A Novel Study on Multinomial Classification of x86/x64 Linux ELF Malware Types and Families Through Deep Neural Networks

Through the history of desktop and server-oriented malware, Microsoft Windows was notoriously known as one of the heavily attacked Operating Systems (OS). Several factors caused this, including unobstructed installation of third-party software. Unix-like OS is considerably less susceptible to malware infections. However, there are still a few examples of successful malicious software. The challenge is that there are not that many software tools available to analyze Linux malware, including well-known automated intelligent machine learning-aided classification. Our contribution in this paper is twofolded. First, we look at the most popular approaches to analyze Linux malware into families and types. Simple binary classification is no longer efficient and it is more important to know the exact class of malware to speed up incident response. Second, we suggested methodology for multinomial Linux malware classification using deep neural network. This approach overcomes the limitation of shallow neural networks used before for multinomial Windows PE32 malware classification. Such classification has been explored successfully for MS Windows, yet, not on the Linux malware. Our focus also is specifically on desktop and server Intel-compatible Linux malware rather than affiliated ARM binaries that require designed IoT environment to run successfully. This work will serve as a stepping stone for efficient intelligent Linux malware classification using deep learning-based methods. We have created a novel dataset with 10,574 malware files labeled into 19 malware types and 442 malware families