Signature Visualization of Software Binaries

Panas, T

doi:10.1145/1409720.1409749

Title: Signature Visualization of Software Binaries

Full Record
Other Related Research

Abstract

In this paper we present work on the visualization of software binaries. In particular, we utilize ROSE, an open source compiler infrastructure, to pre-process software binaries, and we apply a landscape metaphor to visualize the signature of each binary (malware). We define the signature of a binary as a metric-based layout of the functions contained in the binary. In our initial experiment, we visualize the signatures of a series of computer worms that all originate from the same line. These visualizations are useful for a number of reasons. First, the images reveal how the archetype has evolved over a series of versions of one worm. Second, one can see the distinct changes between version. This allows the viewer to form conclusions about the development cycle of a particular worm.

Authors:: Panas, T

Publication Date:: 2008-07-01

Research Org.:: Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 945754

Report Number(s):: LLNL-CONF-405088
TRN: US200903%%572

DOE Contract Number:: W-7405-ENG-48

Resource Type:: Conference

Resource Relation:: Conference: Presented at: ACM Int. Conf. on Software Visualization, Herrsching am Ammersee, Germany, Sep 16 - Sep 17, 2008

Country of Publication:: United States

Language:: English

Subject:: 99 GENERAL AND MISCELLANEOUS; COMPUTER CODES; PATTERN RECOGNITION; SECURITY; COMPUTERS

Citation Formats


                    Panas, T. Signature Visualization of Software Binaries.  United States: N. p., 2008. 
        Web.  doi:10.1145/1409720.1409749.

Copy to clipboard


                    Panas, T. Signature Visualization of Software Binaries.  United States.  https://doi.org/10.1145/1409720.1409749

Copy to clipboard


                    Panas, T. 2008.  
        "Signature Visualization of Software Binaries".  United States.  https://doi.org/10.1145/1409720.1409749.  https://www.osti.gov/servlets/purl/945754.

Copy to clipboard


                    
@article{osti_945754,

  title        = {Signature Visualization of Software Binaries},

  author       = {Panas, T},

  abstractNote = {In this paper we present work on the visualization of software binaries. In particular, we utilize ROSE, an open source compiler infrastructure, to pre-process software binaries, and we apply a landscape metaphor to visualize the signature of each binary (malware). We define the signature of a binary as a metric-based layout of the functions contained in the binary. In our initial experiment, we visualize the signatures of a series of computer worms that all originate from the same line. These visualizations are useful for a number of reasons. First, the images reveal how the archetype has evolved over a series of versions of one worm. Second, one can see the distinct changes between version. This allows the viewer to form conclusions about the development cycle of a particular worm.},

  doi          = {10.1145/1409720.1409749},

  url          = {https://www.osti.gov/biblio/945754},
  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2008},

  month        = {7}

}

Copy to clipboard

Conference:

View Conference (1.28 MB)

https://doi.org/10.1145/1409720.1409749

Other availability

Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:

Export Metadata

Save to My Library

Similar records in OSTI.GOV collections:

Analyzing and Visualizing Whole Program Architectures

Conference Panas, T; Quinlan, D; Vuduc, R

This paper describes our work to develop new tool support for analyzing and visualizing the architecture of complete large-scale (millions or more lines of code) programs. Our approach consists of (i) creating a compact, accurate representation of a whole C or C++ program, (ii) analyzing the program in this representation, and (iii) visualizing the analysis results with respect to the program's architecture. We have implemented our approach by extending and combining a compiler infrastructure and a program visualization tool, and we believe our work will be of broad interest to those engaged in a variety of program understanding and transformationmore »« less
Full Text Available
RVA. 3-D Visualization and Analysis Software to Support Management of Oil and Gas Resources

Technical Report Keefer, Donald; Shaffer, Eric; Storsved, Brynne; ...

A free software application, RVA, has been developed as a plugin to the US DOE-funded ParaView visualization package, to provide support in the visualization and analysis of complex reservoirs being managed using multi-fluid EOR techniques. RVA, for Reservoir Visualization and Analysis, was developed as an open-source plugin to the 64 bit Windows version of ParaView 3.14. RVA was developed at the University of Illinois at Urbana-Champaign, with contributions from the Illinois State Geological Survey, Department of Computer Science and National Center for Supercomputing Applications. RVA was designed to utilize and enhance the state-of-the-art visualization capabilities within ParaView, readily allowing jointmore »« less
https://doi.org/10.2172/1238338

Full Text Available
Establishing Malware Attribution and Binary Provenance Using Multicompilation Techniques

Technical Report Ramshaw, M.

Malware is a serious problem for computer systems and costs businesses and customers billions of dollars a year in addition to compromising their private information. Detecting malware is particularly difficult because malware source code can be compiled in many different ways and generate many different digital signatures, which causes problems for most anti-malware programs that rely on static signature detection. Our project uses a convolutional neural network to identify malware programs but these require large amounts of data to be effective. Towards that end, we gather thousands of source code files from publicly available programming contest sites and compile themmore »« less
https://doi.org/10.2172/1390004

Full Text Available
Strengthening Software Authentication with the ROSE Software Suite

Conference White, G

Many recent nonproliferation and arms control software projects include a software authentication regime. These include U.S. Government-sponsored projects both in the United States and in the Russian Federation (RF). This trend toward requiring software authentication is only accelerating. Demonstrating assurance that software performs as expected without hidden ''backdoors'' is crucial to a project's success. In this context, ''authentication'' is defined as determining that a software package performs only its intended purpose and performs said purpose correctly and reliably over the planned duration of an agreement. In addition to visual inspections by knowledgeable computer scientists, automated tools are needed to highlightmore »« less
Full Text Available
Tools for Authentication

Conference White, G

Many recent Non-proliferation and Arms Control software projects include a software authentication component. In this context, 'authentication' is defined as determining that a software package performs only its intended purpose and performs that purpose correctly and reliably over many years. In addition to visual inspection by knowledgeable computer scientists, automated tools are needed to highlight suspicious code constructs both to aid the visual inspection and to guide program development. While many commercial tools are available for portions of the authentication task, they are proprietary, and have limited extensibility. An open-source, extensible tool can be customized to the unique needs ofmore »« less
Full Text Available

Similar Records