AV-TEST, "Security Report 2016/17", https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf, accessed Dec 10.