Skip to main content
Kent Academic Repository
Simple search | Advanced search

BinSlayer: Accurate Comparison of Binary Executables

Bourquin, Martial and King, Andy and Robbins, Edward (2013) BinSlayer: Accurate Comparison of Binary Executables. In: Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop. POPL Principles of Programming Languages . ACM, New York, USA. ISBN 978-1-4503-1857-0. (doi:10.1145/2430553.2430557) (KAR id:37627)

PDF
Language: English
Download this file
(PDF/237kB)
[thumbnail of a4-bourquin.pdf]
Request a format suitable for use with assistive technology e.g. a screenreader
Official URL:
http://dx.doi.org/10.1145/2430553.2430557

Abstract

As the volume of malware inexorably rises, comparison of binary code is of increasing importance to security analysts as a method of automatically classifying new malware samples; purportedly new examples of malware are frequently a simple evolution of existing code, whose differences stem only from a need to avoid detection. This paper presents a polynomial algorithm for calculating the differences between two binaries, obtained by fusing the well-known BinDiff algorithm with the Hungarian algorithm for bi-partite graph matching. This significantly improves the matching accuracy. Additionally a meaningful metric of similarity is calculated, based on graph edit distance, from which an informed comparison of the binaries can be made. The accuracy of this method over the standard approach is demonstrated.

Item Type: Book section
DOI/Identification number: 10.1145/2430553.2430557
Subjects: Q Science > QA Mathematics (inc Computing science)
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: Andy King
Date Deposited: 15 Dec 2013 12:54 UTC
Last Modified: 05 Nov 2024 10:21 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/37627 (The current URI for this page, for reference purposes)

University of Kent Author Information

King, Andy.

Creator's ORCID: https://orcid.org/0000-0001-5806-4822
CReDIT Contributor Roles:

Robbins, Edward.

Creator's ORCID:
CReDIT Contributor Roles:
  • Depositors only (login required):
Altmetric
Download Statistics

Total unique views for this document in KAR since July 2020. For more details click on the image.

SensusAccess
Feedback