检索结果-内蒙古大学图书馆

Comparison of binary Procedures: A Set of Techniques for Evading Compiler Transformations

COMPUTER JOURNAL 2016年第1期59卷 106-118页

作者： Radivojevic, Zaharije Cvetanovic, Milos Stojanovic, Sasa Univ Belgrade Sch Elect Engn Bulevar Kralja Aleksandra 73 Belgrade 11000 Serbia

License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production of a binary code using an arbitrary compiler decreases results of the evaluated solutions up to 10 times. The best performing solution, among those evaluated, uses software metrics for assessing similarities between procedures and ranks procedures from the binary code according to their similarities with the target forensics procedure. This paper tries to improve the ranking by proposing five techniques for making similarities assessment more robust against compiler transformations. The proposed techniques filter stack instructions and transfer instructions, retain partial information about the instruction order, simulate inlining, and eliminate procedures that significantly differ from the searched procedure. The techniques are evaluated using a dataset based on the STAMP benchmark and re-evaluated using a dataset based on the BusyBox toolset. The evaluation shows that the use of the proposed techniques increases recall by 47 and 42% for the first and second datasets, respectively.

关键词： binary code analysis license violation dual-license software metric software library copyright infringement

来源：评论

学校读者我要写书评

暂无评论

CPA: Accurate Cross-Platform binary Authorship Characterization Using LDA

引用

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 2020年 15卷 3051-3066页

作者： Alrabaee, Saed Debbabi, Mourad Wang, Lingyu United Arab Emirates Univ Informat Syst & Secur Dept Al Ain U Arab Emirates Concordia Univ CIISE Montreal PQ H3G 1M8 Canada

binary authorship characterization refers to the process of identifying stylistic characteristics that are related to the author of an anonymous binary code. The aim is to automate the laborious and error-prone reverse engineering task of discovering information related to the author(s) of binary code. This paper presents CPA, a novel approach for characterizing the authors of program binaries. Instead of using generic features such as n-grams, CPA proposes a set of new features based on collections of various aspects of author style, including author code traits, code structure characteristics, and author expertise in solving coding tasks. It employs the Latent Dirichlet Allocation (LDA) algorithm to generate author style signatures to help identify similar author style characteristics in other binaries. We evaluated CPA on large datasets extracted from selected open-source C/C++ projects in GitHub and Google code Jam events, and it successfully attributed a large number of authors with a significantly higher $F_binary$ score: around 91% when the number of authors was 1,500. In addition, the false positive rate was low, around 1.5%. When the code was subjected to refactoring techniques or code transformation or was processed using different compilers/compilation settings, there was no significant drop in accuracy, demonstrating the robustness of our tool. Finally, in the case of code written by multiple authors, CPA was able to identify the authors with a high $F_binary$ score, around 89%.

关键词： binary code analysis reverse engineering authorship characterization LDA

来源：评论

学校读者我要写书评

暂无评论

Fine-Grained Compiler Identification With Sequence-Oriented Neural Modeling

引用

IEEE ACCESS 2021年 9卷 49160-49175页

作者： Tian, Zhenzhou Huang, Yaqian Xie, Borun Chen, Yanping Chen, Lingwei Wu, Dinghao Xian Univ Posts & Telecommun Sch Comp Sci & Technol Xian 710121 Peoples R China Shaanxi Key Lab Network Data Anal & Intelligent P Xian 710121 Peoples R China Penn State Univ Coll Informat Sci & Technol University Pk PA 16802 USA

Different compilers and optimization levels can be used to compile the source code. Revealed in reverse from the produced binaries, these compiler details facilitate essential binary analysis tasks, such as malware analysis and software forensics. Most existing approaches adopt a signature matching based or machine learning based strategy to identify the compiler details, showing limits in either the detection accuracy or granularity. In this work, we propose NeuralCI (Neural modeling-based Compiler Identification) to infer these compiler details including compiler family, optimization level and compiler version on individual functions. The basic idea is to formulate sequence-oriented neural networks to process normalized instruction sequences generated using a lightweight function abstraction strategy. To evaluate the performance of NeuralCI, a large dataset consisting of 854,858 unique functions collected from 19 widely used real-world projects is constructed. The experiments show that NeuralCI achieves averagely 98.6% accuracy in identifying the compiler family, 95.3% accuracy in identifying the optimization level, 88.7% accuracy in identifying the compiler version, 94.8% accuracy in identifying the compiler family and optimization level, and 83.0% accuracy in identifying all compiler components simultaneously, outperforming existing function level compiler identification methods in terms of both detection accuracy and comprehensiveness.

