Library Function Identification

Program binaries typically contain a significant amount of library functions taken from standard libraries or free open-source software packages. Automatically identifying such library functions not only enhances the quality and efficiency of threat analysis and reverse engineering tasks, but also improves their accuracy by avoiding false correlations between irrelevant code bases. Furthermore, such automation has a strong positive impact in other applications such as clone detection, function fingerprinting, authorship attribution, vulnerability analysis, and malware analysis.

[1]  Barton P. Miller,et al.  Labeling library functions in stripped binaries , 2011, PASTE '11.

[2]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[3]  Heng Yin,et al.  Scalable Graph-based Bug Search for Firmware Images , 2016, CCS.

[4]  Khaled Yakdan,et al.  discovRE: Efficient Cross-Architecture Identification of Bugs in Binary Code , 2016, NDSS.

[5]  M. Richman,et al.  Euclidean Distance as a Similarity Metric for Principal Component Analysis , 2001 .

[6]  Chris Eagle,et al.  The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler , 2008 .

[7]  Xiaohong Su,et al.  Using Reduced Execution Flow Graph to Identify Library Functions in Binary Code , 2016, IEEE Transactions on Software Engineering.

[8]  Christopher Krügel,et al.  Polymorphic Worm Detection Using Structural Information of Executables , 2005, RAID.

[9]  Mark Stamp,et al.  Chi-squared distance and metamorphic virus detection , 2013, Journal of Computer Virology and Hacking Techniques.

[10]  Jay L. Devore,et al.  Probability and statistics for engineering and the sciences , 1982 .

[11]  Lorenzo Livi,et al.  The graph matching problem , 2012, Pattern Analysis and Applications.

[12]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[13]  Konrad Rieck,et al.  Structural detection of android malware using embedded call graphs , 2013, AISec.

[14]  W. Dixon,et al.  BMDP statistical software , 1983 .

[15]  M. Masrom,et al.  Opcodes histogram for classifying metamorphic portable executables malware , 2012, 2012 International Conference on E-Learning and E-Technologies in Education (ICEEE).

[16]  Hisashi Kashima,et al.  A Linear-Time Graph Kernel , 2009, 2009 Ninth IEEE International Conference on Data Mining.

[17]  Somesh Jha,et al.  OmniUnpack: Fast, Generic, and Safe Unpacking of Malware , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[18]  Fuhui Long,et al.  Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy , 2003, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[19]  Benjamin C. M. Fung,et al.  Scalable code clone search for malware analysis , 2015, Digit. Investig..

[20]  Nitesh V. Chawla,et al.  Information Gain, Correlation and Support Vector Machines , 2006, Feature Extraction.

[21]  Heng Yin,et al.  Renovo: a hidden code extractor for packed executables , 2007, WORM '07.

[22]  Kang G. Shin,et al.  Large-scale malware indexing using function-call graphs , 2009, CCS.

[23]  Yong Wang,et al.  Using Model Trees for Classification , 1998, Machine Learning.