Loading…

Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations

License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production o...

Full description

Saved in:
Bibliographic Details
Published in:Computer journal 2016-01, Vol.59 (1), p.bxv076
Main Authors: Radivojevic, Zaharije, Cvetanovic, Milos, Stojanovic, Sasa
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites cdi_FETCH-LOGICAL-c151t-bfff6879b2ee5da852f666daff484abbe2dabcadf1c963b13fde9cebe512de3a3
container_end_page
container_issue 1
container_start_page bxv076
container_title Computer journal
container_volume 59
creator Radivojevic, Zaharije
Cvetanovic, Milos
Stojanovic, Sasa
description License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production of a binary code using an arbitrary compiler decreases results of the evaluated solutions up to 10 times. The best performing solution, among those evaluated, uses software metrics for assessing similarities between procedures and ranks procedures from the binary code according to their similarities with the target forensics procedure. This paper tries to improve the ranking by proposing five techniques for making similarities assessment more robust against compiler transformations. The proposed techniques filter stack instructions and transfer instructions, retain partial information about the instruction order, simulate inlining, and eliminate procedures that significantly differ from the searched procedure. The techniques are evaluated using a dataset based on the STAMP benchmark and re-evaluated using a dataset based on the BusyBox toolset. The evaluation shows that the use of the proposed techniques increases recall by 47 and 42% for the first and second datasets, respectively.
doi_str_mv 10.1093/comjnl/bxv076
format article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_1760844565</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3935299711</sourcerecordid><originalsourceid>FETCH-LOGICAL-c151t-bfff6879b2ee5da852f666daff484abbe2dabcadf1c963b13fde9cebe512de3a3</originalsourceid><addsrcrecordid>eNotkEtPwzAQhC0EEqVw5G6Jc-g6DyfhVqrykCqBRDhwivxYg6vGLnZawb8nUTjNYUazOx8h1wxuGdTZQvlu63YL-XOEkp-QGcs5JCnw8pTMABgkOU_hnFzEuAWAFGo-Ix8r3-1FsNE76g29t06EX_oavEJ9CBjv6JK-YT96DaovZ78PGKnxga6PQlv3SccCu8NAmyBcHJxO9Na7eEnOjNhFvPrXOXl_WDerp2Tz8vi8Wm4SxQrWJ9IYw6uylilioUVVpIZzroUxeZULKTHVQiqhDVM1zyTLjMZaocSCpRozkc3JzdS7D358rm-3_hDccLJlJYcqzwteDKlkSqngYwxo2n2w3bC1ZdCO9NqJXjvRy_4Alnxnqg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1760844565</pqid></control><display><type>article</type><title>Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations</title><source>Oxford Journals Online</source><creator>Radivojevic, Zaharije ; Cvetanovic, Milos ; Stojanovic, Sasa</creator><creatorcontrib>Radivojevic, Zaharije ; Cvetanovic, Milos ; Stojanovic, Sasa</creatorcontrib><description>License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production of a binary code using an arbitrary compiler decreases results of the evaluated solutions up to 10 times. The best performing solution, among those evaluated, uses software metrics for assessing similarities between procedures and ranks procedures from the binary code according to their similarities with the target forensics procedure. This paper tries to improve the ranking by proposing five techniques for making similarities assessment more robust against compiler transformations. The proposed techniques filter stack instructions and transfer instructions, retain partial information about the instruction order, simulate inlining, and eliminate procedures that significantly differ from the searched procedure. The techniques are evaluated using a dataset based on the STAMP benchmark and re-evaluated using a dataset based on the BusyBox toolset. The evaluation shows that the use of the proposed techniques increases recall by 47 and 42% for the first and second datasets, respectively.</description><identifier>ISSN: 0010-4620</identifier><identifier>EISSN: 1460-2067</identifier><identifier>DOI: 10.1093/comjnl/bxv076</identifier><identifier>CODEN: CMPJAG</identifier><language>eng</language><publisher>Oxford: Oxford Publishing Limited (England)</publisher><subject>Codes ; Comparative analysis ; Forensic sciences ; Simulation ; Software</subject><ispartof>Computer journal, 2016-01, Vol.59 (1), p.bxv076</ispartof><rights>Copyright Oxford Publishing Limited(England) Jan 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c151t-bfff6879b2ee5da852f666daff484abbe2dabcadf1c963b13fde9cebe512de3a3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>Radivojevic, Zaharije</creatorcontrib><creatorcontrib>Cvetanovic, Milos</creatorcontrib><creatorcontrib>Stojanovic, Sasa</creatorcontrib><title>Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations</title><title>Computer journal</title><description>License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production of a binary code using an arbitrary compiler decreases results of the evaluated solutions up to 10 times. The best performing solution, among those evaluated, uses software metrics for assessing similarities between procedures and ranks procedures from the binary code according to their similarities with the target forensics procedure. This paper tries to improve the ranking by proposing five techniques for making similarities assessment more robust against compiler transformations. The proposed techniques filter stack instructions and transfer instructions, retain partial information about the instruction order, simulate inlining, and eliminate procedures that significantly differ from the searched procedure. The techniques are evaluated using a dataset based on the STAMP benchmark and re-evaluated using a dataset based on the BusyBox toolset. The evaluation shows that the use of the proposed techniques increases recall by 47 and 42% for the first and second datasets, respectively.