Static Malware Analysis using ELF features for Linux based IoT devices

Abstract

With the growing deployment of Internet of Things (IoT) devices in diverse domains, malware authors have started using these devices as attack vectors for distributed attacks targeting critical computing infrastructures. Since IoT devices are highly resource-constrained, traditional malware analysis techniques are usually ineffective to mitigate new and unknown malware threats. In this paper, we propose a novel, fast, and resource-efficient malware detection methodology that makes use of machine learning and focuses on detecting zero-day malware targeting Linux OS. Our approach extracts static features from the Linux Executable and Linkable Format (ELF) executables and applies the chi-square feature selection technique to reduce the number of features, without impacting the overall accuracy. We have evaluated our approach using 7 machine learning models including J48, JRip, PART, Random Forest, Naive Bayes, Logistic, and RIDOR. Compared to other state-of-the-art works, time taken to train these models was very less. The experimental results show that our proposed methodology can achieve an accuracy of more than 99% with less than 0.1% false positive and false negative rate.