Visual Reverse Engineering of Binary and Data Files

Authors:
Gregory Conti;Erik Dean;Matthew Sinda;Benjamin Sangster
Affiliations:
Department of Electrical Engineering and Computer Science, United States Military Academy, West Point, New York,;Department of Electrical Engineering and Computer Science, United States Military Academy, West Point, New York,;Department of Electrical Engineering and Computer Science, United States Military Academy, West Point, New York,;Department of Electrical Engineering and Computer Science, United States Military Academy, West Point, New York,
Venue:
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Year:
2008

Citing 4
Cited 6

Dotplot patterns: a literal look at pattern languages

Theory and Practice of Object Systems - Special issue on patterns
Visualizing windows executable viruses using self-organizing maps

Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Visual Exploration of Malicious Network Objects Using Semantic Zoom, Interactive Encoding and Dynamic Queries

VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Fuzzing: Brute Force Vulnerability Discovery

Fuzzing: Brute Force Vulnerability Discovery

mCarve: Carving attributed dump sets

SEC'11 Proceedings of the 20th USENIX conference on Security
Automated mapping of large binary objects using primitive fragment type classification

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Visualization in testing a volatile memory forensic tool

Digital Investigation: The International Journal of Digital Forensics & Incident Response
Interactive, visual-aided tools to analyze malware behavior

ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part IV
Visualization of shared system call sequence relationships in large malware corpora

Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Malware analysis method using visualization of binary files

Proceedings of the 2013 Research in Adaptive and Convergent Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The analysis of computer files poses a difficult problem for security researchers seeking to detect and analyze malicious content, software developers stress testing file formats for their products, and for other researchers seeking to understand the behavior and structure of undocumented file formats. Traditional tools, including hex editors, disassemblers and debuggers, while powerful, constrain analysis to primarily text based approaches. In this paper, we present design principles for file analysis which support meaningful investigation when there is little or no knowledge of the underlying file format, but are flexible enough to allow integration of additional semantic information, when available. We also present results from the implementation of a visual reverse engineering system based on our analysis. We validate the efficacy of both our analysis and our system with case studies depicting analysis use cases where a hex editor would be of limited value. Our results indicate that visual approaches help analysts rapidly identify files, analyze unfamiliar file structures, and gain insights that inform and complement the current suite of tools currently in use.