{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T20:05:58Z","timestamp":1775073958778,"version":"3.50.1"},"reference-count":209,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2022,1,17]],"date-time":"2022-01-17T00:00:00Z","timestamp":1642377600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"United Arab Emirates University Start-up","award":["G00003261"],"award-info":[{"award-number":["G00003261"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2023,1,31]]},"abstract":"<jats:p>Binary code fingerprinting is crucial in many security applications. Examples include malware detection, software infringement, vulnerability analysis, and digital forensics. It is also useful for security researchers and reverse engineers since it enables high fidelity reasoning about the binary code such as revealing the functionality, authorship, libraries used, and vulnerabilities. Numerous studies have investigated binary code with the goal of extracting fingerprints that can illuminate the semantics of a target application. However, extracting fingerprints is a challenging task since a substantial amount of significant information will be lost during compilation, notably, variable and function naming, the original data and control flow structures, comments, semantic information, and the code layout. This article provides the first systematic review of existing binary code fingerprinting approaches and the contexts in which they are used. In addition, it discusses the applications that rely on binary code fingerprints, the information that can be captured during the fingerprinting process, and the approaches used and their implementations. It also addresses limitations and open questions related to the fingerprinting process and proposes future directions.<\/jats:p>","DOI":"10.1145\/3486860","type":"journal-article","created":{"date-parts":[[2022,1,17]],"date-time":"2022-01-17T15:47:38Z","timestamp":1642434458000},"page":"1-41","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":32,"title":["A Survey of Binary Code Fingerprinting Approaches: Taxonomy, Methodologies, and Features"],"prefix":"10.1145","volume":"55","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8842-493X","authenticated-orcid":false,"given":"Saed","family":"Alrabaee","sequence":"first","affiliation":[{"name":"Information Systems and Security, College of IT, United Arab Emirates University, Abu Dhabii, United Arab Emirates"}]},{"given":"Mourad","family":"Debbabi","sequence":"additional","affiliation":[{"name":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada"}]},{"given":"Lingyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada"}]}],"member":"320","published-online":{"date-parts":[[2022,1,17]]},"reference":[{"key":"e_1_3_1_2_2","article-title":"WIN32\/INDUSTROYER a new threat for industrial control systems.","year":"2017","unstructured":"2017. WIN32\/INDUSTROYER a new threat for industrial control systems.Retrieved from https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/06\/Win32_Industroyer.pdf. Accessed on May, 2021.","journal-title":"Retrieved from https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2017\/06\/Win32_Industroyer.pdf"},{"key":"e_1_3_1_3_2","article-title":"EXEINFO PE","year":"2019","unstructured":"2019. EXEINFO PE. Retrieved from http:\/\/exeinfo.atwebpages.com\/. Accessed on June, 2019.","journal-title":"Retrieved from http:\/\/exeinfo.atwebpages.com\/"},{"key":"e_1_3_1_4_2","article-title":"ghidra","year":"2019","unstructured":"2019. ghidra. Retrieved from https:\/\/www.nsa.gov\/resources\/everyone\/ghidra\/. Accessed on June, 2019.","journal-title":"Retrieved from https:\/\/www.nsa.gov\/resources\/everyone\/ghidra\/"},{"key":"e_1_3_1_5_2","article-title":"IDA pro disassembler","year":"2019","unstructured":"2019. IDA pro disassembler. Retrieved from https:\/\/www.hex-rays.com\/products\/ida\/tech\/. Accessed on June, 2019.","journal-title":"Retrieved from https:\/\/www.hex-rays.com\/products\/ida\/tech\/"},{"key":"e_1_3_1_6_2","article-title":"ollydbg is a 32-bit assembler level analysing