A Survey on Cross-Architectural IoT Malware Threat Hunting
It addresses the problem of scarce research on Linux and IoT malware threat hunting for cybersecurity practitioners, but it is incremental as it is a survey rather than new research.
This paper provides a comprehensive survey on the latest developments in cross-architectural IoT malware detection and classification approaches, discussing feature representations, extraction techniques, and machine learning models used in existing works.
In recent years, the increase in non-Windows malware threats had turned the focus of the cybersecurity community. Research works on hunting Windows PE-based malwares are maturing, whereas the developments on Linux malware threat hunting are relatively scarce. With the advent of the Internet of Things (IoT) era, smart devices that are getting integrated into human life have become a hackers highway for their malicious activities. The IoT devices employ various Unix-based architectures that follow ELF (Executable and Linkable Format) as their standard binary file specification. This study aims at providing a comprehensive survey on the latest developments in cross-architectural IoT malware detection and classification approaches. Aided by a modern taxonomy, we discuss the feature representations, feature extraction techniques, and machine learning models employed in the surveyed works. We further provide more insights on the practical challenges involved in cross-architectural IoT malware threat hunting and discuss various avenues to instill potential future research.