Identifying Reused Functions in Binary Code

Saed Alrabaee; Mourad Debbabi; Paria Shirani; Lingyu Wang; Amr Youssef; Ashkan Rahimian; Lina Nouh; Djedjiga Mouheb; He Huang; Aiman Hanna

doi:10.1007/978-3-030-34238-8_5

Identifying Reused Functions in Binary Code

Saed Alrabaee, Mourad Debbabi, Paria Shirani, Lingyu Wang, Amr Youssef, Ashkan Rahimian, Lina Nouh, Djedjiga Mouheb, He Huang, Aiman Hanna

Department of Information System and Security

Research output: Chapter in Book/Report/Conference proceeding › Chapter

Abstract

Discovering reused binary functions is crucial for many security applications, especially considering the fact that many modern malware typically contain a significant amount of functions borrowed from open-source software packages. This process will not only reduce the odds of common libraries leading to false correlations between unrelated code bases but also improve the efficiency of reverse engineering. We introduce a system for fingerprinting reused functions in binary code. More specifically, we introduce a new representation, namely, the semantic integrated graph (SIG), which integrates control flow graph, register flow graph, function-call graph, and other structural information, into a joint data structure. Such a comprehensive representation captures different semantic descriptors of common functionalities in a unified manner as graph traces of SIG graphs.

Original language	English
Title of host publication	Advances in Information Security
Publisher	Springer
Pages	101-122
Number of pages	22
DOIs	https://doi.org/10.1007/978-3-030-34238-8_5
Publication status	Published - 2020

Publication series

Name	Advances in Information Security
Volume	78
ISSN (Print)	1568-2633

ASJC Scopus subject areas

Information Systems
Computer Networks and Communications

Access to Document

10.1007/978-3-030-34238-8_5

Cite this

@inbook{04cfad85d33c42328110cffa66756a9e,

title = "Identifying Reused Functions in Binary Code",

abstract = "Discovering reused binary functions is crucial for many security applications, especially considering the fact that many modern malware typically contain a significant amount of functions borrowed from open-source software packages. This process will not only reduce the odds of common libraries leading to false correlations between unrelated code bases but also improve the efficiency of reverse engineering. We introduce a system for fingerprinting reused functions in binary code. More specifically, we introduce a new representation, namely, the semantic integrated graph (SIG), which integrates control flow graph, register flow graph, function-call graph, and other structural information, into a joint data structure. Such a comprehensive representation captures different semantic descriptors of common functionalities in a unified manner as graph traces of SIG graphs.",

author = "Saed Alrabaee and Mourad Debbabi and Paria Shirani and Lingyu Wang and Amr Youssef and Ashkan Rahimian and Lina Nouh and Djedjiga Mouheb and He Huang and Aiman Hanna",

note = "Publisher Copyright: {\textcopyright} 2020, Springer Nature Switzerland AG.",

year = "2020",

doi = "10.1007/978-3-030-34238-8_5",

language = "English",

series = "Advances in Information Security",

publisher = "Springer",

pages = "101--122",

booktitle = "Advances in Information Security",

}

TY - CHAP

T1 - Identifying Reused Functions in Binary Code

AU - Alrabaee, Saed

AU - Debbabi, Mourad

AU - Shirani, Paria

AU - Wang, Lingyu

AU - Youssef, Amr

AU - Rahimian, Ashkan

AU - Nouh, Lina

AU - Mouheb, Djedjiga

AU - Huang, He

AU - Hanna, Aiman

PY - 2020

Y1 - 2020

N2 - Discovering reused binary functions is crucial for many security applications, especially considering the fact that many modern malware typically contain a significant amount of functions borrowed from open-source software packages. This process will not only reduce the odds of common libraries leading to false correlations between unrelated code bases but also improve the efficiency of reverse engineering. We introduce a system for fingerprinting reused functions in binary code. More specifically, we introduce a new representation, namely, the semantic integrated graph (SIG), which integrates control flow graph, register flow graph, function-call graph, and other structural information, into a joint data structure. Such a comprehensive representation captures different semantic descriptors of common functionalities in a unified manner as graph traces of SIG graphs.

AB - Discovering reused binary functions is crucial for many security applications, especially considering the fact that many modern malware typically contain a significant amount of functions borrowed from open-source software packages. This process will not only reduce the odds of common libraries leading to false correlations between unrelated code bases but also improve the efficiency of reverse engineering. We introduce a system for fingerprinting reused functions in binary code. More specifically, we introduce a new representation, namely, the semantic integrated graph (SIG), which integrates control flow graph, register flow graph, function-call graph, and other structural information, into a joint data structure. Such a comprehensive representation captures different semantic descriptors of common functionalities in a unified manner as graph traces of SIG graphs.

UR - http://www.scopus.com/inward/record.url?scp=85080953244&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85080953244&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-34238-8_5

DO - 10.1007/978-3-030-34238-8_5

M3 - Chapter

AN - SCOPUS:85080953244

T3 - Advances in Information Security

SP - 101

EP - 122

BT - Advances in Information Security

PB - Springer

ER -

Identifying Reused Functions in Binary Code

Abstract

Publication series

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this