关键词： Optimization Program processors binary codes Task analysis Tools Production Recurrent neural networks Software forensics binary code analysis compiler identification neural network

来源：评论

学校读者我要写书评

暂无评论

Bin-Carver: Automatic recovery of binary executable files

引用

DIGITAL INVESTIGATION 2012年 9卷 S108-S117页

作者： Hand, Scott Lin, Zhiqiang Gu, Guofei Thuraisingham, Bhavani Univ Texas Dallas Dept Comp Sci Dallas TX 75230 USA Univ Texas Dallas Erik Jonsson Sch Engn & Comp Sci Dallas TX 75230 USA Texas A&M Univ Dept Comp Sci & Engn College Stn TX 77843 USA

File carving is the process of reassembling files from disk fragments based on the file content in the absence of file system metadata. By leveraging both file header and footer pairs, traditional file carving mainly focuses on document and image files such as PDF and JPEG. With the vast amount of malware code appearing in the wild daily, recovery of binary executable files becomes an important problem, especially for the case in which malware deletes itself after compromising a computer. However, unlike image files that usually have both a header and footer pair, executable files only have header information, which makes the carving much harder. In this paper, we present Bin-Carver, a first-of-its-kind system to automatically recover executable files with deleted or corrupted metadata. The key idea is to explore the road map information defined in executable file headers and the explicit control flow paths present in the binary code. Our experiment with thousands of binary code files has shown our Bin-Carver to be incredibly accurate, with an identification rate of 96.3% and recovery rate of 93.1% on average when handling file systems ranging from pristine to chaotic and highly fragmented. (c) 2012 Z. Lin, S. Hand, G. Gu & B. Thuraisingham. Published by Elsevier Ltd. All rights reserved.

关键词： File carving ELF Fragmentation Digital forensics File recovery binary code analysis

来源：评论

学校读者我要写书评

暂无评论

LIFTFUZZ: Validating binary Lifters through Context-aware Fuzzing with GPT 24

LIFTFUZZ: Validating Binary Lifters through Context-aware Fu...

引用

31st Conference on Computer and Communications Security

作者： Zhou, Yutong Yang, Fan Song, Zirui Zhang, Ke Chen, Jiongyi Zhang, Kehuan Chinese Univ Hong Kong Hong Kong Peoples R China

ISBN: (纸本)9798400706363

Analyzing binary code is vital for software engineering and security research, particularly when the source code is unavailable. However, understanding, modifying, and retargeting binary code can be complex tasks. To counter these difficulties, binary lifters have been introduced. These tools translate binary code into Intermediate Representations (IRs), providing several advantages, such as enabling modifications to executables without source code and facilitating code retargetability. So far, accurately developing binary lifters for modern ISAs is universally acknowledged as challenging and errorprone. Existing validation methods mainly concentrate on isolated instructions, overlooking interactions among instructions. In this paper, we introduce LIFTFUZZ, a novel framework that leverages instruction context-aware fuzzing to validate binary lifters. LIFTFUZZ harnesses an assembly language model to learn interactions among instructions and generates test cases with the knowledge. LIFTFUZZ greatly outperforms the baseline, requiring only 1/1000 of the test cases used by the baseline to identify 26 inconsistencies, including a previously uncovered category. LIFTFUZZ significantly contributes to enhancing the performance of binary lifters, which are frequently employed in binary security applications.

关键词： binary code analysis binary Lifter Fuzzing Machine Learning

来源：评论

学校读者我要写书评

暂无评论

Accurate and Robust Malware analysis through Similarity of External Calls Dependency Graphs (ECDG) 21

Accurate and Robust Malware Analysis through Similarity of E...

引用

16th International Conference on Availability, Reliability and Security (ARES)

作者： Puodzius, Cassius Zendra, Olivier Heuser, Annelie Noureddine, Lamine INRIA Rennes France IRISA Rennes France

ISBN: (纸本)9781450390514

Malware is a primary concern in cybersecurity, being one of the attacker's favorite cyberweapons. Over time, malware evolves not only in complexity but also in diversity and quantity. Malware analysis automation is thus crucial. In this paper we present ECDGs, a shorter call graph representation, and a new similarity function that is accurate and robust. Toward this goal, we revisit some principles of malware analysis research to define basic primitives and an evaluation paradigm addressed for the setup of more reliable experiments. Our benchmark shows that our similarity function is very efficient in practice, achieving speedup rates of 3.30x and 354, 11x wrt. radiff2 for the standard and the cache-enhanced implementations, respectively. Our evaluations generate clusters that produce almost unerring results - homogeneity score of 0.983 for the accuracy phase - and marginal information loss for a highly polluted dataset - NMI score of 0.974 between initial and final clusters of the robustness phase. Overall, ECDGs and our similarity function enable autonomous frameworks for malware search and clustering that can assist human-based analysis or improve classification models for malware analysis.

