{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,24]],"date-time":"2026-06-24T07:49:50Z","timestamp":1782287390504,"version":"3.54.5"},"reference-count":90,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,9,1]],"date-time":"2026-09-01T00:00:00Z","timestamp":1788220800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,9,1]],"date-time":"2026-09-01T00:00:00Z","timestamp":1788220800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,9,1]],"date-time":"2026-09-01T00:00:00Z","timestamp":1788220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2026,9,1]],"date-time":"2026-09-01T00:00:00Z","timestamp":1788220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2026,9,1]],"date-time":"2026-09-01T00:00:00Z","timestamp":1788220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2026,9,1]],"date-time":"2026-09-01T00:00:00Z","timestamp":1788220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,9,1]],"date-time":"2026-09-01T00:00:00Z","timestamp":1788220800000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Journal of Information Security and Applications"],"published-print":{"date-parts":[[2026,9]]},"DOI":"10.1016\/j.jisa.2026.104548","type":"journal-article","created":{"date-parts":[[2026,6,18]],"date-time":"2026-06-18T20:15:16Z","timestamp":1781813716000},"page":"104548","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["ELFInsight: Detecting malicious behavior in cross-architecture IoT malware"],"prefix":"10.1016","volume":"101","author":[{"ORCID":"https:\/\/orcid.org\/0009-0004-3520-6815","authenticated-orcid":false,"given":"Naveed","family":"Ahmad","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6192-8265","authenticated-orcid":false,"given":"Mariam","family":"Akbar","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zafar","family":"Iqbal","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"78","reference":[{"key":"10.1016\/j.jisa.2026.104548_bib0001","unstructured":"Lakshmanan R.. Over 300,000 MikroTik devices found vulnerable to remote hacking bugs. https:\/\/thehackernews.com\/2021\/12\/over-300000-mikrotik-devices-found.html; 2021. Accessed: Apr. 1, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0002","unstructured":"Buxton O.. What Is the Mirai botnet?https:\/\/www.avast.com\/c-mirai\/; 2022. Accessed: May 1, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0003","series-title":"2022\u202fIEEE international students\u2019 conference on electrical, electronics and computer science (SCEECS)","first-page":"1","article-title":"Machine learning techniques for malware detection-a research review","author":"Jain","year":"2022"},{"issue":"10","key":"10.1016\/j.jisa.2026.104548_bib0004","doi-asserted-by":"crossref","first-page":"1825","DOI":"10.1109\/JPROC.2020.2993293","article-title":"Software vulnerability detection using deep neural networks: a survey","volume":"108","author":"Lin","year":"2020","journal-title":"Proc IEEE"},{"issue":"6","key":"10.1016\/j.jisa.2026.104548_bib0005","first-page":"698","article-title":"Comparative analysis of malware detection datasets using different machine learning classifiers result analysis for accuracy in ML classifiers techniques","volume":"7","author":"Jummani","year":"2020","journal-title":"JETIR"},{"key":"10.1016\/j.jisa.2026.104548_bib0006","doi-asserted-by":"crossref","DOI":"10.1016\/j.sysarc.2020.101861","article-title":"A survey on machine learning-based malware detection in executable files","volume":"112","author":"Singh","year":"2021","journal-title":"J Syst Archit"},{"key":"10.1016\/j.jisa.2026.104548_bib0007","doi-asserted-by":"crossref","DOI":"10.1016\/j.micpro.2025.105237","article-title":"Automatic linux malware detection using binary inspection and runtime opcode tracing","volume":"120","author":"Alonso","year":"2026","journal-title":"Microprocess Microsyst"},{"key":"10.1016\/j.jisa.2026.104548_bib0008","first-page":"1","article-title":"PROUD-MAL: static analysis-based progressive framework for deep unsupervised malware classification of windows portable executable","author":"Rizvi","year":"2022","journal-title":"Complex Intell Syst"},{"key":"10.1016\/j.jisa.2026.104548_bib0009","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2022.102779","article-title":"Deep learning based cross architecture internet of things malware detection and classification","volume":"120","author":"Chaganti","year":"2022","journal-title":"Comput Secur"},{"key":"10.1016\/j.jisa.2026.104548_bib0010","series-title":"International conference on detection of intrusions and malware, and vulnerability assessment","first-page":"279","article-title":"HumIDIFy: a tool for hidden functionality detection in firmware","author":"Thomas","year":"2017"},{"key":"10.1016\/j.jisa.2026.104548_bib0011","series-title":"Embedded devices security and firmware reverse engineering","author":"Zaddach","year":"2013"},{"key":"10.1016\/j.jisa.2026.104548_bib0012","series-title":"Binary analysis for linux and IoT malware","author":"Cozzi","year":"2020"},{"key":"10.1016\/j.jisa.2026.104548_bib0013","series-title":"2018 17th IEEE international conference on machine learning and applications (ICMLA)","first-page":"1029","article-title":"DLGraph: malware detection using deep learning and graph embedding","author":"Jiang","year":"2018"},{"key":"10.1016\/j.jisa.2026.104548_bib0014","series-title":"ICISSP","first-page":"677","article-title":"Tamer: a sandbox for facilitating and automating IoT malware analysis with techniques to elicit malicious behavior","author":"Yonamine","year":"2022"},{"key":"10.1016\/j.jisa.2026.104548_bib0015","doi-asserted-by":"crossref","first-page":"9625","DOI":"10.1109\/ACCESS.2021.3049200","article-title":"Malicious code detection: run trace output analysis by LSTM","volume":"9","author":"Acarturk","year":"2021","journal-title":"IEEE Access"},{"key":"10.1016\/j.jisa.2026.104548_bib0016","series-title":"2019 16th international bhurban conference on applied sciences and technology (IBCAST)","first-page":"687","article-title":"Static and dynamic malware analysis using machine learning","author":"Ijaz","year":"2019"},{"key":"10.1016\/j.jisa.2026.104548_bib0017","article-title":"Signature-based malware detection using sequences of N-grams","author":"Abiola","year":"2018","journal-title":"Int J Eng Technol"},{"key":"10.1016\/j.jisa.2026.104548_bib0018","unstructured":"Singh A., Arora R., Pareek H.. Malware analysis using multiple API sequence mining control flow graph. 2017arXiv: 1707.02691."},{"issue":"9","key":"10.1016\/j.jisa.2026.104548_bib0019","first-page":"112","article-title":"A realistic approach to detect malware using binary analysis and machine learning","volume":"5","author":"Sahu","year":"2019","journal-title":"Int J Sci Adv Res Technol"},{"key":"10.1016\/j.jisa.2026.104548_bib0020","series-title":"30th USENIX security symposium (USENIX security 21)","first-page":"3469","article-title":"DeepReflect: discovering malicious functionality through binary reconstruction","author":"Downing","year":"2021"},{"key":"10.1016\/j.jisa.2026.104548_bib0021","series-title":"Proceedings of the 2021\u202fACM Asia conference on computer and communications security","first-page":"759","article-title":"Identifying behavior dispatchers for malware analysis","author":"Park","year":"2021"},{"key":"10.1016\/j.jisa.2026.104548_bib0022","series-title":"2023 26th international conference on computer supported cooperative work in design (CSCWD)","first-page":"947","article-title":"FMDiv: functional module division on binary malware for accurate malicious code localization","author":"Huang","year":"2023"},{"issue":"2","key":"10.1016\/j.jisa.2026.104548_bib0023","doi-asserted-by":"crossref","first-page":"392","DOI":"10.1145\/3296957.3177157","article-title":"Firmup: precise static detection of common vulnerabilities in firmware","volume":"53","author":"David","year":"2018","journal-title":"ACM SIGPLAN Not"},{"key":"10.1016\/j.jisa.2026.104548_bib0024","series-title":"2015\u202fIEEE Symposium on security and privacy","first-page":"709","article-title":"Cross-architecture bug search in binary executables","author":"Pewny","year":"2015"},{"issue":"1","key":"10.1016\/j.jisa.2026.104548_bib0025","doi-asserted-by":"crossref","DOI":"10.32604\/iasc.2022.021038","article-title":"Massive IoT malware classification method using binary lifting","volume":"32","author":"Jeong","year":"2022","journal-title":"Intell Autom Soft Comput"},{"key":"10.1016\/j.jisa.2026.104548_bib0026","unstructured":"The angr Project. Intermediate representation (VEX-IR) - angr documentation. https:\/\/docs.angr.io\/en\/latest\/advanced-topics\/ir.html; 2017. Accessed: Apr. 10, 2024."