de.mpg.escidoc.pubman.appbase.FacesBean
English
 
Help Guide Privacy Policy Disclaimer Contact us
  Advanced SearchBrowse

Item

ITEM ACTIONSEXPORT

Released

Thesis

Cross-Architecture Comparison of Binary Executables

MPS-Authors
http://pubman.mpdl.mpg.de/cone/persons/resource/persons221523

Sanchez Bach,  Alexandro
International Max Planck Research School, MPI for Informatics, Max Planck Society;

Locator
There are no locators available
Fulltext (public)
There are no public fulltexts available
Supplementary Material (public)
There is no public supplementary material available
Citation

Sanchez Bach, A. (2017). Cross-Architecture Comparison of Binary Executables. Master Thesis, Universität des Saarlandes, Saarbrücken.


Cite as: http://hdl.handle.net/21.11116/0000-0001-38DE-7
Abstract
The proliferation of IoT-devices is turning different kinds of embedded systems into another relevant target for malware developers. Consequently, recent botnets are providing clients for multiple host architectures, making the clustering of malware samples a non-trivial task. While several approaches exist for statically comparing binaries of the same architecture, there are no proposed methods to compare binaries across different architectures. Based on previous approaches for cross-architecture bug identification, we present CrossDiff, a tool to compare executable binaries compiled for ARM, MIPS, PowerPC and x86. CrossDiff detects functions in the input executables and translates their instructions into a common intermediate representation. Then, by pairwise comparing functions based on features at IR-level and analyzing module-level properties we compute a similarity score for pairs of binaries. Finally, we evaluate this approach and the stages of the pipeline on the SPEC CPU2006 dataset with a build matrix that iterates over different architectures, compilers, languages and optimization flags.