Antivirus Solution to IoT Malware Detection with Authorial Next-Generation Sandbox

Abstract Background: Nowadays, the Internet of Things (IoT) significantly impacts people’s lives, reaching hundreds of billions of devices connected to the world wide web. Given the popularity of smart devices, the amount of cyber-attacks targeting technology has grown in the last few years. Malware is currently the main cyber-villain in IoT situations due to the ongoing emergence of new malware targeted at IoT, such as the botnet, the use of sophisticated obfuscation and evasion tactics, and frequently the availability of enormous resources for its development. Objective: The present work creates an Antivirus for Dynamic Malware Analysis based on Artificial Neural Networks, equipped with authorial emulated IoT Sandbox. Our antivirus is specialized in malware detection from 32-bit IoT architectures of the Advanced RISC Machine (ARM) type. Methods: In the proposed methodology, the suspected ELF file for 32-bit ARM architecture is executed with the objective of intentionally infecting the audited GNU/Linux. In opposition to analysis of individual events, our engine employs authorial Next-Generation Sandbox. In all, our antivirus monitors and statistically weighs 2,793 actions that the suspicious ELF file can perform when executed. Results: Our antivirus reaches an average accuracy of 98.75% when distinguishing benign ARM ELF files from malware. Our antivirus architectures are probed under different learning functions and starting conditions to maximize their accuracy. Conclusions: The lack or limited detection of malicious software by commercial antivirus programs can be provided by Smart Antivirus. Instead of models based on blocklists, signatures or heuristics, our antivirus allows the detection of ARM ELF malware in a preventive and non-reactive way. Our antivirus overcomes limitations of Clamav and other traditional antiviruses.