Introduction

Abstract

Binary code fingerprinting is essential to many security use cases and applications; examples include reverse engineering, digital forensics, malware detection and analysis, threat and vulnerability analysis, patch analysis, and software infringement. More specifically, in the context of security, such a capability is highly required in order to analyze large amount of malware and applications in order to uncover their malicious behaviors, characterize their network footprints, and consequently derive timely, relevant, and actionable cyber intelligence that could be used for detection, prevention, mitigation, and attribution purposes. Indeed, everyday, a deluge of cyberattacks is launched against the cyber infrastructure of corporations, governmental agencies, and individuals, with unprecedented sophistication, speed, intensity, volume, inflicted damage, and audacity. Besides, the threat landscape is shifting towards more stealthy, mercurial, and targeted advanced persistent threats and attacks against industrial control systems, Internet of things (IoT) devices, social networks, software defined network (SDN) and cloud infrastructure, mobile devices and related core networks, which exacerbates even more the security challenges. These attacks emanate from a wide spectrum of perpetrators such as criminals, cyber-terrorists, and foreign intelligence/military services. The damage can be even more significant when the target involves critical infrastructure components. In this context, there is an acute desideratum towards binary code fingerprinting techniques and technologies in order to subject the aforementioned threats to an in-depth analysis and correlation to derive timely and relevant cyber threat intelligence that can enable detection, prevention, mitigation, and attribution of related cyberattacks.