Loading…
Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations
License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production o...
Saved in:
Published in: | Computer journal 2016-01, Vol.59 (1), p.bxv076 |
---|---|
Main Authors: | , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites |
Online Access: | Get full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
cited_by | |
---|---|
cites | cdi_FETCH-LOGICAL-c151t-bfff6879b2ee5da852f666daff484abbe2dabcadf1c963b13fde9cebe512de3a3 |
container_end_page | |
container_issue | 1 |
container_start_page | bxv076 |
container_title | Computer journal |
container_volume | 59 |
creator | Radivojevic, Zaharije Cvetanovic, Milos Stojanovic, Sasa |
description | License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production of a binary code using an arbitrary compiler decreases results of the evaluated solutions up to 10 times. The best performing solution, among those evaluated, uses software metrics for assessing similarities between procedures and ranks procedures from the binary code according to their similarities with the target forensics procedure. This paper tries to improve the ranking by proposing five techniques for making similarities assessment more robust against compiler transformations. The proposed techniques filter stack instructions and transfer instructions, retain partial information about the instruction order, simulate inlining, and eliminate procedures that significantly differ from the searched procedure. The techniques are evaluated using a dataset based on the STAMP benchmark and re-evaluated using a dataset based on the BusyBox toolset. The evaluation shows that the use of the proposed techniques increases recall by 47 and 42% for the first and second datasets, respectively. |
doi_str_mv | 10.1093/comjnl/bxv076 |
format | article |
fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_1760844565</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3935299711</sourcerecordid><originalsourceid>FETCH-LOGICAL-c151t-bfff6879b2ee5da852f666daff484abbe2dabcadf1c963b13fde9cebe512de3a3</originalsourceid><addsrcrecordid>eNotkEtPwzAQhC0EEqVw5G6Jc-g6DyfhVqrykCqBRDhwivxYg6vGLnZawb8nUTjNYUazOx8h1wxuGdTZQvlu63YL-XOEkp-QGcs5JCnw8pTMABgkOU_hnFzEuAWAFGo-Ix8r3-1FsNE76g29t06EX_oavEJ9CBjv6JK-YT96DaovZ78PGKnxga6PQlv3SccCu8NAmyBcHJxO9Na7eEnOjNhFvPrXOXl_WDerp2Tz8vi8Wm4SxQrWJ9IYw6uylilioUVVpIZzroUxeZULKTHVQiqhDVM1zyTLjMZaocSCpRozkc3JzdS7D358rm-3_hDccLJlJYcqzwteDKlkSqngYwxo2n2w3bC1ZdCO9NqJXjvRy_4Alnxnqg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1760844565</pqid></control><display><type>article</type><title>Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations</title><source>Oxford Journals Online</source><creator>Radivojevic, Zaharije ; Cvetanovic, Milos ; Stojanovic, Sasa</creator><creatorcontrib>Radivojevic, Zaharije ; Cvetanovic, Milos ; Stojanovic, Sasa</creatorcontrib><description>License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production of a binary code using an arbitrary compiler decreases results of the evaluated solutions up to 10 times. The best performing solution, among those evaluated, uses software metrics for assessing similarities between procedures and ranks procedures from the binary code according to their similarities with the target forensics procedure. This paper tries to improve the ranking by proposing five techniques for making similarities assessment more robust against compiler transformations. The proposed techniques filter stack instructions and transfer instructions, retain partial information about the instruction order, simulate inlining, and eliminate procedures that significantly differ from the searched procedure. The techniques are evaluated using a dataset based on the STAMP benchmark and re-evaluated using a dataset based on the BusyBox toolset. The evaluation shows that the use of the proposed techniques increases recall by 47 and 42% for the first and second datasets, respectively.</description><identifier>ISSN: 0010-4620</identifier><identifier>EISSN: 1460-2067</identifier><identifier>DOI: 10.1093/comjnl/bxv076</identifier><identifier>CODEN: CMPJAG</identifier><language>eng</language><publisher>Oxford: Oxford Publishing Limited (England)</publisher><subject>Codes ; Comparative analysis ; Forensic sciences ; Simulation ; Software</subject><ispartof>Computer journal, 2016-01, Vol.59 (1), p.bxv076</ispartof><rights>Copyright Oxford Publishing Limited(England) Jan 2016</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c151t-bfff6879b2ee5da852f666daff484abbe2dabcadf1c963b13fde9cebe512de3a3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,780,784,27924,27925</link.rule.ids></links><search><creatorcontrib>Radivojevic, Zaharije</creatorcontrib><creatorcontrib>Cvetanovic, Milos</creatorcontrib><creatorcontrib>Stojanovic, Sasa</creatorcontrib><title>Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations</title><title>Computer journal</title><description>License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production of a binary code using an arbitrary compiler decreases results of the evaluated solutions up to 10 times. The best performing solution, among those evaluated, uses software metrics for assessing similarities between procedures and ranks procedures from the binary code according to their similarities with the target forensics procedure. This paper tries to improve the ranking by proposing five techniques for making similarities assessment more robust against compiler transformations. The proposed techniques filter stack instructions and transfer instructions, retain partial information about the instruction order, simulate inlining, and eliminate procedures that significantly differ from the searched procedure. The techniques are evaluated using a dataset based on the STAMP benchmark and re-evaluated using a dataset based on the BusyBox toolset. The evaluation shows that the use of the proposed techniques increases recall by 47 and 42% for the first and second datasets, respectively.