BinComp: A stratified approach to compiler provenance Attribution

Rahimian, Ashkan; Shirani, Paria; Alrbaee, Saed; Wang, Lingyu; Debbabi, Mourad

doi:10.1016/j.diin.2015.05.015

Cited by 44 publications

(32 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [33] the same authors outperformed their previous solution combining idioms with graphlets. Rahimian et al [32] proposed an approach based on annotated control flow graph (ACFG) to recover the compiler provenance of a binary, however their approach seems to be less accurate than [33]. Recently, Chen et al [13] proposed a deep neural network that recovers the optimization level of different functions compiled with gcc; they show that the learned model is explicable as it learn common compiler convention.…”

Section: B Compiler Provenancementioning

confidence: 99%

Investigating Graph Embedding Neural Networks with Unsupervised Features Extraction for Binary Analysis

Massarelli¹,

Luna²,

Petroni³

et al. 2019

Proceedings 2019 Workshop on Binary Analysis Research

View full text Add to dashboard Cite

In this paper we investigate the use of graph embedding networks, with unsupervised features learning, as neural architecture to learn over binary functions. We propose several ways of automatically extract features from the control flow graph (CFG) and we use the structure2vec graph embedding techniques to translate a CFG to a vectors of real numbers. We train and test our proposed architectures on two different binary analysis tasks: binary similarity, and, compiler provenance. We show that the unsupervised extraction of features improves the accuracy on the above tasks, when compared with embedding vectors obtained from a CFG annotated with manually engineered features (i.e., ACFG proposed in [39]). We additionally compare the results of graph embedding networks based techniques with a recent architecture that do not make use of the structural information given by the CFG, and we observe similar performances. We formulate a possible explanation of this phenomenon and we conclude identifying important open challenges.

show abstract

Section: B Compiler Provenancementioning

confidence: 99%

Investigating Graph Embedding Neural Networks with Unsupervised Features Extraction for Binary Analysis

Massarelli¹,

Luna²,

Petroni³

et al. 2019

Proceedings 2019 Workshop on Binary Analysis Research

View full text Add to dashboard Cite

show abstract

“…Rahimian et al developed BinComp [25], an approach in which they analyze the syntax, structure, and semantics of disassembled functions to extract the compiler provenance. BinComp has an identification accuracy of 0.801 in 8 classes classification in their experiments.…”

Section: A Compiler Provenancementioning

confidence: 99%

“…Program binaries are often the focus of forensic investigations [25], [29], [26], covering numerous issues from copyright infringement [31] to malware analysis [3], [2]. Program binary analysis is a challenging task due to the absence of highlevel information, which is found in source code, and the myriad variations in compiler provenance.…”

Section: Introductionmentioning

confidence: 99%

o-glassesX: Compiler Provenance Recovery with Attention Mechanism from a Short Code Fragment

Otsubo¹,

Otsuka²,

Mimura³

et al. 2020

Proceedings 2020 Workshop on Binary Analysis Research

View full text Add to dashboard Cite

“…Fingerprinting binary functions can be of paramount importance in reverse engineering. Function fingerprinting has many applications including compiler identification [3], authorship analysis, clone detection, vulnerability detection, provenance analysis, malware detection, malware classification [2], etc. One benefit of function fingerprinting is tagging a suspicious binary as malicious or benign.…”

Section: Reverse Engineering and Function Fingerprintingmentioning

confidence: 99%

BinSign: Fingerprinting Binary Functions to Support Automated Analysis of Code Executables

Nouh¹,

Rahimian²,

Mouheb³

et al. 2017

ICT Systems Security and Privacy Protection

Self Cite

View full text Add to dashboard Cite

Binary code fingerprinting is a challenging problem that requires an in-depth analysis of binary components for deriving identifiable signatures. Fingerprints are useful in automating reverse engineering tasks including clone detection, library identification, authorship attribution, cyber forensics, patch analysis, malware clustering, binary auditing, etc. In this paper, we present BinSign, a binary function fingerprinting framework. The main objective of BinSign is providing an accurate and scalable solution to binary code fingerprinting by computing and matching structural and syntactic code profiles for disassemblies. We describe our methodology and evaluate its performance in several use cases, including function reuse, malware analysis, and indexing scalability. Additionally, we emphasize the scalability aspect of BinSign. We perform experiments on a database of 6 million functions. The indexing process requires an average time of 0.0072 seconds per function. We find that BinSign achieves higher accuracy compared to existing tools.

show abstract

BinComp: A stratified approach to compiler provenance Attribution

Cited by 44 publications

References 5 publications

Investigating Graph Embedding Neural Networks with Unsupervised Features Extraction for Binary Analysis

Investigating Graph Embedding Neural Networks with Unsupervised Features Extraction for Binary Analysis

o-glassesX: Compiler Provenance Recovery with Attention Mechanism from a Short Code Fragment

BinSign: Fingerprinting Binary Functions to Support Automated Analysis of Code Executables

Contact Info

Product

Resources

About