Signature visualization of software binaries

In this paper we present work on the visualization of software binaries. In particular, we utilize ROSE, an open source compiler infrastructure, to pre-process software binaries, and we apply a landscape metaphor to visualize the signature of each binary (malware). We define the signature of a binary as a metric-based layout of the functions contained in the binary. In our initial experiment, we visualize the signatures of a series of computer worms that all originate from the same line. These visualizations are useful for a number of reasons. First, the images reveal how the archetype has evolved over a series of versions of one worm. Second, one can see the distinct changes between versions. This allows the viewer to form conclusions about the development cycle of a particular worm.

[1]  Hausi A. Müller,et al.  How do program understanding tools affect how programmers understand programs? , 1997, Proceedings of the Fourth Working Conference on Reverse Engineering.

[2]  Alan F. Blackwell,et al.  Cognitive Questions in Software Visualisation , 1997 .

[3]  Hausi A. Müller,et al.  How do program understanding tools affect how programmers understand programs? , 2000, Sci. Comput. Program..

[4]  Thomas W. Reps,et al.  CodeSurfer/x86-A Platform for Analyzing x86 Executables , 2005, CC.

[5]  Richard W. Vuduc,et al.  Communicating Software Architecture using a Unified Single-View Visualization , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).