检索结果-内蒙古大学图书馆

BinComp: A stratified approach to compiler provenance Attribution

DIGITAL INVESTIGATION 2015年第S1期14卷 S146-S155页

作者： Rahimian, Ashkan Shirani, Paria Alrbaee, Saed Wang, Lingyu Debbabi, Mourad Concordia Univ Concordia Inst Informat Syst Engn Comp Secur Lab Montreal PQ Canada

Compiler provenance encompasses numerous pieces of information, such as the compiler family, compiler version, optimization level, and compiler-related functions. The extraction of such information is imperative for various binary analysis applications, such as function fingerprinting, clone detection, and authorship attribution. It is thus important to develop an efficient and automated approach for extracting compiler provenance. In this study, we present BinComp, a practical approach which, analyzes the syntax, structure, and semantics of disassembled functions to extract compiler provenance. BinComp has a stratified architecture with three layers. The first layer applies a supervised compilation process to a set of known programs to model the default code transformation of compilers. The second layer employs an intersection process that disassembles functions across compiled binaries to extract statistical features (e.g., numerical values) from common compiler/linker-inserted functions. This layer labels the compiler-related functions. The third layer extracts semantic features from the labeled compiler-related functions to identify the compiler version and the optimization level. Our experimental results demonstrate that BinComp is efficient in terms of-both computational resources and time. (C) 2015 The Authors. Published by Elsevier Ltd on behalf of DFRWS. This is an open access article under the CC BY-NC-ND license (http://***/licenses/by-nc-nd/4.0/).

关键词： Compiler provenance Reverse engineering binary program analysis Digital forensics programming analysis

来源：评论

学校读者我要写书评

暂无评论

Empirical Study of Software Composition analysis Tools for C/C plus plus binary programs

引用

IEEE ACCESS 2024年 12卷 50418-50430页

作者： Ning, Yuqiao Zhang, Yanan Ma, Chao Guo, Zhen Yu, Longhai CATARC Intelligent & Connected Technol Co Ltd Guangzhou Peoples R China Automot Data China Tianjin Co Ltd Tianjin 300162 Peoples R China

Software composition analysis (SCA) is essential for understanding and optimizing complex C programs, ensuring system reliability and efficiency. Analyzing programs at the binary level provides insights into behavior, performance, and security. However, comprehensive evaluations of both academic and commercialized SCA tools are lacking. To this end, this paper presents a comprehensive evaluation of software composition analysis techniques for accurately identifying components in C/C++ binary programs. The study examines different analysis techniques in terms of accuracy, performance, domain-specific capabilities, and additional abilities such as detecting security vulnerabilities and code reuse potential. The results show that SCA tools reach over 70% accuracy in detecting general libraries and the accuracy drops to less than 45% for libraries in domain-specific software. Commercialized tools exhibit better efficiency and practicalness than academic tools. The evaluation provides insights into the strengths and limitations of various approaches, offering suggestions for SCA development and the selection of the most suitable tools.

关键词： binary program analysis software composition analysis

来源：评论

学校读者我要写书评

暂无评论

OBA2: An Onion approach to binary code Authorship Attribution

引用

DIGITAL INVESTIGATION 2014年第SUPPL. 1期11卷 S94-S103页

作者： Alrabaee, Saed Saleem, Noman Preda, Stere Wang, Lingyu Debbabi, Mourad Concordia Univ Comp Secur Lab Natl Cyber Forens & Training Alliance Canada Montreal PQ Canada

A critical aspect of malware forensics is authorship analysis. The successful outcome of such analysis is usually determined by the reverse engineer's skills and by the volume and complexity of the code under analysis. To assist reverse engineers in such a tedious and error-prone task, it is desirable to develop reliable and automated tools for supporting the practice of malware authorship attribution. In a recent work, machine learning was used to rank and select syntax-based features such as n-grams and flow graphs. The experimental results showed that the top ranked features were unique for each author, which was regarded as an evidence that those features capture the author's programming styles. In this paper, however, we show that the uniqueness of features does not necessarily correspond to authorship. Specifically, our analysis demonstrates that many "unique" features selected using this method are clearly unrelated to the authors' programming styles, for example, unique IDs or random but unique function names generated by the compiler;furthermore, the overall accuracy is generally unsatisfactory. Motivated by this discovery, we propose a layered Onion Approach for binary Authorship Attribution called OBA2. The novelty of our approach lies in the three complementary layers: preprocessing, syntax-based attribution, and semantic-based attribution. Experiments show that our method produces results that not only are more accurate but have a meaningful connection to the authors' styles. (C) 2014 The Author. Published by Elsevier Ltd on behalf of DFRWS.

