Authorship Attribution

Saed Alrabaee; Mourad Debbabi; Paria Shirani; Lingyu Wang; Amr Youssef; Ashkan Rahimian; Lina Nouh; Djedjiga Mouheb; He Huang; Aiman Hanna

doi:10.1007/978-3-030-34238-8_9

Authorship Attribution

Saed Alrabaee, Mourad Debbabi, Paria Shirani, Lingyu Wang, Amr Youssef, Ashkan Rahimian, Lina Nouh, Djedjiga Mouheb, He Huang, Aiman Hanna

Department of Information System and Security

Research output: Chapter in Book/Report/Conference proceeding › Chapter

2 Citations (Scopus)

Abstract

Binary authorship attribution refers to the process of discovering information related to the author(s) of anonymous binary code on the basis of stylometric characteristics extracted from the code. However, in practice, authorship attribution for binary code still requires considerable manual and error-prone reverse engineering analysis, which can be a daunting task given the sheer volume and complexity of today’s malware. In this chapter, we propose BinAuthor, a novel and the first compiler-agnostic method for identifying the authors of program binaries. Having filtered out unrelated functions (compiler and library) to detect user-related functions, it converts user-related functions into a canonical form to eliminate compiler/compilation effects. Then, it leverages a set of features based on collections of authors’ choices made during coding. These features capture an author’s programming coding habits.

Original language	English
Title of host publication	Advances in Information Security
Publisher	Springer
Pages	211-230
Number of pages	20
DOIs	https://doi.org/10.1007/978-3-030-34238-8_9
Publication status	Published - 2020

Publication series

Name	Advances in Information Security
Volume	78
ISSN (Print)	1568-2633

ASJC Scopus subject areas

Information Systems
Computer Networks and Communications

Access to Document

10.1007/978-3-030-34238-8_9

Cite this

@inbook{0283cbb0203640ce939b21db47f411b2,

title = "Authorship Attribution",

abstract = "Binary authorship attribution refers to the process of discovering information related to the author(s) of anonymous binary code on the basis of stylometric characteristics extracted from the code. However, in practice, authorship attribution for binary code still requires considerable manual and error-prone reverse engineering analysis, which can be a daunting task given the sheer volume and complexity of today{\textquoteright}s malware. In this chapter, we propose BinAuthor, a novel and the first compiler-agnostic method for identifying the authors of program binaries. Having filtered out unrelated functions (compiler and library) to detect user-related functions, it converts user-related functions into a canonical form to eliminate compiler/compilation effects. Then, it leverages a set of features based on collections of authors{\textquoteright} choices made during coding. These features capture an author{\textquoteright}s programming coding habits.",

author = "Saed Alrabaee and Mourad Debbabi and Paria Shirani and Lingyu Wang and Amr Youssef and Ashkan Rahimian and Lina Nouh and Djedjiga Mouheb and He Huang and Aiman Hanna",

note = "Publisher Copyright: {\textcopyright} 2020, Springer Nature Switzerland AG.",

year = "2020",

doi = "10.1007/978-3-030-34238-8_9",

language = "English",

series = "Advances in Information Security",

publisher = "Springer",

pages = "211--230",

booktitle = "Advances in Information Security",

}

TY - CHAP

T1 - Authorship Attribution

AU - Alrabaee, Saed

AU - Debbabi, Mourad

AU - Shirani, Paria

AU - Wang, Lingyu

AU - Youssef, Amr

AU - Rahimian, Ashkan

AU - Nouh, Lina

AU - Mouheb, Djedjiga

AU - Huang, He

AU - Hanna, Aiman

PY - 2020

Y1 - 2020

N2 - Binary authorship attribution refers to the process of discovering information related to the author(s) of anonymous binary code on the basis of stylometric characteristics extracted from the code. However, in practice, authorship attribution for binary code still requires considerable manual and error-prone reverse engineering analysis, which can be a daunting task given the sheer volume and complexity of today’s malware. In this chapter, we propose BinAuthor, a novel and the first compiler-agnostic method for identifying the authors of program binaries. Having filtered out unrelated functions (compiler and library) to detect user-related functions, it converts user-related functions into a canonical form to eliminate compiler/compilation effects. Then, it leverages a set of features based on collections of authors’ choices made during coding. These features capture an author’s programming coding habits.

AB - Binary authorship attribution refers to the process of discovering information related to the author(s) of anonymous binary code on the basis of stylometric characteristics extracted from the code. However, in practice, authorship attribution for binary code still requires considerable manual and error-prone reverse engineering analysis, which can be a daunting task given the sheer volume and complexity of today’s malware. In this chapter, we propose BinAuthor, a novel and the first compiler-agnostic method for identifying the authors of program binaries. Having filtered out unrelated functions (compiler and library) to detect user-related functions, it converts user-related functions into a canonical form to eliminate compiler/compilation effects. Then, it leverages a set of features based on collections of authors’ choices made during coding. These features capture an author’s programming coding habits.

UR - http://www.scopus.com/inward/record.url?scp=85080898175&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85080898175&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-34238-8_9

DO - 10.1007/978-3-030-34238-8_9

M3 - Chapter

AN - SCOPUS:85080898175

T3 - Advances in Information Security

SP - 211

EP - 230

BT - Advances in Information Security

PB - Springer

ER -

Authorship Attribution

Abstract

Publication series

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this