Università degli Studi di Cagliari
open
Giovanna Maria Ghiani
Exposing the Cracks: A Case Study on the Quality of Public Linux Malware Data Sets
Alessandro SannaPrimo
;Leonardo Regano;Davide MaiorcaPenultimo
;Giorgio GiacintoUltimo
2025-01-01
Abstract
Machine learning is extensively used for malware detection due to its accuracy, scalability, and adaptability. However, the effectiveness of ML models heavily depends on the quality of the datasets used for training and testing. This study evaluates popular public datasets for malware ARM ELF binaries from MalwareBazaar and VirusShare, complemented with benign binaries from Debian repositories. Using mnemonic frequency analysis, we found that these datasets lack the diversity found in Android or Windows. Using only the frequency of a single assembly mnemonic, we can distinguish the malware from the goodware with a balanced accuracy of 78%, and using three mnemonics, we achieved a balanced accuracy of 99%. We finally derive conclusions on the current state of Linux publicly available malware.
File in questo prodotto:
| File | Dimensione | Formato | |
|---|---|---|---|
| paper33.pdf accesso aperto
Descrizione: Versione Editoriale
Tipologia: versione editoriale (VoR)
Dimensione 1.08 MB
Formato Adobe PDF
|
1.08 MB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.