Article

BinClone: Detecting Code Clones in Malware

Authors:

Mohammad Reza Farhadi,

Benjamin C. M. Fung,

Philippe Charland,

Mourad DebbabiAuthors Info & Claims

SERE '14: Proceedings of the 2014 Eighth International Conference on Software Security and Reliability

Pages 78 - 87

https://doi.org/10.1109/SERE.2014.21

Published: 30 June 2014 Publication History

Abstract

To gain an in-depth understanding of the behaviour of a malware, reverse engineers have to disassemble the malware, analyze the resulting assembly code, and then archive the commented assembly code in a malware repository for future reference. In this paper, we have developed an assembly code clone detection system called Bin Clone to identify the code clone fragments from a collection of malware binaries with the following major contributions. First, we introduce two deterministic clone detection methods with the goals of improving the recall rate and facilitating malware analysis. Second, our methods allow malware analysts to discover both exact and inexact clones at different token normalization levels. Third, we evaluate our proposed clone detection methods on real-life malware binaries. To the best of our knowledge, this is the first work that studies the problem of assembly code clone detection for malware analysis.

Cited By

View all

Jia LWu CZhang PWang ZShrivastava ASui Y(2024)CodeExtract: Enhancing Binary Code Similarity Detection with Code Extraction TechniquesProceedings of the 25th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems10.1145/3652032.3657572(143-154)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3652032.3657572
Wang HGao ZZhang CSun MZhou YQiu HXiao XChristakis MPradel M(2024)CEBin: A Cost-Effective Framework for Large-Scale Binary Code Similarity DetectionProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652117(149-161)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652117
Wong WWang HLi ZWang SRoychoudhury APaiva AAbreu RStorey M(2024)BinAug: Enhancing Binary Similarity Analysis with Low-Cost Input RepairingProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623328(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623328
Show More Cited By

Recommendations

WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems

The fast spreading worm is becoming one of the most serious threats to today's networked information systems. A fast spreading worm could infect hundreds of thousands of hosts within a few minutes. In order to stop a fast spreading worm, we need the ...
A Survey on Intrusion Detection and Prevention Systems
Abstract
In the digital world, malicious activities that violate the confidentiality, integrity, or availability of data and devices are known as intrusions. An intrusion detection system (IDS) analyses the activities of a single system or a network to ...
Detecting, validating and characterizing computer infections in the wild
IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Although network intrusion detection systems (IDSs) have been studied for several years, their operators are still overwhelmed by a large number of false-positive alerts. In this work we study the following problem: from a large archive of intrusion ...

Comments

Information & Contributors

Information

Published In

SERE '14: Proceedings of the 2014 Eighth International Conference on Software Security and Reliability

June 2014

256 pages

ISBN:9781479942961

Publisher

IEEE Computer Society

United States

Publication History

Published: 30 June 2014

Author Tag

Assembly Code Clone Detection, Malware Analysis, Reverse Engineering, Binary Analysis

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Jia LWu CZhang PWang ZShrivastava ASui Y(2024)CodeExtract: Enhancing Binary Code Similarity Detection with Code Extraction TechniquesProceedings of the 25th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems10.1145/3652032.3657572(143-154)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3652032.3657572
Wang HGao ZZhang CSun MZhou YQiu HXiao XChristakis MPradel M(2024)CEBin: A Cost-Effective Framework for Large-Scale Binary Code Similarity DetectionProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652117(149-161)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652117
Wong WWang HLi ZWang SRoychoudhury APaiva AAbreu RStorey M(2024)BinAug: Enhancing Binary Similarity Analysis with Low-Cost Input RepairingProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3623328(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3623328
Gribkov NOvasapyan TMoskvin D(2023)Analysis of Decompiled Program Code Using Abstract Syntax TreesAutomatic Control and Computer Sciences10.3103/S014641162308006057:8(958-967)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.3103/S0146411623080060
Spiess CChandra SBlincoe KTonella P(2023)STraceBERT: Source Code Retrieval using Semantic Application TracesProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3617852(2207-2209)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3617852
Li MLiu HJiang XZhao ZZhang T(2023)SENSEComputers and Security10.1016/j.cose.2023.103500135:COnline publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103500
Weideman NWang HKann TZahabizadeh SWu WTandon RMirkovic JHauser C(2022)Harm-DoS: Hash Algorithm Replacement for Mitigating Denial-of-Service Vulnerabilities in Binary ExecutablesProceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3545948.3545967(276-291)Online publication date: 26-Oct-2022
https://dl.acm.org/doi/10.1145/3545948.3545967
Wang HQu WKatz GZhu WGao ZQiu HZhuge JZhang CRyu SSmaragdakis Y(2022)jTrans: jump-aware transformer for binary code similarity detectionProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3533767.3534367(1-13)Online publication date: 18-Jul-2022
https://dl.acm.org/doi/10.1145/3533767.3534367
Alrabaee SDebbabi MWang L(2022)A Survey of Binary Code Fingerprinting Approaches: Taxonomy, Methodologies, and FeaturesACM Computing Surveys10.1145/348686055:1(1-41)Online publication date: 17-Jan-2022
https://dl.acm.org/doi/10.1145/3486860
D’Onghia MSalvadore MNespoli BCarminati MPolino MZanero S(2022)ApículaComputers and Security10.1016/j.cose.2022.102775119:COnline publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1016/j.cose.2022.102775
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

WormTerminator: an effective containment of unknown and polymorphic fast spreading worms

A Survey on Intrusion Detection and Prevention Systems

Detecting, validating and characterizing computer infections in the wild

Comments

Information

Published In

Publisher

Publication History

Author Tag

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations