Skip to main content
SpringerLink
Log in

Function Fingerprinting

  • Chapter
  • First Online:
Binary Code Fingerprinting for Cybersecurity

Part of the book series: Advances in Information Security ((ADIS,volume 78))

  • 1031 Accesses

Abstract

Binary code fingerprinting is a challenging problem that requires an in-depth analysis of binary components for deriving identifiable signatures. In this chapter, we present a binary function fingerprinting framework called BinSign. The main objective is to provide an accurate and scalable solution to binary code fingerprinting by computing and matching structural and syntactic code profiles for disassemblies. We describe the proposed methodology and evaluate its performance in several use cases, including function reuse, malware analysis , and indexing scalability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Advanced Message Queuing Protocol (AMQP). https://www.amqp.org/. Accessed: January 2017.

  2. Apache Cassandra Web site. http://cassandra.apache.org/. Accessed: January 2017.

  3. Diaphora: A Program Diffing Plugin for IDA Pro. https://github.com/joxeankoret/diaphora. Accessed: January 2019.

  4. Internet Security Threat Report 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf. Accessed: January 2017.

  5. Obfuscator-LLVM. https://github.com/obfuscator-llvm/obfuscator/wiki. Accessed: January 2017.

  6. PatchDiff2: Binary Diffing Plugin for IDA. https://code.google.com/p/patchdiff2/. Accessed: January 2019.

  7. RabbitMQ Web site. https://www.rabbitmq.com/. Accessed: January 2017.

  8. The Reactive Extensions for Python. https://github.com/ReactiveX/RxPY. Accessed: January 2017.

  9. Thicket Family of Source Code Obfuscators. http://www.semdesigns.com/Products/Obfuscators/. Accessed: January 2017.

  10. Weka: Machine Learning Software. https://weka.wikispaces.com/. Accessed: January 2017.

  11. Hex-Rays IDA Pro. https://www.hex-rays.com/products/ida/, 2019. Accessed: June 2019.

  12. Alexandr Andoni and Piotr Indyk. Near-optimal hashing algorithms for approximate nearest neighbor in high dimensions. In 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS’06)., pages 459–468. IEEE, 2006.

    Google Scholar 

  13. Piotr Bania. Generic unpacking of self-modifying, aggressive, packed binary programs. arXiv preprint arXiv:0905.4581, 2009.

    Google Scholar 

  14. Ulrich Bayer, Engin Kirda, and Christopher Kruegel. Improving the efficiency of dynamic malware analysis. In Proceedings of the 2010 ACM Symposium on Applied Computing, pages 1871–1878. ACM, March 2010.

    Google Scholar 

  15. Chandan Kumar Behera and D Lalitha Bhaskari. Different obfuscation techniques for code protection. Procedia Computer Science, 70:757–763, 2015.

    Article  Google Scholar 

  16. Kevin Coogan, Saumya Debray, Tasneem Kaochar, and Gregg Townsend. Automatic static unpacking of malware binaries. In 16th Working Conference on Reverse Engineering, pages 167–176. IEEE, October 2009.

    Google Scholar 

  17. DataStax. Connection Pooling. http://docs.datastax.com/en/developer/java-driver/2.1/manual/pooling/. Accessed: January 2017.

  18. Yaniv David and Eran Yahav. Tracelet-based code search in executables. ACM SIGPLAN Notices, 49(6):349–360, 2014.

    Article  Google Scholar 

  19. Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR), 44(2):6, 2012.

    Google Scholar 

  20. Pascal Junod, Julien Rinaldini, Johan Wehrli, and Julie Michielin. Obfuscator-LLVM: software protection for the masses. In Proceedings of the 1st International Workshop on Software PROtection (SPRO), pages 3–9. IEEE Press, 2015.

    Google Scholar 

  21. Asha Gowda Karegowda, AS Manjunath, and MA Jayaram. Comparative study of attribute selection using gain ratio and correlation based feature selection. International Journal of Information Technology and Knowledge Management, 2(2):271–277, 2010.

