Abstract
Binary code fingerprinting is a challenging problem that requires an in-depth analysis of binary components for deriving identifiable signatures. In this chapter, we present a binary function fingerprinting framework called BinSign. The main objective is to provide an accurate and scalable solution to binary code fingerprinting by computing and matching structural and syntactic code profiles for disassemblies. We describe the proposed methodology and evaluate its performance in several use cases, including function reuse, malware analysis , and indexing scalability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Advanced Message Queuing Protocol (AMQP). https://www.amqp.org/. Accessed: January 2017.
Apache Cassandra Web site. http://cassandra.apache.org/. Accessed: January 2017.
Diaphora: A Program Diffing Plugin for IDA Pro. https://github.com/joxeankoret/diaphora. Accessed: January 2019.
Internet Security Threat Report 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf. Accessed: January 2017.
Obfuscator-LLVM. https://github.com/obfuscator-llvm/obfuscator/wiki. Accessed: January 2017.
PatchDiff2: Binary Diffing Plugin for IDA. https://code.google.com/p/patchdiff2/. Accessed: January 2019.
RabbitMQ Web site. https://www.rabbitmq.com/. Accessed: January 2017.
The Reactive Extensions for Python. https://github.com/ReactiveX/RxPY. Accessed: January 2017.
Thicket Family of Source Code Obfuscators. http://www.semdesigns.com/Products/Obfuscators/. Accessed: January 2017.
Weka: Machine Learning Software. https://weka.wikispaces.com/. Accessed: January 2017.
Hex-Rays IDA Pro. https://www.hex-rays.com/products/ida/, 2019. Accessed: June 2019.
Alexandr Andoni and Piotr Indyk. Near-optimal hashing algorithms for approximate nearest neighbor in high dimensions. In 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS’06)., pages 459–468. IEEE, 2006.
Piotr Bania. Generic unpacking of self-modifying, aggressive, packed binary programs. arXiv preprint arXiv:0905.4581, 2009.
Ulrich Bayer, Engin Kirda, and Christopher Kruegel. Improving the efficiency of dynamic malware analysis. In Proceedings of the 2010 ACM Symposium on Applied Computing, pages 1871–1878. ACM, March 2010.
Chandan Kumar Behera and D Lalitha Bhaskari. Different obfuscation techniques for code protection. Procedia Computer Science, 70:757–763, 2015.
Kevin Coogan, Saumya Debray, Tasneem Kaochar, and Gregg Townsend. Automatic static unpacking of malware binaries. In 16th Working Conference on Reverse Engineering, pages 167–176. IEEE, October 2009.
DataStax. Connection Pooling. http://docs.datastax.com/en/developer/java-driver/2.1/manual/pooling/. Accessed: January 2017.
Yaniv David and Eran Yahav. Tracelet-based code search in executables. ACM SIGPLAN Notices, 49(6):349–360, 2014.
Manuel Egele, Theodoor Scholte, Engin Kirda, and Christopher Kruegel. A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR), 44(2):6, 2012.
Pascal Junod, Julien Rinaldini, Johan Wehrli, and Julie Michielin. Obfuscator-LLVM: software protection for the masses. In Proceedings of the 1st International Workshop on Software PROtection (SPRO), pages 3–9. IEEE Press, 2015.
Asha Gowda Karegowda, AS Manjunath, and MA Jayaram. Comparative study of attribute selection using gain ratio and correlation based feature selection. International Journal of Information Technology and Knowledge Management, 2(2):271–277, 2010.
Tımea László and Ákos Kiss. Obfuscating C++ programs via control flow flattening. Annales Universitatis Scientarum Budapestinensis de Rolando Eötvös Nominatae, Sectio Computatorica, 30:3–19, 2009.
Jure Leskovec, Anand Rajaraman, and Jeffrey David Ullman. Mining of massive datasets. Cambridge University Press, 2014.
Jason Milletary. Citadel trojan malware analysis. Dell SecureWorks Counter Threat Unit Intelligence Services, pages 10–18, 2012.
Andreas Moser, Christopher Kruegel, and Engin Kirda. Exploring multiple execution paths for malware analysis. In IEEE Symposium on Security and Privacy (S&P), pages 231–245. IEEE, May 2007.
Marius Popa. Techniques of program code obfuscation for secure software. Journal of Mobile, Embedded and Distributed Systems, 3(4):205–219, 2011.
Ashkan Rahimian, Raha Ziarati, Stere Preda, and Mourad Debbabi. On the Reverse Engineering of the Citadel Botnet. In International Symposium on Foundations and Practice of Security, pages 408–425. Springer, 2013.
Hassen Saıdi, V Yegneswaran, and P Porras. Experiences in malware binary deobfuscation. Virus Bulletin, 2010.
Ramandeep Singh. A review of reverse engineering theories and tools. International Journal of Engineering Science Invention, 2(1):35–38, 2013.
Guillermo Suarez-Tangil, Juan E Tapiador, Pedro Peris-Lopez, and Arturo Ribagorda. Evolution, detection and analysis of malware for smart devices. IEEE Communications Surveys & Tutorials, 16(2):961–987, 2014.
Christoph Treude, Fernando Figueira Filho, Margaret Anne Storey, and Martin Salois. An exploratory study of software reverse engineering in a security context. In 2011 18th Working Conference on Reverse Engineering, pages 184–188. IEEE, October 2011.
Sharath K Udupa, Saumya K Debray, and Matias Madou. Deobfuscation: Reverse engineering obfuscated code. In 12th Working Conference on Reverse Engineering (WCRE’05), pages 10–pp. IEEE, November 2005.
Syarif Yusirwan, Yudi Prayudi, and Imam Riadi. Implementation of malware analysis using static and dynamic analysis method. International Journal of Computer Applications, 117(6), 2015.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Alrabaee, S. et al. (2020). Function Fingerprinting. In: Binary Code Fingerprinting for Cybersecurity. Advances in Information Security, vol 78. Springer, Cham. https://doi.org/10.1007/978-3-030-34238-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-34238-8_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34237-1
Online ISBN: 978-3-030-34238-8
eBook Packages: Computer ScienceComputer Science (R0)