On the feasibility of binary authorship characterization. (April 2019)
- Record Type:
- Journal Article
- Title:
- On the feasibility of binary authorship characterization. (April 2019)
- Main Title:
- On the feasibility of binary authorship characterization
- Authors:
- Alrabaee, Saed
Debbabi, Mourad
Wang, Lingyu - Abstract:
- Abstract: This work aims to develop an automatic tool that can perform the laborious and error-prone reverse engineering task of binary authorship characterization, i.e., determining clues related to the author(s) of a piece of binary code. Software code written by human programmers reflects the author's educational background, level of expertise, and coding traits. Accordingly, these may be characterized by identifying meaningful features and examining them. Binary authorship characterization reveals information that can be extremely useful for security applications such as digital forensics, malware triage, and binary vulnerability tracking. This paper proposes a system, BinChar, that capture various aspects of author style, including code trait characteristics, code structure characteristics, and code behavior characteristics. For the purpose of detection, a Convolutional Neural Network (CNN) is used. The results generated by the CNN are evaluated more precisely using Bayesian calibration. We testedBinChar in identifying the characteristics of the authors of program binaries. Also, we applied it to almost 500 GB of malware samples provided by the Kaggle Microsoft Malware Classification Challenge, to demonstrate thatBinChar is an appropriate tool for characterizing malware families. As an illustration, we report a case study in which we determine the author characteristics of the Mirai botnet and compare them with the author characteristics of 360, 000 malware samples.
- Is Part Of:
- Digital investigation. Volume 28(2019)Supplement
- Journal:
- Digital investigation
- Issue:
- Volume 28(2019)Supplement
- Issue Display:
- Volume 28, Issue 2019 (2019)
- Year:
- 2019
- Volume:
- 28
- Issue:
- 2019
- Issue Sort Value:
- 2019-0028-2019-0000
- Page Start:
- S3
- Page End:
- S11
- Publication Date:
- 2019-04
- Subjects:
- Forensic sciences -- Data processing -- Periodicals
Criminal investigation -- Data processing -- Periodicals
363.250285 - Journal URLs:
- http://www.sciencedirect.com/science/journal/17422876 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.diin.2019.01.028 ↗
- Languages:
- English
- ISSNs:
- 1742-2876
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3588.396620
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 10120.xml