Identification of library functions statically linked to Linux malware without symbols

Akabane, Shu; Okamoto, Toshio

doi:10.1016/j.procs.2020.09.053

Cited by 3 publications

(2 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A comprehensive survey of static detection methods for IoT malware was conducted by Ngo et al [ 4 ]. The authors objectively evaluated the existing static analysis methods using the same dataset and experimental setup as all other competitor methods.…”

Section: Related Workmentioning

confidence: 99%

“…Rapid advances in software development techniques allow the source code of malware to be compiled into different executable programs tailored to different central processing unit (CPU) architectures via toolchains [ 4 ]. In addition to accelerating the spread of IoT malware, this also means that malware detection methods [ 5 , 6 ] based on a single CPU architecture do not meet the analysis requirements any longer.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS

Zhao

Kuerban

2023

Sensors

View full text Add to dashboard Cite

With the development of internet technology, the Internet of Things (IoT) has been widely used in several aspects of human life. However, IoT devices are becoming more vulnerable to malware attacks due to their limited computational resources and the manufacturers’ inability to update the firmware on time. As IoT devices are increasing rapidly, their security must classify malicious software accurately; however, current IoT malware classification methods cannot detect cross-architecture IoT malware using system calls in a particular operating system as the only class of dynamic features. To address these issues, this paper proposes an IoT malware detection approach based on PaaS (Platform as a Service), which detects cross-architecture IoT malware by intercepting system calls generated by virtual machines in the host operating system acting as dynamic features and using the K Nearest Neighbors (KNN) classification model. A comprehensive evaluation using a 1719 sample dataset containing ARM and X86-32 architectures demonstrated that MDABP achieves 97.18% average accuracy and a 99.01% recall rate in detecting samples in an Executable and Linkable Format (ELF). Compared with the best cross-architecture detection method that uses network traffic as a unique type of dynamic feature with an accuracy of 94.5%, practical results reveal that our method uses fewer features and has higher accuracy.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS

Zhao

Kuerban

2023

Sensors

View full text Add to dashboard Cite

show abstract

IoT malware: An attribute-based taxonomy, detection mechanisms and challenges

Victor,

Lashkari,

et al. 2023

Peer-to-Peer Netw. Appl.

View full text Add to dashboard Cite

During the past decade, the Internet of Things (IoT) has paved the way for the ongoing digitization of society in unique ways. Its penetration into enterprise and day-to-day lives improved the supply chain in numerous ways. Unfortunately, the profuse diversity of IoT devices has become an attractive target for malware authors who take advantage of its vulnerabilities. Accordingly, enhancing the security of IoT devices has become the primary objective of industrialists and researchers. However, most present studies lack a deep understanding of IoT malware and its various aspects. As understanding IoT malware is the preliminary base of research, in this work, we present an IoT malware taxonomy with 100 attributes based on the IoT malware categories, attack types, attack surfaces, malware distribution architecture, victim devices, victim device architecture, IoT malware characteristics, access mechanisms, programming languages, and protocols. In addition, we have mapped these categories into 77 IoT Malwares identified between 2008 and 2022. Furthermore, To provide insight into the challenges in IoT malware research for future researchers, our study also reviews the existing IoT malware detection works.

show abstract

Identification of toolchains used to build IoT malware with statically linked libraries

Akabane

Okamoto

2021

Procedia Computer Science

View full text Add to dashboard Cite

Identification of library functions statically linked to Linux malware without symbols

Cited by 3 publications

References 4 publications

MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS

MDABP: A Novel Approach to Detect Cross-Architecture IoT Malware Based on PaaS

IoT malware: An attribute-based taxonomy, detection mechanisms and challenges

Identification of toolchains used to build IoT malware with statically linked libraries

Contact Info

Product

Resources

About