Static Analysis and Machine Learning for Runtime Library Detection in Linux Binaries
摘要
The upsurge of malware targeting Internet of Things (IoT) devices demands effective approaches. This work announces a new method, stimulated by MANTILLA, which influences machine learning models. Through a prominence on architecture-independent characteristics from binary procedures, the system progresses its competence to differentiate among several libraries as well as architectures. Classification accuracy is further enhanced by employing a majority voting technique such that the output of the model is robust and reliable. Besides the machine learning-based classification, the paper incorporates a malware detection module based on signature matching. This two-pronged approach enables the system to cross-check discovered runtime libraries against a large database of pre-collected malware signatures. By marking possible security threats according to this comparison, the system greatly increases its ability to identify malicious binaries, thus offering an added layer of security for IoT devices. This unification of detection and classification mechanisms plays an important role in dealing with the changing nature of malware threats. Although encouraging results were obtained through this project, more evaluation should be done for comparison of the efficiency of KNN with other models, for example, Random Forest.