TY - CHAP
T1 - Introduction
AU - Alrabaee, Saed
AU - Debbabi, Mourad
AU - Shirani, Paria
AU - Wang, Lingyu
AU - Youssef, Amr
AU - Rahimian, Ashkan
AU - Nouh, Lina
AU - Mouheb, Djedjiga
AU - Huang, He
AU - Hanna, Aiman
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020
Y1 - 2020
N2 - Binary code fingerprinting is essential to many security use cases and applications; examples include reverse engineering, digital forensics, malware detection and analysis, threat and vulnerability analysis, patch analysis, and software infringement. More specifically, in the context of security, such a capability is highly required in order to analyze large amount of malware and applications in order to uncover their malicious behaviors, characterize their network footprints, and consequently derive timely, relevant, and actionable cyber intelligence that could be used for detection, prevention, mitigation, and attribution purposes. Indeed, everyday, a deluge of cyberattacks is launched against the cyber infrastructure of corporations, governmental agencies, and individuals, with unprecedented sophistication, speed, intensity, volume, inflicted damage, and audacity. Besides, the threat landscape is shifting towards more stealthy, mercurial, and targeted advanced persistent threats and attacks against industrial control systems, Internet of things (IoT) devices, social networks, software defined network (SDN) and cloud infrastructure, mobile devices and related core networks, which exacerbates even more the security challenges. These attacks emanate from a wide spectrum of perpetrators such as criminals, cyber-terrorists, and foreign intelligence/military services. The damage can be even more significant when the target involves critical infrastructure components. In this context, there is an acute desideratum towards binary code fingerprinting techniques and technologies in order to subject the aforementioned threats to an in-depth analysis and correlation to derive timely and relevant cyber threat intelligence that can enable detection, prevention, mitigation, and attribution of related cyberattacks.
AB - Binary code fingerprinting is essential to many security use cases and applications; examples include reverse engineering, digital forensics, malware detection and analysis, threat and vulnerability analysis, patch analysis, and software infringement. More specifically, in the context of security, such a capability is highly required in order to analyze large amount of malware and applications in order to uncover their malicious behaviors, characterize their network footprints, and consequently derive timely, relevant, and actionable cyber intelligence that could be used for detection, prevention, mitigation, and attribution purposes. Indeed, everyday, a deluge of cyberattacks is launched against the cyber infrastructure of corporations, governmental agencies, and individuals, with unprecedented sophistication, speed, intensity, volume, inflicted damage, and audacity. Besides, the threat landscape is shifting towards more stealthy, mercurial, and targeted advanced persistent threats and attacks against industrial control systems, Internet of things (IoT) devices, social networks, software defined network (SDN) and cloud infrastructure, mobile devices and related core networks, which exacerbates even more the security challenges. These attacks emanate from a wide spectrum of perpetrators such as criminals, cyber-terrorists, and foreign intelligence/military services. The damage can be even more significant when the target involves critical infrastructure components. In this context, there is an acute desideratum towards binary code fingerprinting techniques and technologies in order to subject the aforementioned threats to an in-depth analysis and correlation to derive timely and relevant cyber threat intelligence that can enable detection, prevention, mitigation, and attribution of related cyberattacks.
UR - http://www.scopus.com/inward/record.url?scp=85080870768&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85080870768&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-34238-8_1
DO - 10.1007/978-3-030-34238-8_1
M3 - Chapter
AN - SCOPUS:85080870768
T3 - Advances in Information Security
SP - 1
EP - 6
BT - Advances in Information Security
PB - Springer
ER -