Behavior specification, finding main, and call graph visualizations
Abstract
A process transforms compiled software into a semantic form. The process transforms the code into a semantic form. The process analyzes behavior functionality by processing precise programming behavior abstractions stored in a memory and classifies the code as malware based on the code behavior. Another method identifies the starting point of execution of a compiled program. The method calculates a complexity measure by calculating the number of potential execution paths of local functions; identifies the number of arguments passed to local functions; and identifies the starting point of execution of the compiled program. Another method provides interactive, dynamic visualization of a group of related functions wherein a user can explore the rendered graph and select a specific function and display functions that are color coded by their ancestral relation and their function call distance to the selected function.
- Inventors:
- Issue Date:
- Research Org.:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1502364
- Patent Number(s):
- 10198580
- Application Number:
- 15/906,831
- Assignee:
- UT-BATTELLE, LLC (Oak Ridge, TN)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
- DOE Contract Number:
- AC05-00OR22725
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 2018 Feb 27
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 97 MATHEMATICS AND COMPUTING
Citation Formats
Sayre, Kirk D., Willems, Richard A., and Lindberg, Stephen Lanse. Behavior specification, finding main, and call graph visualizations. United States: N. p., 2019.
Web.
Sayre, Kirk D., Willems, Richard A., & Lindberg, Stephen Lanse. Behavior specification, finding main, and call graph visualizations. United States.
Sayre, Kirk D., Willems, Richard A., and Lindberg, Stephen Lanse. Tue .
"Behavior specification, finding main, and call graph visualizations". United States. https://www.osti.gov/servlets/purl/1502364.
@article{osti_1502364,
title = {Behavior specification, finding main, and call graph visualizations},
author = {Sayre, Kirk D. and Willems, Richard A. and Lindberg, Stephen Lanse},
abstractNote = {A process transforms compiled software into a semantic form. The process transforms the code into a semantic form. The process analyzes behavior functionality by processing precise programming behavior abstractions stored in a memory and classifies the code as malware based on the code behavior. Another method identifies the starting point of execution of a compiled program. The method calculates a complexity measure by calculating the number of potential execution paths of local functions; identifies the number of arguments passed to local functions; and identifies the starting point of execution of the compiled program. Another method provides interactive, dynamic visualization of a group of related functions wherein a user can explore the rendered graph and select a specific function and display functions that are color coded by their ancestral relation and their function call distance to the selected function.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2019},
month = {2}
}
Works referenced in this record:
Large-scale malware indexing using function-call graphs
conference, January 2009
- Hu, Xin; Chiueh, Tzi-cker; Shin, Kang G.
- Proceedings of the 16th ACM conference on Computer and communications security - CCS '09