关键词： Authorship attribution Reverse engineering binary program analysis Malware forensics Digital forensics

来源：评论

学校读者我要写书评

暂无评论

Bin2vec:learning representations of binary executable programs for security tasks

引用

Cybersecurity 2021年第1期4卷 401-414页

作者： Shushan Arakelyan Sima Arasteh Christophe Hauser Erik Kline Aram Galstyan Information Sciences Institute 4676 Admiralty WayMarina Del ReyCAUSA

Tackling binary program analysis problems has traditionally implied manually defining rules and heuristics,a tedious and time consuming task for human *** order to improve automation and scalability,we propose an alternative direction based on distributed representations of binary programs with applicability to a number of downstream *** introduce Bin2vec,a new approach leveraging Graph Convolutional Networks(GCN)along with computational program graphs in order to learn a high dimensional representation of binary executable *** demonstrate the versatility of this approach by using our representations to solve two semantically different binary analysis tasks–functional algorithm classification and vulnerability *** compare the proposed approach to our own strong baseline as well as published results,and demonstrate improvement over state-of-the-art methods for both *** evaluated Bin2vec on 49191 binaries for the functional algorithm classification task,and on 30 different CWE-IDs including at least 100 CVE entries each for the vulnerability discovery *** set a new state-of-the-art result by reducing the classification error by 40%compared to the source-code based inst2vec approach,while working on binary *** almost every vulnerability class in our dataset,our prediction accuracy is over 80%(and over 90%in multiple classes).

关键词： binary program analysis Computer security Vulnerability discovery Neural networks

来源：评论

学校读者我要写书评

暂无评论

Automatically Patching Vulnerabilities of binary programs via Code Transfer From Correct Versions

引用

IEEE ACCESS 2019年 7卷 28170-28184页

作者： Hu, Yikun Zhang, Yuanyuan Gu, Dawu Shanghai Jiao Tong Univ Sch Elect Informat & Elect Engn Shanghai 200240 Peoples R China

The security of binary programs is significantly threatened by software vulnerabilities. When vulnerabilities are found, those applications are exposed to malicious attacks that exploit the known vulnerabilities. Thus, it is necessary to patch them when vulnerabilities are reported to the public as soon as possible. However, it still heavily relies on manual work to locate and correct the corresponding defective code in the binary programs. In order to raise productivity and ensure software security, it becomes imperative to automate the process. In this paper, we propose BINPATCH to automatically patch known vulnerabilities of binary programs. It first locates the defective function, which contains the vulnerability, via similar code comparison. Then, it reuses the corresponding code from the correct version of the defective function as the patch code and inserts it to the defective function via binary rewriting. BINPATCH is evaluated on eight real-world vulnerabilities, and the experimental results show that it is able to not only locate the defective code effectively but also patch the code correctly.

关键词： Reverse engineering binary code patching binary program analysis software security

来源：评论

学校读者我要写书评

暂无评论

Harm-DoS: Hash Algorithm Replacement for Mitigating Denial-of-Service Vulnerabilities in binary Executables 22

Harm-DoS: Hash Algorithm Replacement for Mitigating Denial-o...

引用

25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)

作者： Weideman, Nicolaas Wang, Haoda Kann, Tyler Zahabizadeh, Spencer Wu, Wei-Cheng Tandon, Rajat Mirkovic, Jelena Hauser, Christophe Univ Southern Calif Informat Sci Inst Marina Del Rey CA 90292 USA

ISBN: (纸本)9781450397049

programs and services relying on weak hash algorithms as part of their hash table implementations are vulnerable to hash-collision denial-of-service attacks. In the context of such an attack, the attacker sends a series of program inputs leading to hash collisions. In the best case, this slows down the execution and processing for all requests, and in the worst case it renders the program or service unavailable. We propose a new binary program analysis approach to automatically detect weak hash functions and patch vulnerable binary programs, by replacing the weak hash function with a secure alternative. To verify that our mitigation strategy does not break program functionality, we design and leverage multiple stages of static analysis and symbolic execution, which demonstrate that the patched code performs equivalently to the original code, but does not suffer from the same vulnerability. We analyze 105, 831 real-world programs and confirm the use of 796 weak hash functions in the same number of programs. We successfully replace 759 of these in a non-disruptive manner. The entire process is automated. Among the real-world programs analyzed, we discovered, disclosed and mitigated a zero-day hash-collision vulnerability in Reddit.