关键词： binary code analysis similarity call graph malware

来源：评论

学校读者我要写书评

暂无评论

Applying Convolutional Neural Network for Malware Detection 10

Applying Convolutional Neural Network for Malware Detection

引用

IEEE 10th International Conference on Awareness Science and Technology (iCAST)

作者： Chen, Chia-Mei Wang, Shi-Hao Wen, Dan-Wei Lai, Gu-Hsin Sun, Ming-Kung Natl Sun Yat Sen Univ Dept Informat Management Kaohsiung Taiwan Shu Zen Jr Coll Med & Management Dept Informat Management Kaohsiung Taiwan Guilin Univ Elect Technol Dept Finance & Accounting Guilin Peoples R China Taiwan Police Coll Dept Technol Crime Invest Taipei Taiwan Acer Cyber Secur Inc Taipei Taiwan

ISBN: (纸本)9781728138213

Failure to detect malware at its very inception leaves room for it to post significant threat and cost to cyber security for not only individuals, organizations but also the society and nation. However, the rapid growth in volume and diversity of malware renders conventional detection techniques that utilize feature extraction and comparison insufficient, making it very difficult for well-trained network administrators to identify malware, not to mention regular users of internet. Challenges in malware detection is exacerbated since complexity in the type and structure also increase dramatically in these years to include source code, binary file, shell script, Perl script, instructions, settings and others. Such increased complexity offers a premium on misjudgment. In order to increase malware detection efficiency and accuracy under large volume and multiple types of malware, this research adopts Convolutional Neural Networks (CNN), one of the most successful deep learning techniques. The experiment shows an accuracy rate of over 90% in identifying malicious and benign codes. The experiment also presents that CNN is effective with detecting source code and binary code, it can further identify malware that is embedded into benign code, leaving malware no place to hide. This research proposes a feasible solution for network administrators to efficiently identify malware at the very inception in the severe network environment nowadays, so that information technology personnel can take protective actions in a timely manner and make preparations for potential follow-up cyber-attacks.

关键词： malware detection deep learning Convolutional Neural Networks (CNN) source code analysis binary code analysis

来源：评论

学校读者我要写书评

暂无评论

Improved Algorithm for the Network Alignment Problem with Application to binary Diffing 25

Improved Algorithm for the Network Alignment Problem with Ap...

引用

25th KES International Conference on Knowledge-Based and Intelligent Information & Engineering Systems (KES)

作者： Mengin, Elie Rossi, Fabrice Univ Paris 1 Pantheon Sorbonne SAMM EA 4543 F-75013 Paris France Quarkslab SA 13 Rue St Ambroise F-75011 Paris France Univ Paris 09 PSL Univ CNRS CEREMADEUMR 7534 F-75016 Paris France

In this paper, we present a novel algorithm to address the Network Alignment problem. It is inspired from a previous message passing framework of Bayati et al. [2] and includes several modifications designed to significantly speed up the message updates as well as to enforce their convergence. Experiments show that our proposed model outperforms other state-of-the-art solvers. Finally, we propose an application of our method in order to address the binary Diffing problem. We show that our solution provides better assignment than the reference differs in almost all submitted instances and outline the importance of leveraging the graphical structure of binary programs. (C) 2021 The Authors. Published by Elsevier B.V.

关键词： Network Alignment Graph Matching Belief Propagation binary Diffing binary code analysis

来源：评论

学校读者我要写书评

暂无评论

A MinHash Approach for Clustering Large Collections of binary Programs 20

A MinHash Approach for Clustering Large Collections of Binar...

引用

20th International Conference on System Controls and Computer Science 2015

作者： Oprisa, Ciprian Tech Univ Cluj Napoca Cluj Napoca Romania

ISBN: (纸本)9781479917808

Clustering large collections of binary programs is a challenging task due to two factors. First of all, a way to determine if two samples are similar or not is required. Secondly, pairwise comparison is impractical on collections comprising millions of items. This paper will mainly focus on the second factor and will propose a clustering algorithm based on the properties of MinHash functions. The algorithm will comprise of several iterations, where such functions are used to partition the collection of samples into smaller groups, such that elements of the same group are likely to be similar. Several heuristics will be proposed in order to tune up the algorithm performance while maintaining quality results. The experimental evaluation showed that the proposed solution can cluster 10 million binary programs in less than two and a half hours.

关键词： MinHash binary code analysis clustering locality-sensitive hashing single linkage Cluster analysis Clustering algorithms binary binary code Specimen Collection collection tuning iterative methods

来源：评论

学校读者我要写书评

暂无评论

Timing Performance Profiling of Substation Control code for IED Malware Detection 2017

Timing Performance Profiling of Substation Control Code for ...

引用

3rd Annual Industrial Control System Security Workshop (ICSS)

作者： Rrushi, Julian L. Western Washington Univ Dept Comp Sci Bellingham WA 98225 USA

ISBN: (纸本)9781450363334

We present a binary static analysis approach to detect intelligent electronic device (IED) malware based on the time requirements of electrical substations. We explore graph theory techniques to model the timing performance of an IED executable. Timing performance is subsequently used as a metric for IED malware detection. More specifically, we perform a series of steps to reduce a part of the IED malware detection problem into a classical problem of graph theory, namely finding single-source shortest paths on a weighted directed acyclic graph (DAG). Shortest paths represent execution flows that take the longest time to compute. Their clock cycles are examined to determine if they violate the real-time nature of substation monitoring and control, in which case IED malware detection is attained. We did this work with particular reference to implementations of protection and control algorithms that use the IEC 61850 standard for substation data representation and network communication. We tested our approach against IED exploits and malware, network scanning code, and numerous malware samples involved in recent ICS malware campaigns.

关键词： Intelligent electronic devices control system malware graph theory binary code analysis

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：