This book addresses automated software fingerprinting in binary code, especially for cybersecurity applications. The reader will gain a thorough understanding of binary code analysis and several software fingerprinting techniques for cybersecurity applications, such as malware detection, vulnerability analysis, and digital forensics. More specifically, it starts with an overview of binary code analysis and its challenges, and then discusses the existing state-of-the-art approaches and their cybersecurity applications. Furthermore, it discusses and details a set of practical techniques for compiler provenance extraction, library function identification, function fingerprinting, code reuse detection, free open-source software identification, vulnerability search, and authorship attribution. It also illustrates several case studies to demonstrate the efficiency, scalability and accuracy of the above-mentioned proposed techniques and tools.
This book also introduces several innovative quantitative and qualitative techniques that synergistically leverage machine learning, program analysis, and software engineering methods to solve binary code fingerprinting problems, which are highly relevant to cybersecurity and digital forensics applications. The above-mentioned techniques are cautiously designed to gain satisfactory levels of efficiency and accuracy.
Researchers working in academia, industry and governmental agencies focusing on Cybersecurity will want to purchase this book. Software engineers and advanced-level students studying computer science, computer engineering and software engineering will also want to purchase this book.
Inhaltsverzeichnis
1 Introduction.- 2 Binary Analysis Overview.- 3 Compiler Provenance Attribution.- 4 Library Function Identification.- 5 Identifying Reused Functions in Binary Code.- 6 Function Fingerprinting.- 7 Free Open-Source Software Fingerprinting.- 8 Clone Detection.- 9 Authorship Attribution.- 10 Conclusion.
Über den Autor
Saed Alrabaee is an Assistant Professor at the Department of Information Systems and Security in United Arab Emirates University (UAEU). Prior to joining UAEU, Dr. Alrabaee was a Visiting Assistant Professor at the Department of Electrical and Computer Engineering and Computer Science at the University of New Haven (UNH), US. Dr. Alrabaee holds a Ph.D. degree in information system engineering from Concordia University in Montreal, Canada, which was executed under the supervision of Prof. Mourad Debbabi and Prof. Lingyu Wang. His research interests focus on the broad area of cybersecurity, reverse engineering, including, binary authorship attribution and characterization, malware analysis, and function fingerprinting.
Mourad Debbabi is a Full Professor at the Concordia Institute for Information Systems Engineering (CIISE) and Associate Dean Research and Graduate Studies at the Gina Cody School of Engineering and Computer Science. He holds the NSERC/Hydro-Québec Thales Senior Industrial Research Chair in Smart Grid Security and the Concordia Research Chair Tier I in Information Systems Security. He is also the President of the National Cyber Forensics and Training Alliance (NCFTA) Canada, and a member of CATAAlliance’s Cybercrime Advisory Council. He is the founder and one of the leaders of the Security Research Centre at Concordia University. Dr. Debbabi holds Ph.D. and M.Sc. degrees in computer science from Paris-XI Orsay, University, France. He published 3 books and more than 260 peer-reviewed research articles in international journals and conferences on cybersecurity, cyber forensics, privacy, cryptographic protocols, threat intelligence generation, malware analysis, smart grid security, reverse engineering, specification and verification of safety-critical systems, programming languages and type theory. He supervised to successful completion of 30 Ph.D. students and more than 70 Master students.
Paria Shirani is a Ph D candidate at the Concordia Institute for Information Systems Engineering (CIISE) at Concordia University under the supervision of Dr. Mourad Debbabi and Dr. Lingyu Wang. Paria received the National Science and Engineering Research Council (NSERC) Postdoctoral Fellowships, the most prominent postdoctoral award. During her Ph D, she was awarded with Fonds de recherche du Québec – Nature et technologies (FRQNT) Scholarship. Paria is currently a member at the Security Research Center at Concordia University, and has been actively working on different topics of cybersecurity, such as software fingerprinting for automated malicious code analysis and smart grid security. Her research interests are in the fields of malware analysis, Io T security, vulnerability detection, network security, and big data analysis.
