On callgraphs and generative mechanisms

This paper examines the structural features of callgraphs. The sample consisted of 120 malicious and 280 non-malicious executables. Pareto models were fitted to indegree, outdegree and basic block count distribution, and a statistically significant difference shown for the derived power law exponent. A two-step optimization process involving human designers and code compilers is proposed to account for these structural features of executables.

[1]  Ralph E. Johnson,et al.  Design Patterns: Abstraction and Reuse of Object-Oriented Design , 1993, ECOOP.

[2]  Zhaozhi Fan,et al.  Estimation problems for distributions with heavy tails , 2004 .

[3]  Peter Szor,et al.  HUNTING FOR METAMORPHIC , 2001 .

[4]  Donald E. Knuth,et al.  Big Omicron and big Omega and big Theta , 1976, SIGA.

[5]  Thomas Dullien,et al.  Graph-based comparison of Executable Objects , 2005 .

[6]  Mark E. J. Newman,et al.  The Structure and Function of Complex Networks , 2003, SIAM Rev..

[7]  Ed Skoudis,et al.  Malware: Fighting Malicious Code , 2003 .

[8]  P MillerBarton,et al.  An empirical study of the robustness of MacOS applications using random testing , 2007 .

[9]  J Doyle,et al.  Highly optimized tolerance and power laws in dense and sparse resource regimes. , 2005, Physical review. E, Statistical, nonlinear, and soft matter physics.

[10]  J. Kirchner Statistical inevitability of Horton's laws and the apparent randomness of stream channel networks , 1993 .

[11]  Crispan Cowan,et al.  StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks , 1998, USENIX Security Symposium.

[12]  Daniel Bilar,et al.  FINGERPRINTING MALICIOUS CODE THROUGH STATISTICAL OPCODE ANALYSIS , 2007 .

[13]  James Noble,et al.  Scale-free geometry in OO programs , 2005, CACM.

[14]  Yuting Zhang,et al.  Adversarial exploits of end-systems adaptation dynamics , 2007, J. Parallel Distributed Comput..

[15]  S. Low,et al.  The "robust yet fragile" nature of the Internet. , 2005, Proceedings of the National Academy of Sciences of the United States of America.

[16]  Steven Alexander,et al.  Defeating Compiler-level Buffer Overflow Protection , 2005, Login: The Usenix Magazine.

[17]  Mark E. J. Newman,et al.  Structure and Dynamics of Networks , 2009 .

[18]  Christopher Jarzynski,et al.  Into the Cool: Energy Flow, Thermodynamics, and Life , 2006 .

[19]  Ivar Ekeland The Best of All Possible Worlds: Mathematics and Destiny , 2006 .

[20]  Walter Willinger,et al.  A first-principles approach to understanding the internet's router-level topology , 2004, SIGCOMM 2004.

[21]  R E Thiers,et al.  Statistical evaluation of method-comparison data. , 1975, Clinical chemistry.

[22]  Alexander Chatzigeorgiou,et al.  Application of graph theory to OO software engineering , 2006, WISER '06.

[23]  Walter Willinger,et al.  More "normal" than normal: scaling distributions and complex systems , 2004, Proceedings of the 2004 Winter Simulation Conference, 2004..

[24]  S. Shen-Orr,et al.  Network motifs: simple building blocks of complex networks. , 2002, Science.

[25]  Peter M. W. Knijnenburg,et al.  Optimizing general purpose compiler optimization , 2005, CF '05.

[26]  Vitaly Osipov,et al.  Buffer Overflow Attacks , 2005 .

[27]  Michael Mitzenmacher,et al.  Dynamic Models for File Sizes and Double Pareto Distributions , 2004, Internet Math..

[28]  James A. Whittaker,et al.  How to Break Software Security , 2003 .

[29]  Michel L. Goldstein,et al.  Problems with fitting to the power-law distribution , 2004, cond-mat/0402322.

[30]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[31]  Mina Guirguis,et al.  Reduction of Quality (RoQ) Attacks on Dynamic Load Balancers: Vulnerability Assessment and Design Tradeoffs , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[32]  Christopher R. Myers,et al.  Software systems as complex networks: structure, function, and evolvability of software collaboration graphs , 2003, Physical review. E, Statistical, nonlinear, and soft matter physics.

[33]  Doyle,et al.  Power laws, highly optimized tolerance, and generalized source coding , 2000, Physical review letters.

[34]  M. Newman Power laws, Pareto distributions and Zipf's law , 2005 .

[35]  J M Carlson,et al.  Highly optimized tolerance: a mechanism for power laws in designed systems. , 1999, Physical review. E, Statistical physics, plasmas, fluids, and related interdisciplinary topics.

[36]  Peter Szor,et al.  The Art of Computer Virus Research and Defense , 2005 .

[37]  Michael Schatz,et al.  A toolkit for detecting and analyzing malicious software , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[38]  R. Ferrer i Cancho,et al.  Scale-free networks from optimal design , 2002, cond-mat/0204344.

[39]  Natasa Przulj,et al.  Biological network comparison using graphlet degree distribution , 2007, Bioinform..

[40]  Lada A. Adamic,et al.  Zipf's law and the Internet , 2002, Glottometrics.

[41]  Duncan J. Watts,et al.  The Structure and Dynamics of Networks: (Princeton Studies in Complexity) , 2006 .

[42]  John Stuart Lakos,et al.  Large-Scale C++ Software Design , 1996 .

[43]  John Doyle,et al.  Complexity and robustness , 2001, Proceedings of the National Academy of Sciences of the United States of America.

[44]  Ke Wang,et al.  Fileprints: identifying file types by n-gram analysis , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[45]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[46]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[47]  Ricard V. Solé,et al.  Logarithmic growth dynamics in software networks , 2005, ArXiv.

[48]  W. Stahel,et al.  Log-normal Distributions across the Sciences: Keys and Clues , 2001 .

[49]  S. Resnick Heavy tail modeling and teletraffic data: special invited paper , 1997 .

[50]  Reka Albert,et al.  Mean-field theory for scale-free random networks , 1999 .

[51]  Eric Filiol,et al.  Metamorphism, Formal Grammars and Undecidable Code Mutation , 2007 .

[52]  Barton P. Miller,et al.  An empirical study of the robustness of MacOS applications using random testing , 2006, RT '06.

[53]  Christopher Krügel,et al.  Polymorphic Worm Detection Using Structural Information of Executables , 2005, RAID.