debugger for microsoft windows","year":"2019","unstructured":"2019. ollydbg is a 32-bit assembler level analysing debugger for microsoft windows. Retrieved from http:\/\/ollydbg.de\/. Accessed on June, 2019.","journal-title":"Retrieved from http:\/\/ollydbg.de\/"},{"key":"e_1_3_1_7_2","article-title":"PEfile:","year":"2019","unstructured":"2019. PEfile:. Retrieved from http:\/\/code.google.com\/p\/pefile\/. Accessed on June, 2019.","journal-title":"Retrieved from http:\/\/code.google.com\/p\/pefile\/"},{"key":"e_1_3_1_8_2","article-title":"pivotal software. RabbitMQ web site","year":"2019","unstructured":"2019. pivotal software. RabbitMQ web site. Retrieved from https:\/\/www.rabbitmq.com\/. Accessed on June, 2019.","journal-title":"Retrieved from https:\/\/www.rabbitmq.com\/"},{"key":"e_1_3_1_9_2","article-title":"RDG_Packer_Detector","year":"2019","unstructured":"2019. RDG_Packer_Detector. Retrieved from http:\/\/www.rdgsoft.net\/. Accessed on June, 2019.","journal-title":"Retrieved from http:\/\/www.rdgsoft.net\/"},{"key":"e_1_3_1_10_2","article-title":"the paradyn project","year":"2019","unstructured":"2019. the paradyn project. Retrieved from http:\/\/www.paradyn.org\/html\/dyninst9.0.0-features.html. Accessed on June, 2019.","journal-title":"Retrieved from http:\/\/www.paradyn.org\/html\/dyninst9.0.0-features.html"},{"key":"e_1_3_1_11_2","article-title":"tigress is a diversifying virtualizer\/obfuscator for the c language","year":"2019","unstructured":"2019. tigress is a diversifying virtualizer\/obfuscator for the c language. Retrieved from http:\/\/tigress.cs.arizona.edu\/. Accessed on June, 2019.","journal-title":"Retrieved from http:\/\/tigress.cs.arizona.edu\/"},{"key":"e_1_3_1_12_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-04283-1_6"},{"key":"e_1_3_1_13_2","doi-asserted-by":"publisher","DOI":"10.5555\/1753228.1753233"},{"key":"e_1_3_1_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/93548.93576"},{"key":"e_1_3_1_15_2","doi-asserted-by":"publisher","DOI":"10.1109\/AINA.2014.59"},{"key":"e_1_3_1_16_2","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxu148"},{"key":"e_1_3_1_17_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2019.01.028"},{"key":"e_1_3_1_18_2","first-page":"47","volume-title":"European Symposium on Research in Computer Security","author":"Alrabaee Saed","year":"2019","unstructured":"Saed Alrabaee, ElMouatez Billah Karbab, Lingyu Wang, and Mourad Debbabi. 2019. Bineye: Towards efficient binary authorship characterization using deep learning. In European Symposium on Research in Computer Security, Kazue Sako Steve SchneiderPeter Y. A. Ryan (Eds.). Springer, 47\u201367."},{"key":"e_1_3_1_19_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2014.03.012"},{"key":"e_1_3_1_20_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.01.011"},{"key":"e_1_3_1_21_2","doi-asserted-by":"publisher","DOI":"10.1145\/3175492"},{"key":"e_1_3_1_22_2","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1007\/978-3-319-99073-6_2","volume-title":"European Symposium on Research in Computer Security","author":"Alrabaee Saed","year":"2018","unstructured":"Saed Alrabaee, Paria Shirani, Lingyu Wang, Mourad Debbabi, and Aiman Hanna. 2018. On leveraging coding habits for effective binary authorship attribution. In European Symposium on Research in Computer Security. Lopez J., Zhou J., Soriano M. (Eds.), Springer, 26\u201347."},{"key":"e_1_3_1_23_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2016.04.002"},{"key":"e_1_3_1_24_2","unstructured":"Hyrum S. Anderson and Phil Roth. 2018. Ember: An open dataset for training static PE malware machine learning models. ArXiv abs\/1804.04637 ."},{"key":"e_1_3_1_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/1327452.1327494"},{"key":"e_1_3_1_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/IPDPS.2007.370254"},{"key":"e_1_3_1_27_2","unstructured":"Daniel Arp Michael Spreitzenbarth Malte Hubner Hugo Gascon Konrad Rieck and CERT Siemens. 