This book addresses automated software fingerprinting in binary code, especially for cybersecurity applications. The reader will gain a thorough understanding of binary code analysis and several software fingerprinting techniques for cybersecurity applications, such as malware detection, vulnerability analysis, and digital forensics. More specifically, it starts with an overview of binary code analysis and its challenges, and then discusses the existing state-of-the-art approaches and their cybersecurity applications. Furthermore, it discusses and details a set of practical techniques for compiler provenance extraction, library function identification, function fingerprinting, code reuse detection, free open-source software identification, vulnerability search, and authorship attribution. It also illustrates several case studies to demonstrate the efficiency, scalability and accuracy of the above-mentioned proposed techniques and tools. This book also introduces several innovative quantitative and qualitative techniques that synergistically leverage machine learning, program analysis, and software engineering methods to solve binary code fingerprinting problems, which are highly relevant to cybersecurity and digital forensics applications. The above-mentioned techniques are cautiously designed to gain satisfactory levels of efficiency and accuracy. Researchers working in academia, industry and governmental agencies focusing on Cybersecurity will want to purchase this book. Software engineers and advanced-level students studying computer science, computer engineering and software engineering will also want to purchase this book.

This book addresses automated software fingerprinting in binary code, especially for cybersecurity applications. The reader will gain a thorough understanding of binary code analysis and several software fingerprinting techniques for cybersecurity applications, such as malware detection, vulnerability analysis, and digital forensics. More specifically, it starts with an overview of binary code analysis and its challenges, and then discusses the existing state-of-the-art approaches and their cybersecurity applications. Furthermore, it discusses and details a set of practical techniques for compiler provenance extraction, library function identification, function fingerprinting, code reuse detection, free open-source software identification, vulnerability search, and authorship attribution. It also illustrates several case studies to demonstrate the efficiency, scalability and accuracy of the above-mentioned proposed techniques and tools. This book also introduces several innovative quantitative and qualitative techniques that synergistically leverage machine learning, program analysis, and software engineering methods to solve binary code fingerprinting problems, which are highly relevant to cybersecurity and digital forensics applications. The above-mentioned techniques are cautiously designed to gain satisfactory levels of efficiency and accuracy. Researchers working in academia, industry and governmental agencies focusing on Cybersecurity will want to purchase this book. Software engineers and advanced-level students studying computer science, computer engineering and software engineering will also want to purchase this book.

Software reverse engineering is a complex process that incorporates different techniques involving static and dynamic analyses of software programs. Numerous tools are available that help reverse engineers in automating the dynamic analysis process. However, the process of static analysis remains a challenging and tedious process for reverse engineers. The static analysis process requires a great amount of manual work. Therefore, it is very demanding and time-consuming. One aspect of reverse engineering that provides reverse engineers with useful information regarding a statically analyzed piece of code is function fingerprinting. Binary code fingerprinting is a challenging problem that requires an in-depth analysis of internal binary code components for deriving identifiable and expressive signatures. Binary code fingerprints are helpful in the reverse engineering process and have various security applications such as malware variant detection, malware clustering, binary auditing, function recognition, and library identification. Moreover, binary code fingerprinting is also useful in automating some reverse engineering tasks such as clone detection, library function identification, code similarity, authorship attribution, etc. In addition, code fingerprints are valuable in cyber forensics as well as the process of patch analysis in order to identify patches or make sure that the patch complies with the security requirements.In this thesis, we propose a binary function fingerprinting and matching approach and implement a tool named BinSign based on the proposed approach that enhances and accelerates the reverse engineering process. The main objective of BinSign is to provide an accurate and scalable solution to binary code fingerprinting by computing and matching structural and syntactic code profiles for disassemblies while outperforming existing techniques. The structural profile of binary code is captured through decomposing the control-flow-graph of a function into tracelets. We describe the underlying methodology and evaluate its performance in several use cases, including function matching, function reuse, library function detection, malware analysis, and function indexing scalability. We also provide some insights into the effects of different optimization levels and obfuscation techniques on our fingerprint matching methodology. Additionally, we emphasize the scalability aspect of BinSign that is achieved through applying locality sensitive hashing, filtering techniques, and distributing the computations across several machines. The min-hashing process is combined with the banding technique of locality sensitive hashing in order to ensure a scalable and efficient fingerprint matching process. We perform our experiments on a database of 6 million functions that includes well-known libraries, malware samples, and some dynamic library files obtained from the Microsoft Windows operating system. The indexing process of fingerprints is distributed across multiple machines and it requires an average time of 0.0072 seconds per function. A comparison is also conducted with relevant existing tools, which shows that BinSign achieves a higher accuracy than these tools.

This book constitutes the refereed proceedings of the 28th Australasian Conference on Information Security and Privacy, ACISP 2023, held in Brisbane, QLD, Australia, during July 5-7, 2023. The 27 full papers presented were carefully revised and selected from 87 submissions. The papers present and discuss different aspects of symmetric-key cryptography, public-key cryptography, post-quantum cryptography, cryptographic protocols, and system security.

