Forseti: Extração de características e classificação de binários ELF
Abstract
Malware infections are constant threats to multiple computing platforms and binary classification leveraging machine learning (ML) techniques has been demonstrated to be a promising approach for fighting these infections. Currently, most ML solutions focus only on the Windows platform. To bridge this development gap, we present Forseti, a solution for feature extraction and classification of Linux ELF binaries.
References
Ahmadi, M., Ulyanov, D., Semenov, S., Tromov, M., and Giacinto, G. (2016). Novel feature extraction, selection and fusion for effective malware family classication. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy, CODASPY '16, pages 183–194, New York, NY, USA. ACM.
Babaagba, K. O. and Adesanya, S. O. (2019). A study on the effect of feature selection on malware analysis using machine learning. In Proceedings of the 2019 8th International Conference on Educational and Information Technology, ICEIT 2019, pages 51–55, New York, NY, USA. ACM.
BBC (2017). Ransomware attacks around the world grow by 50 http://www.bbc.com/news/technology-39730407.
Botacin, M., Galante, L., Ceschin, F., Santos, P., Carro, L., de Geus, P., Grégio, A., and 14th Zanata, M. (2019a). The av says: Your hardware denitions were updated! International Symposium on Recongurable Communication-centric Systems-on-Chip (ReCoSoC 2019).
Botacin, M., Galante, L., Silva, O., and de Geus, P. (2019b). Introdução à engenharia reversa de aplicações maliciosas em ambientes linux. Minicursos do XIX SBSEG.
Breiman, L. (2001). Random forests. Mach. Learn., 45(1):5–32.
CongParser (2019). Conguration le parser. https://docs.python.org/2/library/configparser.html.
Eliben (2019). Pyelftools. https://github.com/eliben/pyelftools.
Feizollah, A., Anuar, N. B., Salleh, R., and Wahab, A. W. A. (2015). A review on feature selection in mobile malware detection. Digit. Investig., 13(C):22–37.
Galante, L., Botacin, M., Grégio, A., and de Geus, P. (2018). Malicious linux binaries: A landscape. Workshop de Trabalhos de Iniciação Cientíca e Conclusão de Curso de Gradução do XVIII SBSEG.
Galante, L., Botacin, M., Grégio, A., and de Geus, P. (2019). Machine learning for malware detection: Beyond accuracy rates. Workshop de Trabalhos de Iniciação Cientíca e Conclusão de Curso de Gradução do XIX SBSEG.
Kruczkowski, M. and Szynkiewicz, E. N. (2014). Support vector machine for malware analysis and classication. In Proceedings of the 2014 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT) - Volume 02, WI-IAT '14, pages 415–420, Washington, DC, USA. IEEE Computer Society.
O'Neill, R. E. (2016). Learning Linux Binary Analysis. Packt Publishing.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830.
Pickle (2019). Pickle. https://docs.python.org/2/library/pickle.html.
Rathbun, T. F. (1997). Autonomous Construction of Multilayer Perceptron Neural Networks. PhD thesis, Air Force Institute of Technology, Wright Patterson AFB, OH, USA. UMI Order No. GAX97-32738.
Wang, L. (2005). Support Vector Machines: Theory and Applications (Studies in Fuzzi- ness and Soft Computing). Springer-Verlag, Berlin, Heidelberg.
Babaagba, K. O. and Adesanya, S. O. (2019). A study on the effect of feature selection on malware analysis using machine learning. In Proceedings of the 2019 8th International Conference on Educational and Information Technology, ICEIT 2019, pages 51–55, New York, NY, USA. ACM.
BBC (2017). Ransomware attacks around the world grow by 50 http://www.bbc.com/news/technology-39730407.
Botacin, M., Galante, L., Ceschin, F., Santos, P., Carro, L., de Geus, P., Grégio, A., and 14th Zanata, M. (2019a). The av says: Your hardware denitions were updated! International Symposium on Recongurable Communication-centric Systems-on-Chip (ReCoSoC 2019).
Botacin, M., Galante, L., Silva, O., and de Geus, P. (2019b). Introdução à engenharia reversa de aplicações maliciosas em ambientes linux. Minicursos do XIX SBSEG.
Breiman, L. (2001). Random forests. Mach. Learn., 45(1):5–32.
CongParser (2019). Conguration le parser. https://docs.python.org/2/library/configparser.html.
Eliben (2019). Pyelftools. https://github.com/eliben/pyelftools.
Feizollah, A., Anuar, N. B., Salleh, R., and Wahab, A. W. A. (2015). A review on feature selection in mobile malware detection. Digit. Investig., 13(C):22–37.
Galante, L., Botacin, M., Grégio, A., and de Geus, P. (2018). Malicious linux binaries: A landscape. Workshop de Trabalhos de Iniciação Cientíca e Conclusão de Curso de Gradução do XVIII SBSEG.
Galante, L., Botacin, M., Grégio, A., and de Geus, P. (2019). Machine learning for malware detection: Beyond accuracy rates. Workshop de Trabalhos de Iniciação Cientíca e Conclusão de Curso de Gradução do XIX SBSEG.
Kruczkowski, M. and Szynkiewicz, E. N. (2014). Support vector machine for malware analysis and classication. In Proceedings of the 2014 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT) - Volume 02, WI-IAT '14, pages 415–420, Washington, DC, USA. IEEE Computer Society.
O'Neill, R. E. (2016). Learning Linux Binary Analysis. Packt Publishing.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., and Duchesnay, E. (2011). Scikit-learn: Machine learning in Python. Journal of Machine Learning Research, 12:2825–2830.
Pickle (2019). Pickle. https://docs.python.org/2/library/pickle.html.
Rathbun, T. F. (1997). Autonomous Construction of Multilayer Perceptron Neural Networks. PhD thesis, Air Force Institute of Technology, Wright Patterson AFB, OH, USA. UMI Order No. GAX97-32738.
Wang, L. (2005). Support Vector Machines: Theory and Applications (Studies in Fuzzi- ness and Soft Computing). Springer-Verlag, Berlin, Heidelberg.
Published
2019-09-02
How to Cite
GALANTE, Lucas; BOTACIN, Marcus; GRÉGIO, André; DE GEUS, Paulo.
Forseti: Extração de características e classificação de binários ELF. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 5-10.
DOI: https://doi.org/10.5753/sbseg_estendido.2019.13998.
