Riccardo Cicilloni

UniCa About Professors and Researchers Riccardo Cicilloni Research Research outcomes (IRIS)

Riccardo Cicilloni

Exposing the Cracks: A Case Study on the Quality of Public Linux Malware Data Sets

Alessandro Sanna^First;Daniele Canavese;Leonardo Regano;Davide Maiorca^Penultimate;Giorgio Giacinto^Last

2025-01-01

Abstract

Machine learning is extensively used for malware detection due to its accuracy, scalability, and adaptability. However, the effectiveness of ML models heavily depends on the quality of the datasets used for training and testing. This study evaluates popular public datasets for malware ARM ELF binaries from MalwareBazaar and VirusShare, complemented with benign binaries from Debian repositories. Using mnemonic frequency analysis, we found that these datasets lack the diversity found in Android or Windows. Using only the frequency of a single assembly mnemonic, we can distinguish the malware from the goodware with a balanced accuracy of 78%, and using three mnemonics, we achieved a balanced accuracy of 99%. We finally derive conclusions on the current state of Linux publicly available malware.

Short Card

Tab complete

Full Sheet(DC)

         Anno 
       
        2025 
       
         Lingua/e 
       
        Inglese 
       
         Titolo del Volume 
       
        Proceedings of the Joint National Conference on Cybersecurity (ITASEC & SERICS 2025) 
       
         Titolo della Collana/serie 
       
        CEUR WORKSHOP PROCEEDINGS 
       
         Volume 
       
        3962 
       
         Da pagina 
       
        1 
       
         A pagina 
       
        10 
       
         Numero di pagine 
       
        10 
       
         Titolo del convegno 
       
        Joint National Conference on Cybersecurity (ITASEC & SERICS 2025) 
       
         Referee 
       
        Comitato scientifico 
       
         Periodo del Convegno 
       
        3-8 Febbraio 2025 
       
         Luogo del Convegno 
       
        Bologna 
       
         Caratterizzazione prevalente 
       
        scientifica 
       
         Parole chiave 
       
        Malware Analysis; Data Set Quality; Binary Analysis; Linux Malware; Machine Learning; Assembly Mnemonics 
       
         Presenza di coautori internazionali 
       
        no 
       
         Tipologia 
       
        4 Contributo in Atti di Convegno (Proceeding)::4.1 Contributo in Atti di convegno 
       
         Tutti gli autori 
       
        Sanna, Alessandro; Canavese, Daniele; Regano, Leonardo; Maiorca, Davide; Giacinto, Giorgio
         
         Tipologia sito docente 
       
        273 
       
         Numero autori 
       
        5 
       
         Tipologia 
       
        4.1 Contributo in Atti di convegno 
       
         Fulltext 
       
        open 
       
         Tipologia 
       
        info:eu-repo/semantics/conferencePaper 
       
         Type: 
       
        4.1 Contributo in Atti di convegno

Files in This Item:

File	Size	Format
paper33.pdf open access Description: Versione Editoriale Type: versione editoriale Size 1.08 MB Format Adobe PDF View/Open	1.08 MB	Adobe PDF	View/Open

University of Cagliari

University of Cagliari