Affiliation:
1. Information Systems and Security, College of IT, United Arab Emirates University, Abu Dhabii, United Arab Emirates
2. Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada
Abstract
Binary code fingerprinting is crucial in many security applications. Examples include malware detection, software infringement, vulnerability analysis, and digital forensics. It is also useful for security researchers and reverse engineers since it enables high fidelity reasoning about the binary code such as revealing the functionality, authorship, libraries used, and vulnerabilities. Numerous studies have investigated binary code with the goal of extracting fingerprints that can illuminate the semantics of a target application. However, extracting fingerprints is a challenging task since a substantial amount of significant information will be lost during compilation, notably, variable and function naming, the original data and control flow structures, comments, semantic information, and the code layout. This article provides the first systematic review of existing binary code fingerprinting approaches and the contexts in which they are used. In addition, it discusses the applications that rely on binary code fingerprints, the information that can be captured during the fingerprinting process, and the approaches used and their implementations. It also addresses limitations and open questions related to the fingerprinting process and proposes future directions.
Funder
United Arab Emirates University Start-up
Publisher
Association for Computing Machinery (ACM)
Subject
General Computer Science,Theoretical Computer Science
Reference209 articles.
1. WIN32/INDUSTROYER a new threat for industrial control systems.;Retrieved from https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf,2017
2. EXEINFO PE;Retrieved from http://exeinfo.atwebpages.com/,2019
3. ghidra;Retrieved from https://www.nsa.gov/resources/everyone/ghidra/,2019
4. IDA pro disassembler;Retrieved from https://www.hex-rays.com/products/ida/tech/,2019
5. ollydbg is a 32-bit assembler level analysing debugger for microsoft windows;Retrieved from http://ollydbg.de/,2019
Cited by
11 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献