},{"key":"10.1016\/j.jisa.2026.104548_bib0027","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s11416-015-0261-z","article-title":"A comparison of static, dynamic, and hybrid analysis for malware detection","volume":"13","author":"Damodaran","year":"2017","journal-title":"J Comput Virol Hacking Tech"},{"key":"10.1016\/j.jisa.2026.104548_bib0028","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1007\/s11265-020-01588-1","article-title":"A method for windows malware detection based on deep learning","volume":"93","author":"Huang","year":"2021","journal-title":"J Signal Process Syst"},{"key":"10.1016\/j.jisa.2026.104548_bib0029","series-title":"2017\u202fIEEE Symposium series on computational intelligence (SSCI)","first-page":"1","article-title":"Malware classification using static analysis based features","author":"Hassen","year":"2017"},{"key":"10.1016\/j.jisa.2026.104548_bib0030","series-title":"2015 10th international conference on malicious and unwanted software (MALWARE)","first-page":"11","article-title":"Deep neural network based malware detection using two dimensional binary program features","author":"Saxe","year":"2015"},{"key":"10.1016\/j.jisa.2026.104548_bib0031","series-title":"2019 4th international conference on information systems and computer networks (ISCON)","first-page":"400","article-title":"Malware detection based on API calls frequency","author":"Garg","year":"2019"},{"key":"10.1016\/j.jisa.2026.104548_bib0032","series-title":"Supervised and unsupervised learning for data science","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/978-3-030-22475-2_1","article-title":"A systematic review on supervised and unsupervised machine learning algorithms for data science","author":"Alloghani","year":"2020"},{"issue":"OOPSLA","key":"10.1016\/j.jisa.2026.104548_bib0033","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3428293","article-title":"Neural reverse engineering of stripped binaries using augmented control flow graphs","volume":"4","author":"David","year":"2020","journal-title":"Proc ACM Program Lang"},{"key":"10.1016\/j.jisa.2026.104548_bib0034","series-title":"Proceedings of the 2018\u202fACM SIGSAC conference on computer and communications security","first-page":"1667","article-title":"Debin: predicting debug information in stripped binaries","author":"He","year":"2018"},{"key":"10.1016\/j.jisa.2026.104548_bib0035","series-title":"2019 34th IEEE\/ACM international conference on automated software engineering (ASE)","first-page":"628","article-title":"Dire: a neural approach to decompiled identifier naming","author":"Lacomis","year":"2019"},{"key":"10.1016\/j.jisa.2026.104548_bib0036","series-title":"Proceedings of the 30th ACM SIGSOFT international symposium on software testing and analysis","first-page":"607","article-title":"A lightweight framework for function name reassignment based on large-scale stripped binaries","author":"Gao","year":"2021"},{"key":"10.1016\/j.jisa.2026.104548_bib0037","series-title":"Smart card research and advanced applications: 16th international conference, CARDIS 2017, Lugano, Switzerland, November 13\u201315, 2017, Revised Selected Papers","first-page":"1","article-title":"Opening Pandora\u2019s box: effective techniques for reverse engineering IoT devices","author":"Shwartz","year":"2018"},{"issue":"6","key":"10.1016\/j.jisa.2026.104548_bib0038","doi-asserted-by":"crossref","first-page":"4965","DOI":"10.1109\/JIOT.2018.2875240","article-title":"Reverse engineering IoT devices: effective techniques and methods","volume":"5","author":"Shwartz","year":"2018","journal-title":"IEEE Internet Things J"},{"key":"10.1016\/j.jisa.2026.104548_bib0039","series-title":"Proceedings of the 10th international symposium on information and communication technology","first-page":"248","article-title":"CFDVex: a novel feature extraction method for detecting cross-architecture IoT malware","author":"Phu","year":"2019"},{"key":"10.1016\/j.jisa.2026.104548_bib0040","series-title":"22nd international symposium on research in attacks, intrusions and defenses (RAID 2019)","first-page":"151","article-title":"CryptoREX: large-scale analysis of cryptographic misuse in IoT devices","author":"Zhang","year":"2019"},{"key":"10.1016\/j.jisa.2026.104548_bib0041","doi-asserted-by":"crossref","DOI":"10.1016\/j.eswa.2023.120017","article-title":"SwiftR: cross-platform ransomware fingerprinting using hierarchical neural networks on hybrid features","volume":"225","author":"Karbab","year":"2023","journal-title":"Expert Syst Appl"},{"issue":"5","key":"10.1016\/j.jisa.2026.104548_bib0042","doi-asserted-by":"crossref","first-page":"5060","DOI":"10.1109\/TDSC.2025.3561052","article-title":"Malfocus: locating malicious modules in malware based on hybrid deep learning","volume":"22","author":"Huang","year":"2025","journal-title":"IEEE