</description><subject>Codes</subject><subject>Comparative analysis</subject><subject>Forensic sciences</subject><subject>Simulation</subject><subject>Software</subject><issn>0010-4620</issn><issn>1460-2067</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><recordid>eNotkEtPwzAQhC0EEqVw5G6Jc-g6DyfhVqrykCqBRDhwivxYg6vGLnZawb8nUTjNYUazOx8h1wxuGdTZQvlu63YL-XOEkp-QGcs5JCnw8pTMABgkOU_hnFzEuAWAFGo-Ix8r3-1FsNE76g29t06EX_oavEJ9CBjv6JK-YT96DaovZ78PGKnxga6PQlv3SccCu8NAmyBcHJxO9Na7eEnOjNhFvPrXOXl_WDerp2Tz8vi8Wm4SxQrWJ9IYw6uylilioUVVpIZzroUxeZULKTHVQiqhDVM1zyTLjMZaocSCpRozkc3JzdS7D358rm-3_hDccLJlJYcqzwteDKlkSqngYwxo2n2w3bC1ZdCO9NqJXjvRy_4Alnxnqg</recordid><startdate>20160101</startdate><enddate>20160101</enddate><creator>Radivojevic, Zaharije</creator><creator>Cvetanovic, Milos</creator><creator>Stojanovic, Sasa</creator><general>Oxford Publishing Limited (England)</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>F28</scope><scope>FR3</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20160101</creationdate><title>Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations</title><author>Radivojevic, Zaharije ; Cvetanovic, Milos ; Stojanovic, Sasa</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c151t-bfff6879b2ee5da852f666daff484abbe2dabcadf1c963b13fde9cebe512de3a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Codes</topic><topic>Comparative analysis</topic><topic>Forensic sciences</topic><topic>Simulation</topic><topic>Software</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Radivojevic, Zaharije</creatorcontrib><creatorcontrib>Cvetanovic, Milos</creatorcontrib><creatorcontrib>Stojanovic, Sasa</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ANTE: Abstracts in New Technology & Engineering</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computer journal</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Radivojevic, Zaharije</au><au>Cvetanovic, Milos</au><au>Stojanovic, Sasa</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations</atitle><jtitle>Computer journal</jtitle><date>2016-01-01</date><risdate>2016</risdate><volume>59</volume><issue>1</issue><spage>bxv076</spage><pages>bxv076-</pages><issn>0010-4620</issn><eissn>1460-2067</eissn><coden>CMPJAG</coden><abstract>License violation analysis may require digital forensics in the performance of a time-consuming search in order to find out whether a binary code of a product contains a procedure that originates from a source code for which a license is required. The conducted experiment shows that the production of a binary code using an arbitrary compiler decreases results of the evaluated solutions up to 10 times. The best performing solution, among those evaluated, uses software metrics for assessing similarities between procedures and ranks procedures from the binary code according to their similarities with the target forensics procedure. This paper tries to improve the ranking by proposing five techniques for making similarities assessment more robust against compiler transformations. The proposed techniques filter stack instructions and transfer instructions, retain partial information about the instruction order, simulate inlining, and eliminate procedures that significantly differ from the searched procedure. The techniques are evaluated using a dataset based on the STAMP benchmark and re-evaluated using a dataset based on the BusyBox toolset. The evaluation shows that the use of the proposed techniques increases recall by 47 and 42% for the first and second datasets, respectively.</abstract><cop>Oxford</cop><pub>Oxford Publishing Limited (England)</pub><doi>10.1093/comjnl/bxv076</doi></addata></record> |
fulltext | fulltext |
identifier | ISSN: 0010-4620 |
ispartof | Computer journal, 2016-01, Vol.59 (1), p.bxv076 |
issn | 0010-4620 1460-2067 |
language | eng |
recordid | cdi_proquest_journals_1760844565 |
source | Oxford Journals Online |
subjects | Codes Comparative analysis Forensic sciences Simulation Software |
title | Comparison of Binary Procedures: A Set of Techniques for Evading Compiler Transformations |
url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T14%3A28%3A40IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Comparison%20of%20Binary%20Procedures:%20A%20Set%20of%20Techniques%20for%20Evading%20Compiler%20Transformations&rft.jtitle=Computer%20journal&rft.au=Radivojevic,%20Zaharije&rft.date=2016-01-01&rft.volume=59&rft.issue=1&rft.spage=bxv076&rft.pages=bxv076-&rft.issn=0010-4620&rft.eissn=1460-2067&rft.coden=CMPJAG&rft_id=info:doi/10.1093/comjnl/bxv076&rft_dat=%3Cproquest_cross%3E3935299711%3C/proquest_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c151t-bfff6879b2ee5da852f666daff484abbe2dabcadf1c963b13fde9cebe512de3a3%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=1760844565&rft_id=info:pmid/&rfr_iscdi=true |