This book, Proceedings of the ICR ́22 International Conference on Innovations in Computing Research, provides an essential compilation of relevant and cutting-edge academic and industry work on key computer and network security, smart cities, smart energy, IoT, health informatics, biomedical imaging, data science and computer science and engineering education topics. It offers an excellent professional development resource for educators and practitioners on the state-of-the-art in these areas and contributes towards the enhancement of the community outreach and engagement component of the above-mentioned areas. Various techniques, methods, and approaches adopted by experts in these fields are introduced. This book provides detailed explanation of the concepts that are pertinently reinforced by practical examples, and a road map of future trends that are suitable for innovative computing research. It is written by professors, researchers, and industry professionals with long experience in these fields to furnish a rich collection of manuscripts in highly regarded topics that have not been creatively compiled together before. This book can be a valuable resource to university faculty, students to enhance their research work and as a supplement to their courses in these fields, researchers, and industry professionals. Furthermore, it is a valuable tool to experts in these areas to contribute towards their professional development efforts.

Why was this binary written? Which compiler was used? Which free software packages did the developer use? Which sections of the code were borrowed? Who wrote the binary? These questions are of paramount importance to security analysts and reverse engineers, and binary fingerprinting approaches may provide valuable insights that can help answer them. This thesis advances the state of the art by addressing some of the most fundamental problems in program fingerprinting for binary code, notably, reusable binary code discovery, fingerprinting free open source software packages, and authorship attribution. First, to tackle the problem of discovering reusable binary code, we employ a technique for identifying reused functions by matching traces of a novel representation of binary code known as the semantic integrated graph. This graph enhances the control flow graph, the register flow graph, and the function call graph, key concepts from classical program analysis, and merges them with other structural information to create a joint data structure. Second, we approach the problem of fingerprinting free open source software (FOSS) packages by proposing a novel resilient and efficient system that incorporates three components. The first extracts the syntactical features of functions by considering opcode frequencies and performing a hidden Markov model statistical test. The second applies a neighborhood hash graph kernel to random walks derived from control flow graphs, with the goal of extracting the semantics of the functions. The third applies the z-score to normalized instructions to extract the behavior of the instructions in a function. Then, the components are integrated using a Bayesian network model which synthesizes the results to determine the FOSS function, making it possible to detect user-related functions. Third, with these elements now in place, we present a framework capable of decoupling binary program functionality from the coding habits of authors. To capture coding habits, the framework leverages a set of features that are based on collections of functionalityindependent choices made by authors during coding. Finally, it is well known that techniques such as refactoring and code transformations can significantly alter the structure of code, even for simple programs. Applying such techniques or changing the compiler and compilation settings can significantly affect the accuracy of available binary analysis tools, which severely limits their practicability, especially when applied to malware. To address these issues, we design a technique that extracts the semantics of binary code in terms of both data and control flow. The proposed technique allows more robust binary analysis because the extracted semantics of the binary code is generally immune from code transformation, refactoring, and varying the compilers or compilation settings. Specifically, it employs data-flow analysis to extract the semantic flow of the registers as well as the semantic components of the control flow graph, which are then synthesized into a novel representation called the semantic flow graph (SFG). We evaluate the framework on large-scale datasets extracted from selected open source C++ projects on GitHub, Google Code Jam events, Planet Source Code contests, and students' programming projects and found that it outperforms existing methods in several respects. First, it is able to detect the reused functions. Second, it can identify FOSS packages in real-world projects and reused binary functions with high precision. Third, it decouples authorship from functionality so that it can be applied to real malware binaries to automatically generate evidence of similar coding habits. Fourth, compared to existing research contributions, it successfully attributes a larger number of authors with a significantly higher accuracy. Finally, the new framework is more robust than previous methods in the sense that there is no significant drop in accuracy when the code is subjected to refactoring techniques, code transformation methods, and different compilers.

This book gathers the proceedings of the International Conference on Information, Communication and Cybersecurity, held on November 10–11, 2021, in Khouribga, Morocco. The conference was jointly coorganized by The National School of Applied Sciences of Sultan Moulay Slimane University, Morocco, and Charles Darwin University, Australia. This book provides an opportunity to account for state-of-the-art works, future trends impacting information technology, communications, and cybersecurity, focusing on elucidating the challenges, opportunities, and inter-dependencies that are just around the corner. This book is helpful for students and researchers as well as practitioners. ICI2C 2021 was devoted to advances in smart information technologies, communication, and cybersecurity. It was considered a meeting point for researchers and practitioners to implement advanced information technologies into various industries. There were 159 paper submissions from 24 countries. Each submission was reviewed by at least three chairs or PC members. We accepted 54 regular papers (34\%). Unfortunately, due to limitations of conference topics and edited volumes, the Program Committee was forced to reject some interesting papers, which did not satisfy these topics or publisher requirements. We would like to thank all authors and reviewers for their work and valuable contributions. The friendly and welcoming attitude of conference supporters and contributors made this event a success!