Abstract: Over the past two decades, cyber-security research community has been working on detecting malicious programs for the Windows-based operating system. However, the recent exponential growth in popularity of IoT (Internet of Things) devices is causing the malware landscape to change rapidly. This so-called 'IoT Revolution ' has fueled the interests of malware authors which has led to an exponential growth in Linux malware. The increasing number of malware is becoming a serious threat to data privacy as well as to the expensive computer resources. Manual malware analysis is not effective due to the large number of such cases. Furthermore, the malware authors are using various obfuscation techniques to impede the detection of traditional signature-based anti-virus system. As a result, automated yet robust malware analysis is much needed. In this thesis, we develop a hybrid approach by integrating both static features as well as dynamic features of a malware, to detect it efficiently. We performed our analysis on 7717 malware and 2265 benign files and got a highly promising detection accuracy of 99.14%. All prior work on Linux malware analysis used less than 1000 malware, and hence the accuracy numbers reported by them are not completely validated. Our work improves over prior work in two ways: substantial enhancement in the dataset, and hybrid analysis based on both static and dynamic features.
Anmol Kumar Shrivastava