    Google Scholar 

  22. Tımea László and Ákos Kiss. Obfuscating C++ programs via control flow flattening. Annales Universitatis Scientarum Budapestinensis de Rolando Eötvös Nominatae, Sectio Computatorica, 30:3–19, 2009.

    MATH  Google Scholar 

  23. Jure Leskovec, Anand Rajaraman, and Jeffrey David Ullman. Mining of massive datasets. Cambridge University Press, 2014.

    Google Scholar 

  24. Jason Milletary. Citadel trojan malware analysis. Dell SecureWorks Counter Threat Unit Intelligence Services, pages 10–18, 2012.

    Google Scholar 

  25. Andreas Moser, Christopher Kruegel, and Engin Kirda. Exploring multiple execution paths for malware analysis. In IEEE Symposium on Security and Privacy (S&P), pages 231–245. IEEE, May 2007.

    Google Scholar 

  26. Marius Popa. Techniques of program code obfuscation for secure software. Journal of Mobile, Embedded and Distributed Systems, 3(4):205–219, 2011.

    Google Scholar 

  27. Ashkan Rahimian, Raha Ziarati, Stere Preda, and Mourad Debbabi. On the Reverse Engineering of the Citadel Botnet. In International Symposium on Foundations and Practice of Security, pages 408–425. Springer, 2013.

    Google Scholar 

  28. Hassen Saıdi, V Yegneswaran, and P Porras. Experiences in malware binary deobfuscation. Virus Bulletin, 2010.

    Google Scholar 

  29. Ramandeep Singh. A review of reverse engineering theories and tools. International Journal of Engineering Science Invention, 2(1):35–38, 2013.

    Google Scholar 

  30. Guillermo Suarez-Tangil, Juan E Tapiador, Pedro Peris-Lopez, and Arturo Ribagorda. Evolution, detection and analysis of malware for smart devices. IEEE Communications Surveys & Tutorials, 16(2):961–987, 2014.

    Article  Google Scholar 

  31. Christoph Treude, Fernando Figueira Filho, Margaret Anne Storey, and Martin Salois. An exploratory study of software reverse engineering in a security context. In 2011 18th Working Conference on Reverse Engineering, pages 184–188. IEEE, October 2011.

    Google Scholar 

  32. Sharath K Udupa, Saumya K Debray, and Matias Madou. Deobfuscation: Reverse engineering obfuscated code. In 12th Working Conference on Reverse Engineering (WCRE’05), pages 10–pp. IEEE, November 2005.

    Google Scholar 

  33. Syarif Yusirwan, Yudi Prayudi, and Imam Riadi. Implementation of malware analysis using static and dynamic analysis method. International Journal of Computer Applications, 117(6), 2015.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Systems & Security (CIT), United Arab Emirates University, Al Ain, UAE

    Saed Alrabaee

  2. Gina Cody School of Engineering and Computer Science, Concordia University, Montreal, QC, Canada

    Mourad Debbabi, Paria Shirani, Lingyu Wang, Amr Youssef & Aiman Hanna

  3. East Tower, Bay Adelaide Centre Deloitte Canada, Toronto, ON, Canada

    Ashkan Rahimian

  4. Deloitte Middle East, Riyadh, Saudi Arabia

    Lina Nouh

  5. Department of Computer Science, University of Sharjah, Sharjah, UAE

    Djedjiga Mouheb

  6. Moody’s Analytics, Toronto, ON, Canada

    He Huang

Authors
  1. Saed Alrabaee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mourad Debbabi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paria Shirani
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Lingyu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Amr Youssef
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ashkan Rahimian
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Lina Nouh
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Djedjiga Mouheb
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. He Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Aiman Hanna
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Alrabaee, S. et al. (2020). Function Fingerprinting. In: Binary Code Fingerprinting for Cybersecurity. Advances in Information Security, vol 78. Springer, Cham. https://doi.org/10.1007/978-3-030-34238-8_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34238-8_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34237-1

  • Online ISBN: 978-3-030-34238-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation