Antimalware applied to IoT malware detection based on softcore processor endowed with authorial sandbox

Antimalware applied to IoT malware detection based on softcore processor endowed with authorial sandbox

연구 분야: Safety

학회: Journal of Computer Virology and Hacking Techniques

Presently, the Internet of Things (IoT) plays a crucial role in modern life, connecting hundreds of billions of devices to the internet. With the widespread adoption of smart technology, the number of cyber attacks on them has increased in recent years. New IoT malware variants, like the botnet, keep emerging. This happens because of the use of complex obfuscation and evasion techniques. The availability of substantial resources further exacerbates the proliferation of malware. These makes malware the major cyber villain currently in scenarios of IoT. This work creates an Antimalware from Dynamic Malware Analysis. It uses Artificial Neural Networks, endowed with statistical learning and Artificial Intelligence. The Antimalware specializes in detecting malware for 32-bit softcore IoT architectures of the SPARC type. The proposed methodology is to run the suspected ELF file for 32-bit SPARC architecture. The goal is to intentionally infect the audited GNU/Linux in a controlled environment. When the questionable ELF file runs, the authorial antimalware supervises it. Then, the antimalware statistically evaluates 2,909 possible actions it can do. The authorial antimalware is good at discriminating benign and malware SPARC ELF files. It has an average performance of 99.96 %. The study looks at the authorial antimalware architectures under different starting conditions and learning functions. The aim is to use different settings to maximize its accuracy. Smart antimalware programs can provide what commercial antimalware programs lack or are limited in malware detection. The authorial antimalware detects ELF SPARC malware preventively. This is unlike Clamav and other mainstream antimalware, which detect reactively. They use blacklists, but the authorial antimalware does not.