关键词： binary program analysis automatic vulnerability detection automatic vulnerability mitigation

来源：评论

学校读者我要写书评

暂无评论

Malware Dynamic Recompilation

Malware Dynamic Recompilation

引用

47th Annual Hawaii International Conference on System Sciences

作者： Josse, Sebastien DGA Los Angeles CA 90046 USA

ISBN: (纸本)9781479925049

Malware are more and more difficult to analyze, using conventional static and dynamic analysis tools, because they use commercially off-the-shelf specialized tools to protect their code. We present in this paper the bases of a multi-targets, generic and automatic binary rewriting tool adapted to the analysis of protected and potentially hostile binary programs. It implements an emulator and several specialized analysis functions to firstly observe the target program and its execution environment, and next extract and simplify its representation. This simplification is done through the use of a new and generic method of information extraction and deobfuscation.

关键词： invasive software program diagnostics binary program analysis code protection dynamic malware recompilation emulators execution environment information deobfuscation information extraction multi-target-generic-automatic binary rewriting tool off-the-shelf specialized tools target program analysis functions Computer architecture Data mining Engines Instruments Malware Operating systems

来源：评论

学校读者我要写书评

暂无评论

binary Diffing as a Network Alignment Problem via Belief Propagation 36

Binary Diffing as a Network Alignment Problem via Belief Pro...

引用

36th IEEE/ACM International Conference on Automated Software Engineering (ASE)

作者： Mengin, Elie Rossi, Fabrice Univ Paris 1 Pantheon Sorbonne SAMM EA 4543 Paris France Quarkslab SA 13 Rue St Ambroise Paris France PSL Univ Univ Paris Dauphine CEREMADE CNRSUMR 7534 Paris France

ISBN: (纸本)9781665403375

In this paper, we address the problem of finding a correspondence, or matching, between the functions of two programs in binary form, which is one of the most common task in binary diffing We introduce a new formulation of this problem as a particular instance of a graph edit problem over the call graphs of the programs. In this formulation, the quality of a mapping is evaluated simultaneously with respect to both function content and call graph similarities. We show that this formulation is equivalent to a network alignment problem. We propose a solving strategy for this problem based on max-product belief propagation. Finally, we implement a prototype of our method, called QBinDiff, and propose an extensive evaluation which shows that our approach outperforms state of the art diffing tools.

关键词： binary Diffing binary program analysis Graph Edit Distance Network Alignment Belief Propagation

来源：评论

学校读者我要写书评

暂无评论

Sleak: Automating Address Space Layout Derandomization 19

Sleak: Automating Address Space Layout Derandomization

引用

35th Annual Computer Security Applications Conference (ACSA)

作者： Hauser, Christophe Menon, Jayakrishna Shoshitaishvili, Yan Wang, Ruoyu Vigna, Giovanni Kruegel, Christopher Univ Southern Calif Informat Sci Inst Los Angeles CA 90007 USA Arizona State Univ Tempe AZ 85287 USA Univ Calif Santa Barbara Santa Barbara CA 93106 USA

ISBN: (纸本)9781450376280

We present a novel approach to automatically recover information about the address space layout of remote processes in the presence of Address Space Layout Randomization (ASLR). Our system, dubbed Sleak, performs static analysis and symbolic execution of binary executable programs, and identifies program paths and input parameters leading to partial (i.e., only a few bits) or complete (i.e., the whole address) information disclosure vulnerabilities, revealing addresses of known objects of the target service or application. Sleak takes, as input, the binary executable program, and generates a symbolic expression for each program output that leaks information about the addresses of objects, such as stack variables, heap structures, or function pointers. By comparing these expressions with the concrete output of a remote process executing the same binary program image, our system is able to recover from a few bits to whole addresses of objects of the target application or service. Discovering the address of a single object in the target application is often enough to guess the layout of entire sections of the address space, which can be leveraged by attackers to bypass ASLR.

关键词： binary program analysis vulnerability discovery information leakage

来源：评论

学校读者我要写书评

暂无评论

A Static taint Detection Method for Stack Overflow Vulnerabilities in binaries 4

A Static taint Detection Method for Stack Overflow Vulnerabi...

引用

4th International Conference on Information Science and Control Engineering (ICISCE)

作者： Feng, Chao Zhang, Xing Natl Univ Def Technol Coll Elect Sci & Technol Sci Changsha Hunan Peoples R China

ISBN: (纸本)9781538630136

The current static analysis approaches for detecting stack overflow vulnerabilities in binaries are only usable to the functions in system libraries and not suitable for user defined functions. In this paper, we model the characteristic of stack overflow vulnerabilities and propose a static taint analysis method, which can recognize user defined functions that may have that type of vulnerabilities. The experiments on 4 runtime libraries and 2 executables show that this method can find the stack overflow vulnerabilities in binaries correctly and effectively.

关键词： component binary program analysis static analysis stackoverflow vulnerabilities static taint analysis

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：