Signature Visualization of Software Binaries
In this paper we present work on the visualization of software binaries. In particular, we utilize ROSE, an open source compiler infrastructure, to pre-process software binaries, and we apply a landscape metaphor to visualize the signature of each binary (malware). We define the signature of a binary as a metric-based layout of the functions contained in the binary. In our initial experiment, we visualize the signatures of a series of computer worms that all originate from the same line. These visualizations are useful for a number of reasons. First, the images reveal how the archetype has evolved over a series of versions of one worm. Second, one can see the distinct changes between version. This allows the viewer to form conclusions about the development cycle of a particular worm.
- Research Organization:
- Lawrence Livermore National Laboratory (LLNL), Livermore, CA
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- W-7405-ENG-48
- OSTI ID:
- 945754
- Report Number(s):
- LLNL-CONF-405088
- Country of Publication:
- United States
- Language:
- English
Similar Records
Establishing Malware Attribution and Binary Provenance Using Multicompilation Techniques
Analyzing and Visualizing Whole Program Architectures
Binary Driller
Technical Report
·
Fri Jul 28 00:00:00 EDT 2017
·
OSTI ID:1390004
Analyzing and Visualizing Whole Program Architectures
Conference
·
Thu May 10 00:00:00 EDT 2007
·
OSTI ID:909924
Binary Driller
Software
·
Mon Aug 22 20:00:00 EDT 2022
·
OSTI ID:code-93841