A generic binary analysis method for malware
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Rewriting history: more power to creative people
Proceedings of the 23rd Australian Computer-Human Interaction Conference
A method for analyzing code homology in genealogy of evolving software
FASE'10 Proceedings of the 13th international conference on Fundamental Approaches to Software Engineering
| Hi-index | 0.00 |
This paper reports on a tool for fine-grained analysis of structuralchanges made between revisions of programs. The tool, calledDiff/TS, calculates, visualizes and classifies edit operationsincluding ``moves'' that will change one revision into another bymeans of detailed tree structural analysis on source code. Suchanalysis tends to be time consuming and inflexible. We haveextended a general tree comparison algorithm with heuristics drivencontrol configurable for multiple programming languages and haveachieved both processing speed and analysis precision needed forinvestigating large-scale software projects. The tool is capable ofprocessing Python, Java, C and C++ projects. We present severalapplications including software ``archaeology'' on a widely known opensource software project and automated ``phylogenetic'' malwareclassification based on control flows. These examples suggest thattree differencing is useful for measuring distance or dissimilaritybetween tree structured artifacts, and offer good precision tests ofthe method.