skip to main content
DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Behavior specification, finding main, and call graph visualizations

Abstract

A process transforms compiled software into a semantic form. The process transforms the code into a semantic form. The process analyzes behavior functionality by processing precise programming behavior abstractions stored in a memory and classifies the code as malware based on the code behavior. Another method identifies the starting point of execution of a compiled program. The method calculates a complexity measure by calculating the number of potential execution paths of local functions; identifies the number of arguments passed to local functions; and identifies the starting point of execution of the compiled program. Another method provides interactive, dynamic visualization of a group of related functions wherein a user can explore the rendered graph and select a specific function and display functions that are color coded by their ancestral relation and their function call distance to the selected function.

Inventors:
; ;
Issue Date:
Research Org.:
Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1502364
Patent Number(s):
10,198,580
Application Number:
15/906,831
Assignee:
UT-BATTELLE, LLC (Oak Ridge, TN)
DOE Contract Number:  
AC05-00OR22725
Resource Type:
Patent
Resource Relation:
Patent File Date: 2018 Feb 27
Country of Publication:
United States
Language:
English
Subject:
97 MATHEMATICS AND COMPUTING

Citation Formats

Sayre, Kirk D., Willems, Richard A., and Lindberg, Stephen Lanse. Behavior specification, finding main, and call graph visualizations. United States: N. p., 2019. Web.
Sayre, Kirk D., Willems, Richard A., & Lindberg, Stephen Lanse. Behavior specification, finding main, and call graph visualizations. United States.
Sayre, Kirk D., Willems, Richard A., and Lindberg, Stephen Lanse. Tue . "Behavior specification, finding main, and call graph visualizations". United States. https://www.osti.gov/servlets/purl/1502364.
@article{osti_1502364,
title = {Behavior specification, finding main, and call graph visualizations},
author = {Sayre, Kirk D. and Willems, Richard A. and Lindberg, Stephen Lanse},
abstractNote = {A process transforms compiled software into a semantic form. The process transforms the code into a semantic form. The process analyzes behavior functionality by processing precise programming behavior abstractions stored in a memory and classifies the code as malware based on the code behavior. Another method identifies the starting point of execution of a compiled program. The method calculates a complexity measure by calculating the number of potential execution paths of local functions; identifies the number of arguments passed to local functions; and identifies the starting point of execution of the compiled program. Another method provides interactive, dynamic visualization of a group of related functions wherein a user can explore the rendered graph and select a specific function and display functions that are color coded by their ancestral relation and their function call distance to the selected function.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2019},
month = {2}
}

Patent:

Save / Share:

Works referenced in this record:

Large-scale malware indexing using function-call graphs
conference, January 2009

  • Hu, Xin; Chiueh, Tzi-cker; Shin, Kang G.
  • Proceedings of the 16th ACM conference on Computer and communications security - CCS '09
  • DOI: 10.1145/1653662.1653736