ELF-Miner: using structural knowledge and data mining methods to detect new (Linux) malicious executables

Shahzad, Farrukh; Farooq, Muddassar

doi:10.1007/s10115-011-0393-5

Cited by 42 publications

(15 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…we can observe from Table V that the n-gram based method IMAD obtained 77% accuracy with n=6 and Hyper-grams technique obtained maximum accuracy 87.85 % with variable length n-grams. Another method using genetic footprint [17] [18] which using informations from the task structures of Linux OS obtained a 96% accuracy for top 16 features. In comparison, our novel proposed methodology achieves a detection acuracy of 97.3% with top 10 optimal features which considerably reduce the detection time as well as the need of storage.…”

Section: ) Effectiveness Of Proposed Methods In Synthesizing Robustmentioning

confidence: 99%

See 1 more Smart Citation

Linux malware detection using non-parametric statistical methods

Ka¹,

Vinod²

2014

2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI)

View full text Add to dashboard Cite

Linux is the most renowned open source operating system. In recent years, the number of malware targeting Linux OS has been increased and the traditional defence mechanisms seems to be futile. We propose a novel non-parametric statistical approach using machine learning techniques for identifying previously unknown malicious Executable Linkable Files (ELF). The system calls employed as features extracted dynamically within a controlled environment. The proposed approach ranks and determine the prominent features by using non-parametric statistical methods like Kruskal-Wallis ranking test (KW), Deviation From Poisson (DFP). Three learning algorithms (J48, Adaboost and Random Forest) are applied to generate prediction model, from a minimal set of features extracted from the system call traces. Optimal feature vector resulted in over all classification accuracy of 97.30% to identify unknown malicious specimens.

show abstract

Section: ) Effectiveness Of Proposed Methods In Synthesizing Robustmentioning

confidence: 99%

“…The authors in [17] proposed a new approach for Linux malware detection by mining the collection of features from ELF headers of Linux executables. Well-known classifiers implemented in WEKA [14][1] were used to evaluate the method.…”

Section: Related Workmentioning

confidence: 99%

Linux malware detection using non-parametric statistical methods

Ka¹,

Vinod²

2014

2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI)

View full text Add to dashboard Cite

show abstract

“…The methodology is a threefold approach comprising of (a) features selection (b) elimination of redundant features and (c) classification using data mining techniques. The author in [10] proposed a new approach for Linux malware detection by mining feature set collected from ELF headers of Linux executables. Also, a number of well-known classifiers implemented in WEKA [7][13] to evaluate the method.…”

Section: Related Workmentioning

confidence: 99%

Linux Malware Detection Using eXtended–Symmetric Uncertainty

Asmitha¹,

Vinod²

2014

Security, Privacy, and Applied Cryptography Engineering

View full text Add to dashboard Cite

Abstract. We propose a novel two step dimensionality reduction approach based on correlation using machine learning techniques for identifying unseen malicious Executable Linkable Files (ELF). System calls used as features are dynamically extracted in a sandbox environment. The extended version of symmetric uncertainty (X-SU) proposed by us, ranks feature by determining Feature-Class correlation using entropy, information gain and further eliminate the redundant features by estimating Feature-Feature correlation using weighted probabilistic information gain. Three learning algorithms (J48, Adaboost and Random Forest) are employed to generate prediction models, from the system call traces. Optimal feature vector constructed using minimum feature length (27 no.) resulted in over all classification accuracy of 99.40% with very less false alarm to identify unknown malicious specimens.

show abstract

“…For Linux/Unix malware, Shahzad and Farooq analyzed 709 Linux executable and linkable format (ELF) files, extracting features from the ELF header and then applying machine-learning classifiers to detect malware. Their method achieved 99% detection accuracy, with a false alarm rate of less than 0.1% [9]. Bai et al gathered features from ELF file system calls and tested four classification algorithms (J48, Random Forests, AdboostM1, and IBK) for detecting Linux malware, achieving a detection accuracy of approximately 98% [10].…”

Section: Related Workmentioning

confidence: 99%