BinSign: Fingerprinting Binary Functions to Support Automated Analysis of Code Executables - ICT Systems Security and Privacy Protection (SEC 2017) Access content directly
Conference Papers Year : 2017

BinSign: Fingerprinting Binary Functions to Support Automated Analysis of Code Executables

Abstract

Binary code fingerprinting is a challenging problem that requires an in-depth analysis of binary components for deriving identifiable signatures. Fingerprints are useful in automating reverse engineering tasks including clone detection, library identification, authorship attribution, cyber forensics, patch analysis, malware clustering, binary auditing, etc. In this paper, we present BinSign, a binary function fingerprinting framework. The main objective of BinSign is providing an accurate and scalable solution to binary code fingerprinting by computing and matching structural and syntactic code profiles for disassemblies. We describe our methodology and evaluate its performance in several use cases, including function reuse, malware analysis, and indexing scalability. Additionally, we emphasize the scalability aspect of BinSign. We perform experiments on a database of 6 million functions. The indexing process requires an average time of 0.0072 s per function. We find that BinSign achieves higher accuracy compared to existing tools.
Fichier principal
Vignette du fichier
449885_1_En_23_Chapter.pdf (1.11 Mo) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01648996 , version 1 (27-11-2017)

Licence

Attribution

Identifiers

Cite

Lina Nouh, Ashkan Rahimian, Djedjiga Mouheb, Mourad Debbabi, Aiman Hanna. BinSign: Fingerprinting Binary Functions to Support Automated Analysis of Code Executables. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. pp.341-355, ⟨10.1007/978-3-319-58469-0_23⟩. ⟨hal-01648996⟩
440 View
783 Download

Altmetric

Share

Gmail Facebook X LinkedIn More