Tools and Techniques for Collection and Analysis of Internet-of-Things malware: A systematic state-of-art review

IoT devices which include wireless sensors, software, actuators, and computer devices operated through the Internet, enable the transfer of data among objects or people automatically without human intervention. Since these devices are resource constraint embedded devices, security policies are not implemented adequately upon these devices. The connectivity with the Internet, diversity of hardware, varied operating platforms, and surge in attack surface increases the target space for malicious cyber actors. The threat probability increases substantially since the attacker takes advantage of less secure, vulnerable devices to perform the massive-scale attack on the critical infrastructure. It has been observed that the majority of embedded IoT devices operate upon Linux-flavoured operating environments. This paper reviews the Linux-based IoT malware analysis techniques and tools employed for malware detection, analysis, and classification. Various threat data collection methods have been discussed at length and a thorough study of tools and techniques used in static and dynamic analysis of the Linux malware has been provided. A review of the machine learning methods developed using discrete features to classify the malicious program is one of the essential components of this paper. The paper concluded with a discussion on various open issues and challenges that need to be addressed by the research community at large. (c) 2021 The Authors. Published by Elsevier B.V. on behalf of King Saud University. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).