A Survey of Binary Code Fingerprinting Approaches: Taxonomy, Methodologies, and Features-Reference-Cited by-同舟云学术

A Survey of Binary Code Fingerprinting Approaches: Taxonomy, Methodologies, and Features

Published:2022-01-17 Issue:1 Volume:55 Page:1-41
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Alrabaee Saed¹^ORCID,Debbabi Mourad²,Wang Lingyu²

Affiliation:

1. Information Systems and Security, College of IT, United Arab Emirates University, Abu Dhabii, United Arab Emirates

2. Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada

Abstract

Binary code fingerprinting is crucial in many security applications. Examples include malware detection, software infringement, vulnerability analysis, and digital forensics. It is also useful for security researchers and reverse engineers since it enables high fidelity reasoning about the binary code such as revealing the functionality, authorship, libraries used, and vulnerabilities. Numerous studies have investigated binary code with the goal of extracting fingerprints that can illuminate the semantics of a target application. However, extracting fingerprints is a challenging task since a substantial amount of significant information will be lost during compilation, notably, variable and function naming, the original data and control flow structures, comments, semantic information, and the code layout. This article provides the first systematic review of existing binary code fingerprinting approaches and the contexts in which they are used. In addition, it discusses the applications that rely on binary code fingerprints, the information that can be captured during the fingerprinting process, and the approaches used and their implementations. It also addresses limitations and open questions related to the fingerprinting process and proposes future directions.

Funder

United Arab Emirates University Start-up

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3486860

Reference209 articles.

1. WIN32/INDUSTROYER a new threat for industrial control systems.;Retrieved from https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf,2017

2. EXEINFO PE;Retrieved from http://exeinfo.atwebpages.com/,2019

3. ghidra;Retrieved from https://www.nsa.gov/resources/everyone/ghidra/,2019

4. IDA pro disassembler;Retrieved from https://www.hex-rays.com/products/ida/tech/,2019

5. ollydbg is a 32-bit assembler level analysing debugger for microsoft windows;Retrieved from http://ollydbg.de/,2019

Cited by 11 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. LibAM: An Area Matching Framework for Detecting Third-Party Libraries in Binaries;ACM Transactions on Software Engineering and Methodology;2023-12-23

2. gLTSdiff: A Generalized Framework for Structural Comparison of Software Behavior;2023 ACM/IEEE 26th International Conference on Model Driven Engineering Languages and Systems (MODELS);2023-10-01

3. Binary Function Clone Search in the Presence of Code Obfuscation and Optimization over Multi-CPU Architectures;Proceedings of the ACM Asia Conference on Computer and Communications Security;2023-07-10

4. A Survey and Evaluation of Android-Based Malware Evasion Techniques and Detection Frameworks;Information;2023-06-30

5. AI in Education: Improving Quality for Both Centralized and Decentralized Frameworks;2023 IEEE Global Engineering Education Conference (EDUCON);2023-05-01