Abstract
In recent years, malicious attacks against cloud hosts and IoT devices have become more frequent. New types of ransomware and mining viruses have brought a huge threat to Internet security. Traditional static detection methods cannot effectively deal with No-File malware, and the detection methods based on behavior characteristics are difficult to identify the owner of malicious samples. Compared the binary file extracted from process memory with library sample file can detect the malicious process accurately. we retain the dynamic characteristics based on network characteristics in consideration of the time cost of static detection. In this paper, we implemented a prototype system. We selected six typical Linux malicious samples for experiments. By setting similar thresholds, we can accurately screen out malicious processes. The ELF recovery degree of the samples is all above 98%. This technology can be applied to internal memory forensics in the future and can also help combat Internet crimes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zou, X.: Research on Malicious Process Detection Technology Based on System Call Analysis. Strategic Support Force Information Engineering University (2018)
Zhang, J.: Research on forensic analysis method of malware. J. Hubei Univ. Police 27(11), 162–166 (2014)
Wu, L., Li, Y., Liang, J.: Minkowski distance-based method to identify packed PE files. Mod. Electron. Tech. 39(19), 80–81+88 (2016)
Wang, Z.: Study and Implementation of PE Virus Files Clustering Technology. Beijing University of Posts and Telecommunications (2016)
Xu, C.: Research on the Automatic Classification Method Based on the Behaviors of the Malicious Software. Xiangtan University (2014)
Han, L.: Behavior detection of malware based on the combination of API function and its parameters. Appl. Res. Comput 30(11), 3407–3410+3425 (2013)
Alpha_h4ck: The UNIX backdoor nopen for decryption equation organization [EB]. https://www.freebuf.com/articles/system/114607.html
Fabrizi, A.: Prism Sample Open source [EB]. https://github.com/andreafabrizi/prism.git
Tencent computer housekeeper. Analysis of gates Trojan horse on Linux platform [EB]. https://www.freebuf.com/articles/system/117823.html
Screetsec. Vegile Sample Open source [EB]. https://github.com/Screetsec/Vegile
Sourceforge. Ish Open Sample File[EB]. http://prdownloads.sourceforge.net/icmpshell/ish-v0.2.tar.gz
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, Z., Cui, B., Zhang, Y. (2022). An ELF Recovery Method for Linux Malicious Process Detection. In: Barolli, L., Yim, K., Chen, HC. (eds) Innovative Mobile and Internet Services in Ubiquitous Computing. IMIS 2021. Lecture Notes in Networks and Systems, vol 279. Springer, Cham. https://doi.org/10.1007/978-3-030-79728-7_28
Download citation
DOI: https://doi.org/10.1007/978-3-030-79728-7_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-79727-0
Online ISBN: 978-3-030-79728-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)