Abstract
Through the history of desktop and server-oriented malware, Microsoft Windows was notoriously known as one of the heavily attacked Operating Systems (OS). Several factors caused this, including unobstructed installation of third-party software. Unix-like OS is considerably less susceptible to malware infections. However, there are still a few examples of successful malicious software. The challenge is that there are not that many software tools available to analyze Linux malware, including well-known automated intelligent machine learning-aided classification. Our contribution in this paper is twofolded. First, we look at the most popular approaches to analyze Linux malware into families and types. Simple binary classification is no longer efficient and it is more important to know the exact class of malware to speed up incident response. Second, we suggested methodology for multinomial Linux malware classification using deep neural network. This approach overcomes the limitation of shallow neural networks used before for multinomial Windows PE32 malware classification. Such classification has been explored successfully for MS Windows, yet, not on the Linux malware. Our focus also is specifically on desktop and server Intel-compatible Linux malware rather than affiliated ARM binaries that require designed IoT environment to run successfully. This work will serve as a stepping stone for efficient intelligent Linux malware classification using deep learning-based methods. We have created a novel dataset with 10,574 malware files labeled into 19 malware types and 442 malware families
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
A brief history of linux malware. Accessed 24 June 2020.
Malware names. https://docs.microsoft.com/nb-no/windows/security/threat-protection/intelligence/malware-naming. Accessed 06 Feb 2020.
Naming scheme - caro - computer antivirus research organization. www.caro.org/naming/scheme.html. Accessed 07 Feb 2020.
Virusshare. https://www.VirusShare.com/. Accessed 17 Feb 2020.
Virustotal. https://www.virustotal.com/. Accessed 17 Feb 2020.
Virustotal statistics. https://www.virustotal.com/en/statistics/. Accessed 04 Feb 2020.
Vxheaven. Accessed 22 June 2020.
The short life and hard times of a linux virus. 2000. Accessed 24 June 2020.
Shodan.io. 2020. https://www.shodan.io. Accessed 24 June 2020.
Amer, Eslam, and Ivan Zelinka. 2020. A dynamic windows malware detection and prediction method based on contextual understanding of api call sequence. Computers & Security 92: 101760.
Bai, Jinrong, Yanrong Yang, Mu Shiguang, and Yu Ma. 2013. Malware detection through mining symbol table of linux executables. Information Technology Journal 12 (2): 380.
Boelen, Michael. 2019. The 101 of elf files on linux: Understanding and analysis. https://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/.
cbtnuggets. Why linux runs 90 percent of the public cloud workload. Accessed 12 June 2020.
TIS Committee et al. 1995. Tool interface standard (tis) executable and linking format (elf) specification version 1.2.
Coull, Scott, and Christopher Gardner. 2018. What are deep neural networks learning about malware? https://www.fireeye.com/blog/threat-research/2018/12/what-are-deep-neural-networks-learning-about-malware.html.
Cozzi, Emanuele, Mariano Graziano, Yanick Fratantonio, and Davide Balzarotti. 2018. Understanding linux malware. In 2018 IEEE symposium on security and privacy (SP), 161–175. IEEE.
Das, Ankush. 2018. Reasons why linux is better than windows. 11 (3): 11. https://itsfoss.com/linux-better-than-windows/.
Denzer, Thilo, Andrii Shalaginov, and Geir Olav Dyrkolbotn. 2019. Intelligent windows malware type detection based on multiple sources of dynamic characteristics. NISK Journal, 12.
Duncan, Rory, and Z. Cliffe Schreuders. 2019. Security implications of running windows software on a linux system using wine: A malware analysis study. Journal of Computer Virology and Hacking Techniques 15 (1): 39–60.
Eset. Linux and malware: Should you worry? Accessed 12 June 2020.
Granneman, Scott. 2020. Linux vs. windows viruses, 2003. Accessed 24 June 2020.
Hofmann, Frank. 2019. Understanding the elf file format. https://linuxhint.com/understanding_elf_file_format/.
Hwang, Chanwoong, Junho Hwang, Jin Kwak, and Taejin Lee. 2020. Platform-independent malware analysis applicable to windows and linux environments. Electronics 9 (5): 793.
Jayasinghe, Keshani, and Guhanathan Poravi. 2020. A survey of attack instances of cryptojacking targeting cloud infrastructure. In Proceedings of the 2020 2nd Asia pacific information technology conference, 100–107.
Kolias, Constantinos, Georgios Kambourakis, Angelos Stavrou, and Jeffrey Voas. 2017. Ddos in the iot: Mirai and other botnets. Computer 50 (7): 80–84.
