Visual Reverse Engineering of Binary and Data Files
作者: Gregory Conti , Erik Dean , Matthew Sinda , Benjamin Sangster
DOI: 10.1007/978-3-540-85933-8_1
关键词:
摘要: The analysis of computer files poses a difficult problem for security researchers seeking to detect and analyze malicious content, software developers stress testing file formats their products, other understand the behavior structure undocumented formats. Traditional tools, including hex editors, disassemblers debuggers, while powerful, constrain primarily text based approaches. In this paper, we present design principles which support meaningful investigation when there is little or no knowledge underlying format, but are flexible enough allow integration additional semantic information, available. We also results from implementation visual reverse engineering system on our analysis. validate efficacy both with case studies depicting use cases where editor would be limited value. Our indicate that approaches help analysts rapidly identify files, unfamiliar structures, gain insights inform complement current suite tools currently in use.
springer.com
rumint.org 
acm.org 参考文章(6)
Thomas Dullien, Graph-based comparison of Executable Objects ,(2005)
G. Conti, J. Grizzard, M. Ahamad, H. Owen, Visual exploration of malicious network objects using semantic zoom, interactive encoding and dynamic queries visualization for computer security. pp. 10- 10 ,(2005) , 10.1109/VIZSEC.2005.19
Halvar Flake, Structural Comparison of Executable Objects DIMVA. pp. 161- 173 ,(2004) , 10.17877/DE290R-2007
Jonathan Helfman, Dotplot patterns: a literal look at pattern languages Theory and Practice of Object Systems. ,vol. 2, pp. 31- 41 ,(1996) , 10.1002/(SICI)1096-9942(1996)2:1<31::AID-TAPO3>3.3.CO;2-F
Adam Greene, Michael Sutton, Pedram Amini, Fuzzing: Brute Force Vulnerability Discovery ,(2007)
InSeon Yoo, Visualizing windows executable viruses using self-organizing maps visualization for computer security. pp. 82- 89 ,(2004) , 10.1145/1029208.1029222