2014. Drebin: Effective and explainable detection of android malware in your pocket. In Proceedings of the Network and Distributed System Security Symposium . Vol. 14 23\u201326."},{"key":"e_1_3_1_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2792941"},{"key":"e_1_3_1_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/2560217.2560219"},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978333"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897927"},{"key":"e_1_3_1_32_2","doi-asserted-by":"publisher","DOI":"10.1155\/2014\/260905"},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-31985-6_19"},{"key":"e_1_3_1_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/1749608.1749612"},{"key":"e_1_3_1_35_2","doi-asserted-by":"publisher","DOI":"10.5555\/2671225.2671279"},{"key":"e_1_3_1_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/1060745.1060840"},{"key":"e_1_3_1_37_2","doi-asserted-by":"publisher","DOI":"10.1147\/sj.153.0225"},{"key":"e_1_3_1_38_2","doi-asserted-by":"publisher","DOI":"10.1145\/2430553.2430557"},{"key":"e_1_3_1_39_2","article-title":"Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies","author":"Branco Rodrigo Rubira","year":"2012","unstructured":"Rodrigo Rubira Branco, Gabriel Negreira Barbosa, and Pedro Drimel Neto. 2012. Scientific but not academical overview of malware anti-debugging, anti-disassembly and anti-vm technologies. Black Hat 1, (2012), 1\u201327.","journal-title":"Black Hat"},{"key":"e_1_3_1_40_2","first-page":"59","volume-title":"Proceedings of the 5th Australian Digital Forensics","author":"Brand Murray","year":"2007","unstructured":"Murray Brand. 2007. Forensic analysis avoidance techniques of malware. In Proceedings of the 5th Australian Digital Forensics. 59."},{"key":"e_1_3_1_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.31"},{"key":"e_1_3_1_42_2","doi-asserted-by":"publisher","DOI":"10.21236\/ADA538737"},{"key":"e_1_3_1_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/2896499"},{"key":"e_1_3_1_44_2","doi-asserted-by":"publisher","DOI":"10.5555\/1855741.1855756"},{"key":"e_1_3_1_45_2","doi-asserted-by":"publisher","DOI":"10.5555\/2831143.2831160"},{"key":"e_1_3_1_46_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23304"},{"key":"e_1_3_1_47_2","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC47284.2019.8969663"},{"key":"e_1_3_1_48_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.40"},{"key":"e_1_3_1_49_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.31"},{"key":"e_1_3_1_50_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.50"},{"key":"e_1_3_1_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/2020408.2020419"},{"key":"e_1_3_1_52_2","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950350"},{"key":"e_1_3_1_53_2","doi-asserted-by":"publisher","DOI":"10.1145\/2110356.2110358"},{"key":"e_1_3_1_54_2","first-page":"26","article-title":"Function hashing for malicious code analysis","author":"Cohen Cory","year":"2009","unstructured":"Cory Cohen and Jeffrey S. Havrilla. 2009. Function hashing for malicious code analysis. CERT Research Annual Report (2009), 26\u201329.","journal-title":"CERT Research Annual Report"},{"key":"e_1_3_1_55_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.12"},{"key":"e_1_3_1_56_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00054"},{"key":"e_1_3_1_57_2","doi-asserted-by":"publisher","DOI":"10.1145\/1062455.1062533"},{"key":"e_1_3_1_58_2","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2016.25"},{"key":"e_1_3_1_59_2","doi-asserted-by":"publisher","DOI":"10.1145\/3428293"},{"key":"e_1_3_1_60_2","doi-asserted-by":"publisher","DOI":"10.1145\/2980983.2908126"},{"key":"e_1_3_1_61_2","doi-asserted-by":"publisher","DOI":"10.1145\/3296957.3177157"},{"key":"e_1_3_1_62_2","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594343"},{"key":"e_1_3_1_63_2","doi-asserted-by":"publisher","DOI":"10.1145\/1327452.1327492"},{"key":"e_1_3_1_64_2","doi-asserted-by":"publisher","DOI":"10.1145\/2939672.2939719"},{"key":"e_1_3_1_65_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00003"},{"key":"e_1_3_1_66_2","doi-asserted-by":"crossref","unstructured":"Brendan F. Dolan-Gavitt Josh Hodosh Patrick Hulin Tim Leek and Ryan Whelan. 