Jayanthi Ramamoorthy, Khushi Gupta, Ram C. Kafle, N. Shashidhar, C. Varol
{"title":"利用系统调用进行 Linux 物联网恶意软件检测的新型静态分析方法","authors":"Jayanthi Ramamoorthy, Khushi Gupta, Ram C. Kafle, N. Shashidhar, C. Varol","doi":"10.3390/electronics13152906","DOIUrl":null,"url":null,"abstract":"The proliferation of Internet of Things (IoT) devices on Linux platforms has heightened concerns regarding vulnerability to malware attacks. This paper introduces a novel approach to investigating the behavior of Linux IoT malware by examining syscalls and library syscall wrappers extracted through static analysis of binaries, as opposed to the conventional method of using dynamic analysis for syscall extraction. We rank and categorize Linux system calls based on their security significance, focusing on understanding malware intent without execution. Feature analysis of the assigned syscall categories and risk ranking is conducted with statistical tests to validate their effectiveness and reliability in differentiating between malware and benign binaries. Our findings demonstrate that potential threats can be reliably identified with an F1 score of 96.86%, solely by analyzing syscalls and library syscall wrappers. This method can augment traditional static analysis, providing an effective preemptive measure to enhance Linux malware analysis. This research highlights the importance of static analysis in strengthening IoT systems against emerging malware threats.","PeriodicalId":504598,"journal":{"name":"Electronics","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-07-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Novel Static Analysis Approach Using System Calls for Linux IoT Malware Detection\",\"authors\":\"Jayanthi Ramamoorthy, Khushi Gupta, Ram C. Kafle, N. Shashidhar, C. Varol\",\"doi\":\"10.3390/electronics13152906\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The proliferation of Internet of Things (IoT) devices on Linux platforms has heightened concerns regarding vulnerability to malware attacks. This paper introduces a novel approach to investigating the behavior of Linux IoT malware by examining syscalls and library syscall wrappers extracted through static analysis of binaries, as opposed to the conventional method of using dynamic analysis for syscall extraction. We rank and categorize Linux system calls based on their security significance, focusing on understanding malware intent without execution. Feature analysis of the assigned syscall categories and risk ranking is conducted with statistical tests to validate their effectiveness and reliability in differentiating between malware and benign binaries. Our findings demonstrate that potential threats can be reliably identified with an F1 score of 96.86%, solely by analyzing syscalls and library syscall wrappers. This method can augment traditional static analysis, providing an effective preemptive measure to enhance Linux malware analysis. This research highlights the importance of static analysis in strengthening IoT systems against emerging malware threats.\",\"PeriodicalId\":504598,\"journal\":{\"name\":\"Electronics\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Electronics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3390/electronics13152906\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Electronics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/electronics13152906","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
Linux 平台上物联网 (IoT) 设备的激增加剧了人们对恶意软件攻击脆弱性的担忧。本文介绍了一种研究 Linux 物联网恶意软件行为的新方法,即通过静态分析二进制文件来检查系统调用和库系统调用包装器,而不是使用动态分析来提取系统调用的传统方法。我们根据安全重要性对 Linux 系统调用进行排序和分类,重点是在不执行的情况下了解恶意软件的意图。我们通过统计测试对分配的系统调用类别和风险排名进行了特征分析,以验证它们在区分恶意软件和良性二进制文件方面的有效性和可靠性。我们的研究结果表明,仅通过分析系统调用和库系统调用封装,就能可靠地识别潜在威胁,F1 得分为 96.86%。这种方法可以增强传统的静态分析,为加强 Linux 恶意软件分析提供有效的先发制人的措施。这项研究强调了静态分析在加强物联网系统应对新兴恶意软件威胁方面的重要性。
A Novel Static Analysis Approach Using System Calls for Linux IoT Malware Detection
The proliferation of Internet of Things (IoT) devices on Linux platforms has heightened concerns regarding vulnerability to malware attacks. This paper introduces a novel approach to investigating the behavior of Linux IoT malware by examining syscalls and library syscall wrappers extracted through static analysis of binaries, as opposed to the conventional method of using dynamic analysis for syscall extraction. We rank and categorize Linux system calls based on their security significance, focusing on understanding malware intent without execution. Feature analysis of the assigned syscall categories and risk ranking is conducted with statistical tests to validate their effectiveness and reliability in differentiating between malware and benign binaries. Our findings demonstrate that potential threats can be reliably identified with an F1 score of 96.86%, solely by analyzing syscalls and library syscall wrappers. This method can augment traditional static analysis, providing an effective preemptive measure to enhance Linux malware analysis. This research highlights the importance of static analysis in strengthening IoT systems against emerging malware threats.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
