Compiler Provenance Attribution

Saed Alrabaee, Mourad Debbabi, Paria Shirani, Lingyu Wang, Amr Youssef, Ashkan Rahimian, Lina Nouh, Djedjiga Mouheb, He Huang, Aiman Hanna

Research output: Chapter in Book/Report/Conference proceedingChapter

2 Citations (Scopus)


Compiler identification is an essential component of binary toolchain analysis with a multitude of applications in reverse engineering and malware analysis. Security investigators and cyber incident responders are often tasked with the analysis and attribution of binary files obtained from malicious campaigns which need to be inspected quickly and reliably. Such binaries can be a source of intelligence on adversary tactics, techniques, and procedures. Compiler provenance information can aid binary analysis by uncovering fingerprints of the development environment and related libraries, leading to an accelerated analysis. In this chapter, we present BinComp, which provides a practical approach for analyzing the syntax, structure, and semantics of disassembled functions to extract compiler provenance.

Original languageEnglish
Title of host publicationAdvances in Information Security
Number of pages34
Publication statusPublished - 2020

Publication series

NameAdvances in Information Security
ISSN (Print)1568-2633

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications


Dive into the research topics of 'Compiler Provenance Attribution'. Together they form a unique fingerprint.

Cite this