2014. Repeatable reverse engineering for the greater good with panda. Retrieved on September 23 2021 from https:\/\/mice.cs.columbia.edu\/getTechreport.php?techreportID=1588&format=pdf&.","DOI":"10.1145\/2843859.2843867"},{"key":"e_1_3_1_67_2","doi-asserted-by":"publisher","DOI":"10.5555\/1115566.1115568"},{"key":"e_1_3_1_68_2","first-page":"1","article-title":"Graph-based comparison of executable objects (english version)","volume":"5","author":"Dullien Thomas","year":"2005","unstructured":"Thomas Dullien and Rolf Rolles. 2005. Graph-based comparison of executable objects (english version). Sstic 5 1, (2005), 1\u20133.","journal-title":"Sstic"},{"key":"e_1_3_1_69_2","doi-asserted-by":"publisher","DOI":"10.1145\/1978672.1978683"},{"key":"e_1_3_1_70_2","doi-asserted-by":"publisher","DOI":"10.1145\/2089125.2089126"},{"key":"e_1_3_1_71_2","doi-asserted-by":"publisher","DOI":"10.5555\/2671225.2671245"},{"key":"e_1_3_1_72_2","doi-asserted-by":"publisher","DOI":"10.5555\/2555229"},{"key":"e_1_3_1_73_2","doi-asserted-by":"publisher","DOI":"10.1145\/2499370.2462165"},{"key":"e_1_3_1_74_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23185"},{"key":"e_1_3_1_75_2","doi-asserted-by":"publisher","DOI":"10.1145\/2379690.2379692"},{"key":"e_1_3_1_76_2","unstructured":"Mohammad Reza Farhadi. 2013. Assembly Code Clone Detection for Malware Binaries . Ph.D. Dissertation. Concordia University."},{"key":"e_1_3_1_77_2","doi-asserted-by":"publisher","DOI":"10.1109\/SERE.2014.21"},{"key":"e_1_3_1_78_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2844349"},{"key":"e_1_3_1_79_2","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052995"},{"key":"e_1_3_1_80_2","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978370"},{"key":"e_1_3_1_81_2","doi-asserted-by":"publisher","DOI":"10.14778\/2824032.2824041"},{"key":"e_1_3_1_82_2","article-title":"Graph-based binary analysis","author":"Flake Halvar","year":"2002","unstructured":"Halvar Flake. 2002. Graph-based binary analysis. Blackhat Briefings 2002 (2002).","journal-title":"Blackhat Briefings 2002"},{"key":"e_1_3_1_83_2","doi-asserted-by":"publisher","DOI":"10.1145\/2213836.2213898"},{"key":"e_1_3_1_84_2","doi-asserted-by":"publisher","DOI":"10.1002\/cpe.4794"},{"key":"e_1_3_1_85_2","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065036"},{"key":"e_1_3_1_86_2","doi-asserted-by":"publisher","DOI":"10.1145\/2093548.2093564"},{"key":"e_1_3_1_87_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIP.2006.873443"},{"key":"e_1_3_1_88_2","doi-asserted-by":"publisher","DOI":"10.1145\/1047659.1040332"},{"key":"e_1_3_1_89_2","doi-asserted-by":"publisher","DOI":"10.5555\/1702135.1702182"},{"key":"e_1_3_1_90_2","doi-asserted-by":"publisher","DOI":"10.1145\/2463676.2465300"},{"key":"e_1_3_1_91_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.07.012"},{"key":"e_1_3_1_92_2","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243866"},{"key":"e_1_3_1_93_2","unstructured":"Sean Heelan. 2009. Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities . Ph.D. Dissertation. University of Oxford."},{"key":"e_1_3_1_94_2","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420981"},{"key":"e_1_3_1_95_2","doi-asserted-by":"publisher","DOI":"10.1145\/1985441.1985453"},{"key":"e_1_3_1_96_2","doi-asserted-by":"publisher","DOI":"10.1145\/77606.77608"},{"key":"e_1_3_1_97_2","doi-asserted-by":"publisher","DOI":"10.1145\/3097983.3098026"},{"key":"e_1_3_1_98_2","first-page":"57","volume-title":"Proceedings of the IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering","author":"Y. Zhang Y. Li J. & Gu D. Hu,","year":"2016","unstructured":"Zhang Y. Li J. & Gu D. Hu, Y.2016. Cross-architecture binary semantics understanding via similar code comparison. In Proceedings of the IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering. IEEE, 57\u201367."