de.mpg.escidoc.pubman.appbase.FacesBean
Deutsch
 
Hilfe Wegweiser Datenschutzhinweis Impressum Kontakt
  DetailsucheBrowse

Datensatz

DATENSATZ AKTIONENEXPORT

Freigegeben

Hochschulschrift

Cross-Architecture Comparison of Binary Executables

MPG-Autoren
http://pubman.mpdl.mpg.de/cone/persons/resource/persons221523

Sanchez Bach,  Alexandro
International Max Planck Research School, MPI for Informatics, Max Planck Society;

Externe Ressourcen
Es sind keine Externen Ressourcen verfügbar
Volltexte (frei zugänglich)
Es sind keine frei zugänglichen Volltexte verfügbar
Ergänzendes Material (frei zugänglich)
Es sind keine frei zugänglichen Ergänzenden Materialien verfügbar
Zitation

Sanchez Bach, A. (2017). Cross-Architecture Comparison of Binary Executables. Master Thesis, Universität des Saarlandes, Saarbrücken.


Zitierlink: http://hdl.handle.net/21.11116/0000-0001-38DE-7
Zusammenfassung
The proliferation of IoT-devices is turning different kinds of embedded systems into another relevant target for malware developers. Consequently, recent botnets are providing clients for multiple host architectures, making the clustering of malware samples a non-trivial task. While several approaches exist for statically comparing binaries of the same architecture, there are no proposed methods to compare binaries across different architectures. Based on previous approaches for cross-architecture bug identification, we present CrossDiff, a tool to compare executable binaries compiled for ARM, MIPS, PowerPC and x86. CrossDiff detects functions in the input executables and translates their instructions into a common intermediate representation. Then, by pairwise comparing functions based on features at IR-level and analyzing module-level properties we compute a similarity score for pairs of binaries. Finally, we evaluate this approach and the stages of the pipeline on the SPEC CPU2006 dataset with a build matrix that iterates over different architectures, compilers, languages and optimization flags.