Version 1
: Received: 2 July 2024 / Approved: 2 July 2024 / Online: 3 July 2024 (10:48:13 CEST)
How to cite:
Ramamoorthy, J.; Gupta, K.; Kafle, R. C.; Shashidhar, N. K.; Varol, C. A Novel Static Analysis Approach Using System Calls for Linux IoT Malware Detection. Preprints2024, 2024070268. https://doi.org/10.20944/preprints202407.0268.v1
Ramamoorthy, J.; Gupta, K.; Kafle, R. C.; Shashidhar, N. K.; Varol, C. A Novel Static Analysis Approach Using System Calls for Linux IoT Malware Detection. Preprints 2024, 2024070268. https://doi.org/10.20944/preprints202407.0268.v1
Ramamoorthy, J.; Gupta, K.; Kafle, R. C.; Shashidhar, N. K.; Varol, C. A Novel Static Analysis Approach Using System Calls for Linux IoT Malware Detection. Preprints2024, 2024070268. https://doi.org/10.20944/preprints202407.0268.v1
APA Style
Ramamoorthy, J., Gupta, K., Kafle, R. C., Shashidhar, N. K., & Varol, C. (2024). A Novel Static Analysis Approach Using System Calls for Linux IoT Malware Detection. Preprints. https://doi.org/10.20944/preprints202407.0268.v1
Chicago/Turabian Style
Ramamoorthy, J., Narasimha K. Shashidhar and Cihan Varol. 2024 "A Novel Static Analysis Approach Using System Calls for Linux IoT Malware Detection" Preprints. https://doi.org/10.20944/preprints202407.0268.v1
Abstract
The proliferation of Internet of Things (IoT) devices on Linux platforms has heightened concerns regarding vulnerability to malware attacks. This paper introduces a novel approach to investigating the behavior of Linux IoT malware by examining syscalls and library syscall wrappers extracted through static analysis of binaries, as opposed to the conventional method of using dynamic analysis for syscall extraction. We rank and categorize Linux system calls based on their security significance, focusing on understanding malware intent without execution.Feature analysis of the assigned syscall categories and risk ranking is conducted with statistical tests to validate their effectiveness and reliability in differentiating between malware and benign binaries. Our findings demonstrate that potential threats can be reliably identified with an F1 score of 96.86%, solely by analyzing syscalls and library syscall wrappers. This method can augment traditional static analysis, providing an effective preemptive measure to enhance Linux malware analysis. This research highlights the importance of static analysis in strengthening IoT systems against emerging malware threats.
Keywords
ELF static analysis; Linux system calls; machine learning; malware detection
Subject
Computer Science and Mathematics, Security Systems
Copyright:
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.