Binsign: Fingerprinting Binary Functions To Support Automated Analysis Of Code Executables

Binary code fingerprinting is a challenging problem that requires an in-depth analysis of binary components for deriving identifiable signatures. Fingerprints are useful in automating reverse engineering tasks including clone detection, library identification, authorship attribution, cyber forensics, patch analysis, malware clustering, binary auditing, etc. In this paper, we present BINSIGN, a binary function fingerprinting framework. The main objective of BINSIGN is providing an accurate and scalable solution to binary code fingerprinting by computing and matching structural and syntactic code profiles for disassemblies. We describe our methodology and evaluate its performance in several use cases, including function reuse, malware analysis, and indexing scalability. Additionally, we emphasize the scalability aspect of BINSIGN. We perform experiments on a database of 6 million functions. The indexing process requires an average time of 0.0072 s per function. We find that BINSIGN achieves higher accuracy compared to existing tools.