Trans Dependable Secure Comput"},{"key":"10.1016\/j.jisa.2026.104548_bib0043","first-page":"1","article-title":"A novel malware classification method based on crucial behavior","volume":"2020","author":"Xiao","year":"2020","journal-title":"Math Probl Eng"},{"issue":"1","key":"10.1016\/j.jisa.2026.104548_bib0044","first-page":"221","article-title":"Malware visualization and similarity via tracking binary execution path","volume":"29","author":"Kim","year":"2022","journal-title":"Tehni\u010dki Vjesnik"},{"key":"10.1016\/j.jisa.2026.104548_bib0045","unstructured":"Beaumont K.. BPFDoor: an active chinese global surveillance tool. https:\/\/doublepulsar.com\/bpfdoor-an-active-chinese-global-surveillance-tool-54b1097e9e9f; 2022. Accessed: May 7, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0046","unstructured":"Claburn T.. Anatomy of suspected top-tier decade-hidden NSA backdoor. https:\/\/www.theregister.com\/2022\/02\/23\/chinese_nsa_linux\/; 2022. Accessed May 3, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0047","series-title":"The IoT hacker\u2019s handbook: a practical guide to hacking the internet of things","isbn-type":"print","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4842-4300-8","author":"Gupta","year":"2019","ISBN":"https:\/\/id.crossref.org\/isbn\/9781484242995"},{"key":"10.1016\/j.jisa.2026.104548_bib0048","series-title":"2020 6th international conference on advanced computing and communication systems (ICACCS)","first-page":"189","article-title":"Reverse engineering and backdooring router firmwares","author":"Adithyan","year":"2020"},{"key":"10.1016\/j.jisa.2026.104548_bib0049","series-title":"Security and privacy in communication networks: 12th international conference, securecomm 2016, Guangzhou, China, October 10\u201312, 2016, Proceedings 12","first-page":"722","article-title":"Security analysis of vendor customized code in firmware of embedded device","author":"Liu","year":"2017"},{"key":"10.1016\/j.jisa.2026.104548_bib0050","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/s42400-021-00088-4","article-title":"Bin2vec: learning representations of binary executable programs for security tasks","volume":"4","author":"Arakelyan","year":"2021","journal-title":"Cybersecurity"},{"key":"10.1016\/j.jisa.2026.104548_bib0051","series-title":"Representation learning for vulnerability detection on assembly code","author":"Diwan","year":"2021"},{"key":"10.1016\/j.jisa.2026.104548_bib0052","series-title":"Proceedings of the 2nd workshop on binary analysis research (BAR)","first-page":"1","article-title":"Investigating graph embedding neural networks with unsupervised features extraction for binary analysis","author":"Massarelli","year":"2019"},{"key":"10.1016\/j.jisa.2026.104548_bib0053","unstructured":"The angr Project. Control flow graph (CFG) analysis documentation. https:\/\/docs.angr.io\/built-in-analyses\/cfg\/; 2021. Accessed: May 23, 2022."},{"key":"10.1016\/j.jisa.2026.104548_bib0054","series-title":"International conference on learning representations 2019","article-title":"Maximal divergence sequential auto-encoder for binary software vulnerability detection","author":"Le","year":"2019"},{"key":"10.1016\/j.jisa.2026.104548_bib0055","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103323","article-title":"Enimanal: augmented cross-architecture IoT malware analysis using graph neural networks","volume":"132","author":"Deng","year":"2023","journal-title":"Comput Secur"},{"key":"10.1016\/j.jisa.2026.104548_bib0056","series-title":"2020\u202fIEEE 4th information technology, networking, electronic and automation control conference (ITNEC)","first-page":"453","article-title":"Similarity based binary backdoor detection via attributed control flow graph","volume":"Vol. 1","author":"Zhang","year":"2020"},{"key":"10.1016\/j.jisa.2026.104548_bib0057","series-title":"Detection of intrusions and malware, and vulnerability assessment: 16th international conference, DIMVA 2019, Gothenburg, Sweden, June 19\u201320, 2019, Proceedings 16","first-page":"309","article-title":"Safe: self-attentive function embeddings for binary similarity","author":"Massarelli","year":"2019"},{"key":"10.1016\/j.jisa.2026.104548_bib0058","doi-asserted-by":"crossref","first-page":"23506","DOI":"10.1109\/ACCESS.2020.2966860","article-title":"A neural network-based approach for cryptographic function detection in malware","volume":"8","author":"Jia","year":"2020","journal-title":"IEEE