Paper Info
Title
Binary executable file similarity calculation using function matching.
Abstract
Nowadays, computer software is an essential part in our lives and is used in various fields. While software gives us convenience, it also causes many problems. Various research efforts are needed to defend against software plagiarism, attacks using malware/software, and so on. Analysis techniques of binary executable files can be applied to investigate and defend these problems. However, it is relatively hard to analyze binary executable files without source code information, because executable files only have the information for execution and discard semantic information during the compiling process. In this paper, we proposed a similarity calculation method for binary executable files, based on function matching techniques. Attributes of a function are extracted and these attributes are used to match functions of two binary files. Our function matching process is composed of three steps: the function name matching step, the N-tuple matching step, and the final n-gram-based matching step. After the function matching process is performed, the overall similarity is calculated based on similarities of matched functions. Experimental results show that similarity accuracy of our binary-based similarity calculation method is similar to those of a well-known source-code-based method, call MOSS.
Year
DOI
Venue
2019
10.1007/s11227-016-1941-2
The Journal of Supercomputing
Keywords
Field
DocType
Malware analysis, Function matching, Binary file similarity
Data mining,Source code,Computer science,Theoretical computer science,Software,Malware analysis,Distributed computing,Binary number,Executable,Computer software,Parallel computing,Semantic information,Malware
Journal
Volume
Issue
ISSN
75
2
1573-0484
Citations 
PageRank 
References 
1
0.35
13
Authors
4
Name
Order
Citations
PageRank
Tae-Guen Kim1354.94
Yeo Reum Lee261.16
BooJoong Kang311811.55
Eul Gyu Im417524.80