DocumentCode
1846838
Title
Fingerprinting Executable Programs Based on Color Moments of a Novel Abstract Call Graph
Author
Yin, Zhiyi ; Fu, Jianming ; Zhu, Fuxi ; Su, Fanchen ; Yao, Haitao ; Liu, Fen
Author_Institution
Sch. of Comput. Sci., Wuhan Univ., Wuhan
fYear
2008
fDate
18-21 Nov. 2008
Firstpage
2319
Lastpage
2324
Abstract
In this paper we propose a new method for finding the fingerprint of executable programs. Our method based on the statistical analysis of the 2-dimensional graph named novel abstract call graph which is in component of the colored pixels arranged according to the adjacency matrix of the call flow graph, the color of the pixel is determined by the in-degree and out-degree of function node and the function call relationship. Through the experiments we can perceive that the color moments can be used to identify different executable programs as a fingerprint for the following reasons: it is the unique property that different executable programs map to different abstract call graphs with different color moments; it is sensitive to the changes of the function call relationship that the value of color moments will present different as long as there exists call relationship modifications; it is robust to the local normal instruction modifications that the value of color moments will not change as long as the modifications do not change any function call relationship. This paper show that this fingerprint can be used to intrusion detection since the malicious code may change the function call relationship of the infected program, and can be also used to measure the N versions of a program and so on. In this paper we mainly introduce the process of forming the fingerprint, its properties and forecasting its application.
Keywords
flow graphs; graph colouring; security of data; statistical analysis; 2D graph; abstract call flow graph; adjacency matrix; color moment; executable program fingerprinting; infected program function call relationship; intrusion detection; malicious code; statistical analysis; Color; Computer science; Control systems; Fingerprint recognition; Flow graphs; Fluid flow measurement; Intrusion detection; Security; Software engineering; Statistical analysis; Call flow graph; color moments; fingerprint; novel abstract call graph; similarity measurement.;
fLanguage
English
Publisher
ieee
Conference_Titel
Young Computer Scientists, 2008. ICYCS 2008. The 9th International Conference for
Conference_Location
Hunan
Print_ISBN
978-0-7695-3398-8
Electronic_ISBN
978-0-7695-3398-8
Type
conf
DOI
10.1109/ICYCS.2008.526
Filename
4709334
Link To Document