Access"},{"key":"10.1016\/j.jisa.2026.104548_bib0059","series-title":"Decompilation of binaries into LLVM IR for automated analysis","author":"Toor","year":"2022"},{"key":"10.1016\/j.jisa.2026.104548_bib0060","article-title":"A cross-architecture malware detection approach based on intermediate representation","volume":"93","author":"Greco","year":"2025","journal-title":"J Inf Secur Appl"},{"issue":"9","key":"10.1016\/j.jisa.2026.104548_bib0061","doi-asserted-by":"crossref","first-page":"2763","DOI":"10.1093\/comjnl\/bxae042","article-title":"CAIMP: Cross-architecture IoT malware detection and prediction based on static feature","volume":"67","author":"The Dung","year":"2024","journal-title":"Comput J"},{"key":"10.1016\/j.jisa.2026.104548_bib0062","unstructured":"Ahmad I., Luo L.. Unsupervised binary code translation with application to code similarity detection and vulnerability discovery2024. arXiv: 2404.19025."},{"key":"10.1016\/j.jisa.2026.104548_bib0063","doi-asserted-by":"crossref","unstructured":"Hu M., Wang J., Zhao W., Zeng Q., Luo L.. Flowmaltrans: unsupervised binary code translation for malware detection using flow-adapter architecture. 2025arXiv: 2508.20212.","DOI":"10.18653\/v1\/2025.findings-emnlp.173"},{"key":"10.1016\/j.jisa.2026.104548_bib0064","unstructured":"Artuso F., Di Luna G.A., Massarelli L., Querzoni L.. In nomine function: naming functions in stripped binaries with neural networks. 2019. arXiv: 1912.07946."},{"key":"10.1016\/j.jisa.2026.104548_bib0065","series-title":"2020\u202fIEEE Symposium on security and privacy (SP)","first-page":"1544","article-title":"Karonte: detecting insecure multi-binary interactions in embedded firmware","author":"Redini","year":"2020"},{"key":"10.1016\/j.jisa.2026.104548_bib0066","doi-asserted-by":"crossref","first-page":"1045","DOI":"10.1007\/s11219-018-9435-5","article-title":"CVSkSA: cross-architecture vulnerability search in firmware based on kNN-SVM and attributed control flow graph","volume":"27","author":"Zhao","year":"2019","journal-title":"Softw Qual J"},{"key":"10.1016\/j.jisa.2026.104548_bib0067","unstructured":"Xu J., Fu W., Bu H., Wang Z., Ying L.. SeqNet: an efficient neural network for automatic malware detection. 2022arXiv: 2205.03850."},{"key":"10.1016\/j.jisa.2026.104548_bib0068","article-title":"CNN based zero-day malware detection using small binary segments","volume":"38","author":"Wen","year":"2021","journal-title":"Forensic Sci Int: Digit Investig"},{"key":"10.1016\/j.jisa.2026.104548_bib0069","series-title":"IoTBDS","first-page":"132","article-title":"Detection of malicious binaries by deep learning methods","author":"Chukka","year":"2021"},{"key":"10.1016\/j.jisa.2026.104548_bib0070","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1016\/j.jpdc.2019.03.010","article-title":"Malicious code detection based on CNNs and multi-objective algorithm","volume":"129","author":"Cui","year":"2019","journal-title":"J Parallel Distrib Comput"},{"key":"10.1016\/j.jisa.2026.104548_bib0071","first-page":"1","article-title":"Pbdt: python backdoor detection model based on combined features","volume":"2021","author":"Fang","year":"2021","journal-title":"Secur Commun Netw"},{"key":"10.1016\/j.jisa.2026.104548_bib0072","unstructured":"Sundaralingam S.. SUNBURST, supply chain attacks and how to detect them. https:\/\/www.optiv.com\/insights\/discover\/blog\/sunburst-supply-chain-attacks-detect-them; 2021. Accessed April 1, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0073","series-title":"2020 11th international conference on electrical and computer engineering (ICECE)","first-page":"327","article-title":"Static detection of malicious code in programs using semantic techniques","author":"Navid","year":"2020"},{"key":"10.1016\/j.jisa.2026.104548_bib0074","series-title":"2018 48th annual IEEE\/IFIP international conference on dependable systems and networks (DSN)","first-page":"430","article-title":"DTaint: Detecting the taint-style vulnerability in embedded device firmware","author":"Cheng","year":"2018"},{"key":"10.1016\/j.jisa.2026.104548_bib0075","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103339","article-title":"A hybrid method for analysis and detection of malicious executables in IoT network","volume":"132","author":"Subrahmanyam","year":"2023","journal-title":"Comput Secur"},{"key":"10.1016\/j.jisa.2026.104548_bib0076","unstructured":"Dertat A.. Applied deep learning: autoencoders. https:\/\/medium.com\/data-science\/applied-deep-learning-part-3-autoencoders-1c083af4d798\/; 2017. Accessed Feb. 3, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0077","doi-asserted-by":"crossref","unstructured":"Chen Z., Brophy E., Ward T.. Malware classification using static disassembly and machine learning. 