Skip to Main content Skip to Navigation
Conference papers

BinSign: Fingerprinting Binary Functions to Support Automated Analysis of Code Executables

Abstract : Binary code fingerprinting is a challenging problem that requires an in-depth analysis of binary components for deriving identifiable signatures. Fingerprints are useful in automating reverse engineering tasks including clone detection, library identification, authorship attribution, cyber forensics, patch analysis, malware clustering, binary auditing, etc. In this paper, we present BinSign, a binary function fingerprinting framework. The main objective of BinSign is providing an accurate and scalable solution to binary code fingerprinting by computing and matching structural and syntactic code profiles for disassemblies. We describe our methodology and evaluate its performance in several use cases, including function reuse, malware analysis, and indexing scalability. Additionally, we emphasize the scalability aspect of BinSign. We perform experiments on a database of 6 million functions. The indexing process requires an average time of 0.0072 s per function. We find that BinSign achieves higher accuracy compared to existing tools.
Document type :
Conference papers
Complete list of metadata

Cited literature [28 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 27, 2017 - 10:31:18 AM
Last modification on : Thursday, July 26, 2018 - 2:08:02 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Lina Nouh, Ashkan Rahimian, Djedjiga Mouheb, Mourad Debbabi, Aiman Hanna. BinSign: Fingerprinting Binary Functions to Support Automated Analysis of Code Executables. 32th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), May 2017, Rome, Italy. pp.341-355, ⟨10.1007/978-3-319-58469-0_23⟩. ⟨hal-01648996⟩