2011 SupervisedLearningforProvenance
- (Chaki et al., 2011) ⇒ Sagar Chaki, Cory Cohen, and Arie Gurfinkel. (2011). “Supervised Learning for Provenance-similarity of Binaries.” In: Proceedings of the 17th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD-2011) Journal. ISBN:978-1-4503-0813-7 doi:10.1145/2020408.2020419
Subject Headings:
Notes
Cited By
- http://scholar.google.com/scholar?q=%222011%22+Supervised+Learning+for+Provenance-similarity+of+Binaries
- http://dl.acm.org/citation.cfm?id=2020408.2020419&preflayout=flat#citedby
Quotes
Author Keywords
- Algorithms; binary similarity; classification; measurement; restructuring, reverse engineering, and reengineering; security; software provenance
Abstract
Understanding, measuring, and leveraging the similarity of binaries (executable code) is a foundational challenge in software engineering. We present a notion of similarity based on provenance -- two binaries are similar if they are compiled from the same (or very similar) source code with the same (or similar) compilers. Empirical evidence suggests that provenance-similarity accounts for a significant portion of variation in existing binaries, particularly in malware. We propose and evaluate the applicability of classification to detect provenance-similarity. We evaluate a variety of classifiers, and different types of attributes and similarity labeling schemes, on two benchmarks derived from open-source software and malware respectively. We present encouraging results indicating that classification is a viable approach for automated provenance-similarity detection, and as an aid for malware analysts in particular.
References
;
| Author | volume | Date Value | title | type | journal | titleUrl | doi | note | year | |
|---|---|---|---|---|---|---|---|---|---|---|
| 2011 SupervisedLearningforProvenance | Sagar Chaki Cory Cohen Arie Gurfinkel | Supervised Learning for Provenance-similarity of Binaries | 10.1145/2020408.2020419 | 2011 |