A Survey of Binary Code Fingerprinting Approaches: Taxonomy, Methodologies, and Features

ACM Computing Surveys (CSUR) Pub Date : 2022-01-17 DOI:10.1145/3486860

S. Alrabaee, M. Debbabi, Lingyu Wang

{"title":"A Survey of Binary Code Fingerprinting Approaches: Taxonomy, Methodologies, and Features","authors":"S. Alrabaee, M. Debbabi, Lingyu Wang","doi":"10.1145/3486860","DOIUrl":null,"url":null,"abstract":"Binary code fingerprinting is crucial in many security applications. Examples include malware detection, software infringement, vulnerability analysis, and digital forensics. It is also useful for security researchers and reverse engineers since it enables high fidelity reasoning about the binary code such as revealing the functionality, authorship, libraries used, and vulnerabilities. Numerous studies have investigated binary code with the goal of extracting fingerprints that can illuminate the semantics of a target application. However, extracting fingerprints is a challenging task since a substantial amount of significant information will be lost during compilation, notably, variable and function naming, the original data and control flow structures, comments, semantic information, and the code layout. This article provides the first systematic review of existing binary code fingerprinting approaches and the contexts in which they are used. In addition, it discusses the applications that rely on binary code fingerprints, the information that can be captured during the fingerprinting process, and the approaches used and their implementations. It also addresses limitations and open questions related to the fingerprinting process and proposes future directions.","PeriodicalId":7000,"journal":{"name":"ACM Computing Surveys (CSUR)","volume":"36 1","pages":"1 - 41"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys (CSUR)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3486860","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

Abstract

Binary code fingerprinting is crucial in many security applications. Examples include malware detection, software infringement, vulnerability analysis, and digital forensics. It is also useful for security researchers and reverse engineers since it enables high fidelity reasoning about the binary code such as revealing the functionality, authorship, libraries used, and vulnerabilities. Numerous studies have investigated binary code with the goal of extracting fingerprints that can illuminate the semantics of a target application. However, extracting fingerprints is a challenging task since a substantial amount of significant information will be lost during compilation, notably, variable and function naming, the original data and control flow structures, comments, semantic information, and the code layout. This article provides the first systematic review of existing binary code fingerprinting approaches and the contexts in which they are used. In addition, it discusses the applications that rely on binary code fingerprints, the information that can be captured during the fingerprinting process, and the approaches used and their implementations. It also addresses limitations and open questions related to the fingerprinting process and proposes future directions.

查看原文本刊更多论文

二进制码指纹识别方法综述:分类、方法和特征

二进制码指纹识别在许多安全应用中是至关重要的。示例包括恶意软件检测、软件侵权、漏洞分析和数字取证。它对安全研究人员和逆向工程师也很有用，因为它支持对二进制代码进行高保真的推理，例如揭示功能、作者、使用的库和漏洞。许多研究研究了二进制代码，目的是提取能够阐明目标应用程序语义的指纹。然而，提取指纹是一项具有挑战性的任务，因为在编译过程中会丢失大量重要信息，特别是变量和函数命名、原始数据和控制流结构、注释、语义信息和代码布局。本文首次系统地回顾了现有的二进制代码指纹识别方法及其使用环境。此外，还讨论了依赖于二进制码指纹的应用程序、指纹过程中可以捕获的信息、所使用的方法及其实现。它还解决了与指纹识别过程有关的限制和开放问题，并提出了未来的方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Computing Surveys (CSUR)

自引率

0.00%

发文量