论文信息 - Identifying Reused Functions in Binary Code

Identifying Reused Functions in Binary Code

Discovering reused binary functions is crucial for many security applications, especially considering the fact that many modern malware typically contain a significant amount of functions borrowed from open-source software packages. This process will not only reduce the odds of common libraries leading to false correlations between unrelated code bases but also improve the efficiency of reverse engineering. We introduce a system for fingerprinting reused functions in binary code. More specifically, we introduce a new representation, namely, the semantic integrated graph (SIG), which integrates control flow graph, register flow graph, function-call graph, and other structural information, into a joint data structure. Such a comprehensive representation captures different semantic descriptors of common functionalities in a unified manner as graph traces of SIG graphs.

[1] Lingyu Wang,et al. OBA2: An Onion approach to Binary code Authorship Attribution , 2014, Digit. Investig..

[2] Martin Fowler,et al. Refactoring - Improving the Design of Existing Code , 1999, Addison Wesley object technology series.

[3] Konrad Rieck,et al. Modeling and Discovering Vulnerabilities with Code Property Graphs , 2014, 2014 IEEE Symposium on Security and Privacy.

[4] Mark Stamp,et al. Hunting for undetectable metamorphic viruses , 2011, Journal in Computer Virology.

[5] Bazara I. A. Barry,et al. Enhancing the Detection of Metamorphic Malware using Call Graphs , 2015 .

[6] Kaspar Riesen,et al. Exact and Inexact Graph Matching: Methodology and Applications , 2010, Managing and Mining Graph Data.

[7] Kang G. Shin,et al. Large-scale malware indexing using function-call graphs , 2009, CCS.