</description><subject>Codes</subject><subject>Comparative analysis</subject><subject>Forensic sciences</subject><subject>Simulation</subject><subject>Software</subject><issn>0010-4620</issn><issn>1460-2067</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><recordid>eNotkEtPwzAQhC0EEqVw5G6Jc-g6DyfhVqrykCqBRDhwivxYg6vGLnZawb8nUTjNYUazOx8h1wxuGdTZQvlu63YL-XOEkp-QGcs5JCnw8pTMABgkOU_hnFzEuAWAFGo-Ix8r3-1FsNE76g29t06EX_oavEJ9CBjv6JK-YT96DaovZ78PGKnxga6PQlv3SccCu8NAmyBcHJxO9Na7eEnOjNhFvPrXOXl_WDerp2Tz8vi8Wm4SxQrWJ9IYw6uylilioUVVpIZzroUxeZULKTHVQiqhDVM1zyTLjMZaocSCpRozkc3JzdS7D358rm-3_hDccLJlJYcqzwteDKlkSqngYwxo2n2w3bC1ZdCO9NqJXjvRy_4Alnxnqg</recordid><startdate>20160101</startdate><enddate>20160101</enddate><creator>Radivojevic, Zaharije</creator><creator>Cvetanovic, Milos</creator><creator>Stojanovic, Sasa</creator><general>Oxford Publishing Limited (England)</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>F28</scope><scope>FR3</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20160101</creationdate><title>Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations</title><author>Radivojevic, Zaharije ; Cvetanovic, Milos ; Stojanovic, Sasa</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c151t-bfff6879b2ee5da852f666daff484abbe2dabcadf1c963b13fde9cebe512de3a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Codes</topic><topic>Comparative analysis</topic><topic>Forensic sciences</topic><topic>Simulation</topic><topic>Software</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Radivojevic, Zaharije</creatorcontrib><creatorcontrib>Cvetanovic, Milos</creatorcontrib><creatorcontrib>Stojanovic, Sasa</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ANTE: Abstracts in New Technology &amp; Engineering</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer journal</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Radivojevic, Zaharije</au><au>Cvetanovic, Milos</au><au>Stojanovic, Sasa</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations</atitle><jtitle>Computer journal</jtitle><date>2016-01-01</date><risdate>2016</risdate><volume>59</volume><issue>1</issue><spage>bxv076</spage><pages>bxv076-</pages><issn>0010-4620</issn><eissn>1460-2067</eissn><coden>CMPJAG</coden><abstract>License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production of a binary code using an arbitrary compiler decreases results of the evaluated solutions up to 10 times. The best performing solution, among those evaluated, uses software metrics for assessing similarities between procedures and ranks procedures from the binary code according to their similarities with the target forensics procedure. This paper tries to improve the ranking by proposing five techniques for making similarities assessment more robust against compiler transformations. The proposed techniques filter stack instructions and transfer instructions, retain partial information about the instruction order, simulate inlining, and eliminate procedures that significantly differ from the searched procedure. The techniques are evaluated using a dataset based on the STAMP benchmark and re-evaluated using a dataset based on the BusyBox toolset. The evaluation shows that the use of the proposed techniques increases recall by 47 and 42% for the first and second datasets, respectively.</abstract><cop>Oxford</cop><pub>Oxford Publishing Limited (England)</pub><doi>10.1093/comjnl/bxv076</doi></addata></record>
fulltext fulltext
identifier ISSN: 0010-4620
ispartof Computer journal, 2016-01, Vol.59 (1), p.bxv076
issn 0010-4620
1460-2067
language eng
recordid cdi_proquest_journals_1760844565
source Oxford Journals Online
subjects Codes
Comparative analysis
Forensic sciences
Simulation
Software
title Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T14%3A28%3A40IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Comparison%20of%20Binary%20Procedures:%20A%20Set%20of%20Techniques%20for%20Evading%20Compiler%20Transformations&rft.jtitle=Computer%20journal&rft.au=Radivojevic,%20Zaharije&rft.date=2016-01-01&rft.volume=59&rft.issue=1&rft.spage=bxv076&rft.pages=bxv076-&rft.issn=0010-4620&rft.eissn=1460-2067&rft.coden=CMPJAG&rft_id=info:doi/10.1093/comjnl/bxv076&rft_dat=%3Cproquest_cross%3E3935299711%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c151t-bfff6879b2ee5da852f666daff484abbe2dabcadf1c963b13fde9cebe512de3a3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1760844565&rft_id=info:pmid/&rfr_iscdi=true