MMALE—A Methodology for Malware Analysis in Linux Environments

作     者：JoséJavier de Vicente Mohino Javier Bermejo Higuera Juan Ramón Bermejo Higuera Juan Antonio Sicilia Montalvo Manuel Sánchez Rubio JoséJavier Martínez Herraiz 

作者机构：Escuela Superior de Ingeniería y TecnologíaUniversidad Internacional de La RiojaLogroño26006La RiojaSpain Departamento de Ciencias de la Computación de la Escuela Politécnica SuperiorUniversidad de Alcaláde HenaresAlcaláde HenaresMadridSpain 

出 版 物：《Computers, Materials & Continua》 (计算机、材料和连续体（英文）)

年 卷 期：2021年第67卷第5期

页      面：1447-1469页

核心收录：

学科分类：0831[工学-生物医学工程（可授工学、理学、医学学位）] 0808[工学-电气工程] 0809[工学-电子科学与技术（可授工学、理学学位）] 08[工学] 0805[工学-材料科学与工程（可授工学、理学学位）] 0701[理学-数学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 0801[工学-力学（可授工学、理学学位）] 

主　　题：Malware analysis methodology analysis Linux malware IoT malware 

摘      要：In a computer environment,an operating system is prone to malware,and even the Linux operating system is not an exception.In recent years,malware has evolved,and attackers have become more qualified compared to a few years ago.Furthermore,Linux-based systems have become more attractive to cybercriminals because of the increasing use of the Linux operating system in web servers and Internet of Things(IoT)devices.Windows is the most employed OS,so most of the research efforts have been focused on its malware protection rather than on other operating systems.As a result,hundreds of research articles,documents,and methodologies dedicated to malware analysis have been reported.However,there has not been much literature concerning Linux security and protection from malware.To address all these new challenges,it is necessary to develop a methodology that can standardize the required steps to perform the malware analysis in depth.A systematic analysis process makes the difference between good and ordinary malware analyses.Additionally,a deep malware comprehension can yield a faster and much more efficient malware eradication.In order to address all mentioned challenges,this article proposed a methodology for malware analysis in the Linux operating system,which is a traditionally overlooked field compared to the other operating systems.The proposed methodology is tested by a specific Linux malware,and the obtained test results have high effectiveness in malware detection.