skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Signature Visualization of Software Binaries

Abstract

In this paper we present work on the visualization of software binaries. In particular, we utilize ROSE, an open source compiler infrastructure, to pre-process software binaries, and we apply a landscape metaphor to visualize the signature of each binary (malware). We define the signature of a binary as a metric-based layout of the functions contained in the binary. In our initial experiment, we visualize the signatures of a series of computer worms that all originate from the same line. These visualizations are useful for a number of reasons. First, the images reveal how the archetype has evolved over a series of versions of one worm. Second, one can see the distinct changes between version. This allows the viewer to form conclusions about the development cycle of a particular worm.

Authors:
Publication Date:
Research Org.:
Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
945754
Report Number(s):
LLNL-CONF-405088
TRN: US200903%%572
DOE Contract Number:  
W-7405-ENG-48
Resource Type:
Conference
Resource Relation:
Conference: Presented at: ACM Int. Conf. on Software Visualization, Herrsching am Ammersee, Germany, Sep 16 - Sep 17, 2008
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS; COMPUTER CODES; PATTERN RECOGNITION; SECURITY; COMPUTERS

Citation Formats

Panas, T. Signature Visualization of Software Binaries. United States: N. p., 2008. Web. doi:10.1145/1409720.1409749.
Panas, T. Signature Visualization of Software Binaries. United States. https://doi.org/10.1145/1409720.1409749
Panas, T. 2008. "Signature Visualization of Software Binaries". United States. https://doi.org/10.1145/1409720.1409749. https://www.osti.gov/servlets/purl/945754.
@article{osti_945754,
title = {Signature Visualization of Software Binaries},
author = {Panas, T},
abstractNote = {In this paper we present work on the visualization of software binaries. In particular, we utilize ROSE, an open source compiler infrastructure, to pre-process software binaries, and we apply a landscape metaphor to visualize the signature of each binary (malware). We define the signature of a binary as a metric-based layout of the functions contained in the binary. In our initial experiment, we visualize the signatures of a series of computer worms that all originate from the same line. These visualizations are useful for a number of reasons. First, the images reveal how the archetype has evolved over a series of versions of one worm. Second, one can see the distinct changes between version. This allows the viewer to form conclusions about the development cycle of a particular worm.},
doi = {10.1145/1409720.1409749},
url = {https://www.osti.gov/biblio/945754}, journal = {},
number = ,
volume = ,
place = {United States},
year = {2008},
month = {7}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: