Signature Visualization of Software Binaries
In this paper we present work on the visualization of software binaries. In particular, we utilize ROSE, an open source compiler infrastructure, to pre-process software binaries, and we apply a landscape metaphor to visualize the signature of each binary (malware). We define the signature of a binary as a metric-based layout of the functions contained in the binary. In our initial experiment, we visualize the signatures of a series of computer worms that all originate from the same line. These visualizations are useful for a number of reasons. First, the images reveal how the archetype has evolved over a series of versions of one worm. Second, one can see the distinct changes between version. This allows the viewer to form conclusions about the development cycle of a particular worm.
- Research Organization:
- Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- W-7405-ENG-48
- OSTI ID:
- 945754
- Report Number(s):
- LLNL-CONF-405088; TRN: US200903%%572
- Resource Relation:
- Conference: Presented at: ACM Int. Conf. on Software Visualization, Herrsching am Ammersee, Germany, Sep 16 - Sep 17, 2008
- Country of Publication:
- United States
- Language:
- English
Similar Records
RVA. 3-D Visualization and Analysis Software to Support Management of Oil and Gas Resources
Establishing Malware Attribution and Binary Provenance Using Multicompilation Techniques