Antivirus solution to IoT malware detection with authorial next-generation sandbox

Nowadays, the internet of things (IoT) significantly impacts people’s lives, reaching hundreds of billions of devices connected to the World Wide Web. Given the popularity of smart devices, the amount of cyber-attacks targeting technology has grown in the past few years. Malware is currently the mai...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:The Journal of supercomputing 2025, Vol.81 (1), Article 151
Hauptverfasser: Tavares-Silva, Sthéfano Henrique Mendes, Lopes-Lima, Sidney Marlon, Paranhos-Pinheiro, Ricardo, Santiago-Abreu, Liosvaldo Mariano, Toscano-Lima, Rafael Diniz, Fernandes, Sérgio Murilo Maciel
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Nowadays, the internet of things (IoT) significantly impacts people’s lives, reaching hundreds of billions of devices connected to the World Wide Web. Given the popularity of smart devices, the amount of cyber-attacks targeting technology has grown in the past few years. Malware is currently the main cyber-villain in IoT situations due to the ongoing emergence of new malware targeted at IoT, such as the botnet, the use of sophisticated obfuscation and evasion tactics and frequently the availability of enormous resources for its development. The present work creates an Antivirus for Dynamic Malware Analysis based on Artificial Neural Networks, equipped with authorial emulated IoT Sandbox. Our antivirus is specialized in malware detection from 32-bit IoT architectures of the advanced RISC machine (ARM) type. In the proposed methodology, the suspected ELF file for 32-bit ARM architecture is executed with the objective of intentionally infecting the audited GNU/Linux. In opposition to analysis of individual events, our engine employs authorial Next-Generation Sandbox. In all, our antivirus monitors and statistically weighs 2793 actions that the suspicious ELF file can perform when executed. Our antivirus reaches an average accuracy of 98.75% when distinguishing benign ARM ELF files from malware. Our antivirus architectures are probed under different learning functions and starting conditions to maximize their accuracy. The lack or limited detection of malicious software by commercial antivirus programs can be provided by Smart Antivirus. Instead of models based on blocklists, signatures or heuristics, our antivirus allows the detection of ARM ELF malware in a preventive and non-reactive way. Our antivirus overcomes limitations of Clamav and other traditional antiviruses.
ISSN:0920-8542
1573-0484
DOI:10.1007/s11227-024-06506-x