ELF-Miner: Using Structural Knowledge and Data Mining for Detecting Linux Malicious Executables

Linux malware can pose a significant threat - its (Linux) penetration is exponentially increasing - because little is known or understood about its vulnerabilities. The authors believe that now is the right time to devise non-signature based zero-day (previously unknown) malware detection strategies before Linux intruders take them by surprise. Therefore, in this paper, they first do a forensic analysis of Linux Executable and Linkable Format (ELF) files. As a result, they can select a features' set of 383 features that are extracted from an ELF header. Their forensic analysis provides insight into different features that have the potential to discriminate malware executables from benign ones.

Provided by: National University of Computer and Emerging Sciences Topic: Big Data Date Added: Feb 2011 Format: PDF

Find By Topic