Abstract
Binary code fingerprinting is essential to many security use cases and applications; examples include reverse engineering, digital forensics , malware detection and analysis , threat and vulnerability analysis , patch analysis, and software infringement . More specifically, in the context of security, such a capability is highly required in order to analyze large amount of malware and applications in order to uncover their malicious behaviors, characterize their network footprints, and consequently derive timely, relevant, and actionable cyber intelligence that could be used for detection, prevention, mitigation, and attribution purposes. Indeed, everyday, a deluge of cyberattacks is launched against the cyber infrastructure of corporations, governmental agencies, and individuals, with unprecedented sophistication, speed, intensity, volume, inflicted damage, and audacity. Besides, the threat landscape is shifting towards more stealthy, mercurial, and targeted advanced persistent threats and attacks against industrial control systems, Internet of things (IoT) devices, social networks, software defined network (SDN) and cloud infrastructure, mobile devices and related core networks, which exacerbates even more the security challenges. These attacks emanate from a wide spectrum of perpetrators such as criminals, cyber-terrorists, and foreign intelligence/military services. The damage can be even more significant when the target involves critical infrastructure components. In this context, there is an acute desideratum towards binary code fingerprinting techniques and technologies in order to subject the aforementioned threats to an in-depth analysis and correlation to derive timely and relevant cyber threat intelligence that can enable detection, prevention, mitigation, and attribution of related cyberattacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Saed Alrabaee, Paria Shirani, Lingyu Wang, and Mourad Debbabi. SIGMA: a semantic integrated graph matching approach for identifying reused functions in binary code. Digital Investigation, 12:S61–S71, 2015.
Saed Alrabaee, Paria Shirani, Lingyu Wang, and Mourad Debbabi. FOSSIL: a resilient and efficient system for identifying FOSS functions in malware binaries. ACM Transactions on Privacy and Security (TOPS), 21(2):8, 2018.
Saed Alrabaee, Paria Shirani, Lingyu Wang, Mourad Debbabi, and Aiman Hanna. On Leveraging Coding Habits for Effective Binary Authorship Attribution. In European Symposium on Research in Computer Security (ESORICS), pages 26–47. Springer, 2018.
Musard Balliu, Mads Dam, and Roberto Guanciale. Automating information flow analysis of low level code. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS), pages 1080–1091. ACM, 2014.
Boldizsár Bencsáth, Gábor Pék, Levente Buttyán, and Mark Felegyhazi. The cousins of stuxnet: Duqu, flame, and gauss. Future Internet, 4(4):971–1003, 2012.
Bencsáth, B and Buttyán, L and Félegyházi, M. sKyWIper (aka Flame aka Flamer): A Complex Malware for Targeted Attacks. Technical report, Laboratory of Cryptography and System Security (CrySyS Lab), Department of Telecommunications, Budapest University of Technology and Economics, 2012.
Eldad Eilam. Reversing: secrets of reverse engineering. John Wiley & Sons, 2011.
He Huang, Amr M Youssef, and Mourad Debbabi. Binsequence: fast, accurate and scalable binary code reuse detection. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pages 155–166. ACM, 2017.
Kaspersky Lab. Resource 207: Kaspersky Lab Research proves that Stuxnet and Flame developers are connected. http://newsroom.kaspersky.eu/fileadmin/user_upload/en/Images/Lifestyle/20120611_Kaspersky_Lab_Press_Release_Flame_Stuxnet_cooperation_final_-_UK.pdf, 2012. Accessed: February, 2018.
Lina Nouh, Ashkan Rahimian, Djedjiga Mouheb, Mourad Debbabi, and Aiman Hanna. BinSign: fingerprinting binary functions to support automated analysis of code executables. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 341–355. Springer, 2017.
Ashkan Rahimian, Paria Shirani, Saed Alrbaee, Lingyu Wang, and Mourad Debbabi. Bincomp: A stratified approach to compiler provenance attribution. Digital Investigation, 14:S146–S155, 2015.
Paria Shirani, Lingyu Wang, and Mourad Debbabi. BinShape: Scalable and robust binary library function identification using function shape. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), pages 301–324. Springer, 2017.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Alrabaee, S. et al. (2020). Introduction. In: Binary Code Fingerprinting for Cybersecurity. Advances in Information Security, vol 78. Springer, Cham. https://doi.org/10.1007/978-3-030-34238-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-34238-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34237-1
Online ISBN: 978-3-030-34238-8
eBook Packages: Computer ScienceComputer Science (R0)