Kononenko, Igor, and Matjaz Kukar. 2007. Machine learning and data mining. Sawston: Horwood Publishing.
Liu, Yingying, and Yiwei Wang. 2019. A robust malware detection system using deep learning on api calls. In 2019 IEEE 3rd information technology, networking, electronic and automation control conference (ITNEC), 1456–1460. IEEE.
Markel, Zane, and Michael Bilzor. 2014. Building a machine learning classifier for malware detection. In 2014 second workshop on anti-malware testing research (WATeR), 1–4. IEEE.
Noyes, Katherine. 2010. Why linux is more secure than windows. Luettavissa:http://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html.Luettu, vol 14, 2014.
Sebastián, Marcos, Richard Rivera, Platon Kotzias, and Juan Caballero. 2016. Avclass: A tool for massive malware labeling. In International symposium on research in attacks, intrusions, and defenses, 230–253. Springer.
Shahzad, Farrukh, and Muddassar Farooq. 2012. Elf-miner: Using structural knowledge and data mining methods to detect new (linux) malicious executables. Knowledge and Information Systems 30 (3): 589–612.
Shalaginov, Andrii, Sergii Banin, Ali Dehghantanha, and Katrin Franke. Machine learning aided static malware analysis: A survey and tutorial. In Cyber threat intelligence, 7–45. Cham: Springer.
Shalaginov, Andrii, and Katrin Franke. A deep neuro-fuzzy method for multi-label malware classification and fuzzy rules extraction. In 2017 IEEE symposium series on computational intelligence (SSCI), 1–8. IEEE.
Shalaginov, Andrii, Lars Strande Grini, and Katrin Franke. 2016. Understanding neuro-fuzzy on a class of multinomial malware detection problems. In International joint conference on neural networks (IJCNN) 2016, 684–691. Research Publishing Services.
Statcounter. Operating system market share worldwide: May 2019–May 2020. Accessed 11 June 2020.
Sun, Zhi, Zhihong Rao, Jianfeng Chen, Rui Xu, Da He, Hui Yang, and Jie Liu. 2019. An opcode sequences analysis method for unknown malware detection. In Proceedings of the 2019 2nd international conference on geoinformatics and data analysis, 15–19.
Tarek, Radah, Saadi Chaimae, and Chaoui Habiba. 2020. Runtime api signature for fileless malware detection. In Future of information and communication conference, 645–654. Springer.
Tobiyama, Shun, Yukiko Yamaguchi, Hajime Shimada, Tomonori Ikuse, and Takeshi Yagi. 2016. Malware detection with deep neural network using process behavior. In 2016 IEEE 40th annual computer software and applications conference (COMPSAC), vol 2, 577–582. IEEE.
Webster, George D, Bojan Kolosnjaji, Christian von Pentz, Julian Kirsch, Zachary D Hanif, Apostolis Zarras, and Claudia Eckert. 2017. Finding the needle: A study of the pe32 rich header and respective malware triage. In International conference on detection of intrusions and malware, and vulnerability assessment, 119–138. Springer.
Malware Wiki. Linux. Accessed 12 June 2020.
Yang, June Ho, and Yeonseung Ryu. 2015. Toward an efficient pe-malware detection tool. Advanced Science and Technology Letters 109: 14–17.
Zhoghov, Victor. 2017. The ransomware “Petya” as a challenge to the cybersecurity of Ukraine, main factors of spreading this virus in the focus of Ukraine, the steps taken by the authorities to combat this phenomenon and suggest ways to improve such activities using experience of other countries. PhD thesis, Victor Zhoghov The ransomware “Petya” as a challenge to the cybersecurity of ....
Zhou, Huan. 2018. Malware detection with neural network using combined features. In China cyber security annual conference, 96–106. Springer.
Acknowledgements
Authors would like to acknowledge NTNU Malware Lab for the support and VirusTotal Intelligence Premium Services for access to data. Moreover, we are grateful to VirusShare for priceless data collection and contribution toward malware analysis community. Finally, the utilization of PEframe for ELF files processing gave valuable results making this research possible.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Shalaginov, A., Øverlier, L. (2021). A Novel Study on Multinomial Classification of x86/x64 Linux ELF Malware Types and Families Through Deep Neural Networks. In: Stamp, M., Alazab, M., Shalaginov, A. (eds) Malware Analysis Using Artificial Intelligence and Deep Learning. Springer, Cham. https://doi.org/10.1007/978-3-030-62582-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-62582-5_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62581-8
Online ISBN: 978-3-030-62582-5
eBook Packages: Computer ScienceComputer Science (R0)