DaemonSec: Examining the Role of Machine Learning for Daemon Security in Linux Environments
Sheikh Muhammad Farjad
TL;DR
This paper investigates the security of Linux daemons, an underexplored attack surface in contemporary systems. It employs a qualitative interview study with 22 IT professionals from industry and academia to gauge perceptions of ML-driven daemon protection and adoption feasibility. Findings confirm that daemon security is largely overlooked and that ML-driven approaches are attractive but require human oversight, pointing to a hybrid defense strategy. The work also introduces an ecosystem-informed perspective to map stakeholders and guide industry adoption, offering practical implications for DaemonSec and enterprise security practice.
Abstract
DaemonSec is an early-stage startup exploring machine learning (ML)-based security for Linux daemons, a critical yet often overlooked attack surface. While daemon security remains underexplored, conventional defenses struggle against adaptive threats and zero-day exploits. To assess the perspectives of IT professionals on ML-driven daemon protection, a systematic interview study based on semi-structured interviews was conducted with 22 professionals from industry and academia. The study evaluates adoption, feasibility, and trust in ML-based security solutions. While participants recognized the potential of ML for real-time anomaly detection, findings reveal skepticism toward full automation, limited security awareness among non-security roles, and concerns about patching delays creating attack windows. This paper presents the methods, key findings, and implications for advancing ML-driven daemon security in industry.