Empirical Network Structure of Malicious Programs

by   John Musgrave, et al.

A modern binary executable is a composition of various networks. Control flow graphs are commonly used to represent an executable program in labeled datasets used for classification tasks. Control flow and term representations are widely adopted, but provide only a partial view of program semantics. This study is an empirical analysis of the networks composing malicious binaries in order to provide a complete representation of the structural properties of a program. This is accomplished by the measurement of structural properties of program networks in a malicious binary executable dataset. We demonstrate the presence of Scale-Free properties of network structure for program data dependency and control flow graphs, and show that data dependency graphs also have Small-World structural properties. We show that program data dependency graphs have a degree correlation that is structurally disassortative, and that control flow graphs have a neutral degree assortativity, indicating the use of random graphs to model the structural properties of program control flow graphs would show increased accuracy. By providing an increase in feature resolution within labeled datasets of executable programs we provide a quantitative basis to interpret the results of classifiers trained on CFG graph features. An increase in feature resolution allows for the structural properties of program classes to be analyzed for patterns as well as their component parts. By capturing a complete picture of program graphs we can enable theoretical solutions for the mapping a program's operational semantics to its structure.


page 1

page 2

page 3

page 4


Semantical Equivalence of the Control Flow Graph and the Program Dependence Graph

The program dependence graph (PDG) represents data and control dependenc...

Signatures of small-world and scale-free properties in large computer programs

A large computer program is typically divided into many hundreds or even...

Structural Operational Semantics for Control Flow Graph Machines

Compilers use control flow graph (CFG) representations of low-level prog...

Latent Semantic Structure in Malicious Programs

Latent Semantic Analysis is a method of matrix decomposition used for di...

The cross cyclomatic complexity: a bi-dimensional measure for program complexity on graphs

Reduce and control complexity is an essential practice in software desig...

Obfuscation Resilient Search throughExecutable Classification

Android applications are usually obfuscated before release, making it di...

Obfuscation Resilient Search through Executable Classification

Android applications are usually obfuscated before release, making it di...

Please sign up or login with your details

Forgot password? Click here to reset