Lingyu Wang is a Professor at the Concordia Institute for Information Systems Engineering (CIISE) at Concordia University, Montreal, Canada. He received his Ph.D. degree in Information Technology in 2006 from George Mason University. His research interests include cloud computing security, SDN/NFV security, security metrics, software security, and privacy. He has co-authored five books, two patents, and over 120 refereed conference and journal articles at reputable venues including TOPS, TIFS, TDSC, TMC, JCS, S&P, CCS, NDSS, ESORICS, PETS, ICDT, etc.
Amr Youssef is a professor at the Concordia Institute for Information Systems Engineering (CIISE). He received his B.Sc. and M.Sc. degrees from the Department of Electronics and Communications Engineering, Cairo University, Egypt, in 1990 and 1993, respectively, and the Ph.D. degree from the Electrical and Computer Engineering Department, Queens University, Canada, in 1997. Before joining Concordia in 2004, Dr. Youssef worked for Nortel Networks, the Center for Applied Cryptographic Research at the University of Waterloo, IBM, and Cairo University. His main research interests are in the area of cryptology and network security. Dr. Youssef has co-edited 4 books and co/authored about 200 referred papers. Dr. Youssef has served on the Technical Program Committee of more than 60 international conferences and co-chaired the workshop on Selected Areas in Cryptography (SAC) twice. Dr. Youssef is a registered professional engineer (P.Eng.) in Ontario and an IEEE senior member.
Ashkan Rahimian is a Senior Lead in security analytics at Omnia AI, Deloitte Canada’s AI practice. He has 10+ years of experience leading productionalized security research and development. He leads the Cyber AI product portfolio and works as a cybersecurity and machine learning specialist. Ashkan’s focus is on the design and development of intelligence-driven security models for predictive analytics, UEBA, and proactive threat hunting. Mr. Rahimian holds two Master’s degrees in Information Systems Securityand Artificial Intelligence and Robotics. He conducted his research under the supervision of Prof. Mourad Debbabi at Concordia University, Montreal, Canada.
Lina Nouh is a Business Analyst at Deloitte Digital Middle East, Riyadh, Saudi Arabia. She received her MAsc in Information Systems Security in 2017 from Concordia University, Montreal, Canada under the supervision of Prof. Mourad Debbabi and Dr. Aiman Hanna. Lina also received her Bachelor of Science in Software Engineering in 2014 from Concordia University, Montreal, Canada. Lina has been always an outstanding student, which has been recognized by receiving the prestigious Dean’s list award during all her Bachelor’s studies.
Djedjiga Mouheb is an Assistant Professor at the Department of Computer Science, College of Sciences at University of Sharjah, UAE. Dr. Mouheb holds a Ph.D. degree in information system engineering from Concordia University in Montreal, Canada, which was executed under the supervision of Prof. Mourad Debbabi and Prof. Lingyu Wang. Her research interests focus on cybersecurity, including social networking security, malware analysis, software fingerprinting, cyber-threat intelligence, secure software and systems engineering.
He Huang is currently a software engineer at the Moody’s Analytics Canada. He received his MAsc in Information Systems Security from Concordia University, Montreal, Canada under the supervision of Prof. Mourad Debbabi and Prof. Amr Youssef, and his Bachelor of Science in Information Security from Huazhong University of Science and Technology.
Aiman Hanna is a Professor at the Department of Computer Science and Software Engineering at the Gina Cody School of Engineering and Computer Science, Concordia University, Montreal, Canada, where he has been teaching for nearly 30 years. He has been the recipient of multiple Excellence and Outstanding Contribution Awards, as well as the OCTAS’2009 Award, Fédération de l’Informatique du Québec (FIQ), 2009. He has additionally been nominated for the Prix du Ministre de l’Éducation de Quebec in 2016. Dr. Hanna is a registered Professional Engineer, and a member of Professional Engineers Ontario (PEO), Canada. He has many years of industrial experience working for some of the largest Canadian firms including Bell Canada/Bell Sygma & CGI. Dr. Hanna holds Ph.D. and M.Sc. degrees in Computer Science from Concordia University, Montreal, Canada. His research focus is on the areas of software security, cybersecurity, software fingerprinting, big-data and container’s security, video conferencing, and networking and data communications.