@inproceedings{0addbac3fd164db7a5d240f765a02864,
title = "Identifying multiple authors in a binary program",
abstract = "Knowing the authors of a binary program has significant application to forensics of malicious software (malware), software supply chain risk management, and software plagiarism detection. Existing techniques assume that a binary is written by a single author, which does not hold true in real world because most modern software, including malware, often contains code from multiple authors. In this paper, we make the first step toward identifying multiple authors in a binary. We present new fine-grained techniques to address the tougher problem of determining the author of each basic block. The decision of attributing authors at the basic block level is based on an empirical study of three large open source software, in which we find that a large fraction of basic blocks can be well attributed to a single author. We present new code features that capture programming style at the basic block level, our approach for identifying external template library code, and a new approach to capture correlations between the authors of basic blocks in a binary. Our experiments show strong evidence that programming styles can be recovered at the basic block level and it is practical to identify multiple authors in a binary.",
keywords = "Binary code authorship, Code features, Software forensics",
author = "Xiaozhu Meng and Miller, {Barton P.} and Jun, {Kwang Sung}",
note = "Funding Information: Acknowledgments. This work is supported in part by Department of Energy grant DE-SC0010474, National Science Foundation Cyber Infrastructure grants ACI-1547272, ACI-1449918, Department of Homeland Security under AFRL Contract FA8750-12-2-0289, and a grant from Intel Corporation. This research was performed using the compute resources and assistance of the UW-Madison Center For High Throughput Computing (CHTC) in the Department of Computer Sciences. Publisher Copyright: {\textcopyright} 2017, Springer International Publishing AG.; 22nd European Symposium on Research in Computer Security, ESORICS 2017 ; Conference date: 11-09-2017 Through 15-09-2017",
year = "2017",
doi = "10.1007/978-3-319-66399-9_16",
language = "English (US)",
isbn = "9783319663982",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag",
pages = "286--304",
editor = "Foley, {Simon N.} and Dieter Gollmann and Einar Snekkenes",
booktitle = "Computer Security – ESORICS 2017 - 22nd European Symposium on Research in Computer Security, Proceedings",
}