2021arXiv: 2201.07649.","DOI":"10.36227\/techrxiv.17259806.v1"},{"key":"10.1016\/j.jisa.2026.104548_bib0078","series-title":"9th USENIX workshop on offensive technologies (WOOT 15)","article-title":"IoTPOT: analysing the rise of IoT compromises","author":"Pa","year":"2015"},{"key":"10.1016\/j.jisa.2026.104548_bib0079","unstructured":"VirusShare. VirusShare malware repository. https:\/\/virusshare.com\/; 2020. Accessed: Feb. 1, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0080","unstructured":"VX-Underground. The largest collection of malware source code, samples, and papers on the internet. https:\/\/github.com\/vxunderground; 2020. Accessed: Feb. 1, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0081","series-title":"Proceedings of the 36th annual computer security applications conference","first-page":"733","article-title":"Firmae: towards large-scale emulation of iot firmware for dynamic analysis","author":"Kim","year":"2020"},{"key":"10.1016\/j.jisa.2026.104548_bib0082","unstructured":"Project D.L.. Debian ports: binary repositories for different processor architectures. https:\/\/www.ports.debian.org\/; 2024. Accessed: Jan. 1, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0083","unstructured":"Project C.L.. Chimera linux: a non-GNU linux distribution for multiple architectures. https:\/\/chimera-linux.org\/about\/; 2021. Accessed: Jan. 1, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0084","unstructured":"Project A.L.. Arch linux for ARM processors. https:\/\/archlinuxarm.org\/; 2021. Accessed: Jan. 1, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0085","series-title":"The IDA pro-book: the unofficial guide to the world\u2019s most popular disassembler","author":"Eagle","year":"2011"},{"key":"10.1016\/j.jisa.2026.104548_bib0086","unstructured":"Project I.. IoTPOT malware dataset-F. https:\/\/sec.ynu.codes\/iot\/available_datasets\/; 2016. Accessed: Mar. 1, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0087","unstructured":"Web D.. Doctor web: investigation of Linux.Mirai Trojan family. https:\/\/st.drweb.com\/static\/news\/2016\/Investigation-Linux.Mirai-Trojan-family.pdf; 2016. Accessed: June 1, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0088","unstructured":"Roses S.. Mirai DDoS botnet: source code and binary analysis. https:\/\/www.simonroses.com\/2016\/10\/mirai-ddos-botnet-source-code-binary-analysis\/; 2017. Accessed: June 11, 2025."},{"key":"10.1016\/j.jisa.2026.104548_bib0089","series-title":"Proceedings of the IEEE\/ACM 1st international workshop on software protection, SPRO\u201915, Firenze, Italy, May 19th, 2015","first-page":"3","article-title":"Obfuscator-LLVM \u2013 software protection for the masses","author":"Junod","year":"2015"},{"key":"10.1016\/j.jisa.2026.104548_bib0090","series-title":"2017 32nd IEEE\/ACM international conference on automated software engineering (ASE)","first-page":"353","article-title":"Testing intermediate representations for binary analysis","author":"Kim","year":"2017"}],"container-title":["Journal of Information Security and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S221421262600178X?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S221421262600178X?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,6,24]],"date-time":"2026-06-24T07:32:52Z","timestamp":1782286372000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S221421262600178X"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,9]]},"references-count":90,"alternative-id":["S221421262600178X"],"URL":"https:\/\/doi.org\/10.1016\/j.jisa.2026.104548","relation":{},"ISSN":["2214-2126"],"issn-type":[{"value":"2214-2126","type":"print"}],"subject":[],"published":{"date-parts":[[2026,9]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"ELFInsight: Detecting malicious behavior in cross-architecture IoT malware","name":"articletitle","label":"Article Title"},{"value":"Journal of Information Security and Applications","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.jisa.2026.104548","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 Elsevier Ltd. All rights are reserved, including those for text and data mining, AI training, and similar technologies.","name":"copyright","label":"Copyright"}],"article-number":"104548"}}