},{"key":"e_1_3_1_99_2","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3052974"},{"key":"e_1_3_1_100_2","doi-asserted-by":"publisher","DOI":"10.1109\/SERE.2012.20"},{"key":"e_1_3_1_101_2","doi-asserted-by":"publisher","DOI":"10.1145\/2024569.2024571"},{"key":"e_1_3_1_102_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22786-8_6"},{"key":"e_1_3_1_103_2","unstructured":"Jiyong Jang. 2013. Scaling Software Security Analysis to Millions of Malicious Programs and Billions of Lines of Code . Ph.D. Dissertation. Carnegie Mellon University."},{"key":"e_1_3_1_104_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.13"},{"key":"e_1_3_1_105_2","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046742"},{"key":"e_1_3_1_106_2","doi-asserted-by":"publisher","DOI":"10.5555\/2534766.2534774"},{"key":"e_1_3_1_107_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2012.70"},{"key":"e_1_3_1_108_2","doi-asserted-by":"publisher","DOI":"10.5555\/2821429.2821434"},{"key":"e_1_3_1_109_2","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2016.7888739"},{"key":"e_1_3_1_110_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-005-0002-9"},{"key":"e_1_3_1_111_2","doi-asserted-by":"publisher","DOI":"10.5555\/2664398.2664404"},{"key":"e_1_3_1_112_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSMC.1985.6313426"},{"key":"e_1_3_1_113_2","unstructured":"Kris Kendall. 2007. Practical malware analysis. Retrieved on September 14 2021 from https:\/\/www.blackhat.com\/presentations\/bh-dc-07\/Kendall_McMillan\/Presentation\/bh-dc-07-Kendall_McMillan.pdf."},{"key":"e_1_3_1_114_2","volume-title":"Decompilation as Search","author":"Khoo Wei Ming","year":"2013","unstructured":"Wei Ming Khoo. 2013. Decompilation as Search. Technical Report UCAM-CL-TR-844. University of Cambridge, Computer Laboratory. Retrieved from https:\/\/www.cl.cam.ac.uk\/techreports\/UCAM-CL-TR-844.pdf."},{"key":"e_1_3_1_115_2","doi-asserted-by":"publisher","DOI":"10.5555\/2487085.2487147"},{"key":"e_1_3_1_116_2","unstructured":"Johannes Kinder. 2010. Static Analysis of X86 Executables . Ph.D. Dissertation. Technische Universit\u00e4t Darmstadt."},{"key":"e_1_3_1_117_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70545-1_40"},{"key":"e_1_3_1_118_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2017.58"},{"key":"e_1_3_1_119_2","unstructured":"Laszlo Kozma. 2008. k Nearest Neighbors algorithm (kNN). Retrieved on August 23 2021 from http:\/\/www.lkozma.net\/knn2.pdf."},{"key":"e_1_3_1_120_2","doi-asserted-by":"publisher","DOI":"10.1023\/A:1012535017876"},{"key":"e_1_3_1_121_2","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714639"},{"key":"e_1_3_1_122_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCA.2007.904745"},{"key":"e_1_3_1_123_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2910268"},{"key":"e_1_3_1_124_2","doi-asserted-by":"publisher","DOI":"10.5555\/2831120.2831128"},{"key":"e_1_3_1_125_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-010-0148-y"},{"key":"e_1_3_1_126_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSA.2017.15"},{"key":"e_1_3_1_127_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2019.01.001"},{"key":"e_1_3_1_128_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2019.8667970"},{"key":"e_1_3_1_129_2","doi-asserted-by":"publisher","DOI":"10.14778\/2732939.2732947"},{"key":"e_1_3_1_130_2","first-page":"14","volume-title":"Proceedings of the International Conference on Cyber-enabled Distributed Computing and Knowledge Discovery","author":"Jing Yuan Wang Liu,","year":"2016","unstructured":"Yuan Wang Liu, Jing and Yongjun Wang. 2016. Inferring phylogenetic networks of malware families from api sequences. In Proceedings of the International Conference on Cyber-enabled Distributed Computing and Knowledge Discovery. IEEE, 14\u201317."},{"key":"e_1_3_1_131_2","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594337"},{"key":"e_1_3_1_132_2","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635900"},{"key":"e_1_3_1_133_2","doi-asserted-by":"publisher","DOI":"10.1145\/1102546.1102560"},{"key":"e_1_3_1_134_2","unstructured":"D. Mahajan R. Patel and V. Sanker. 2018. Word2Vec using character n-grams. Retrieved on September 20 2021 from https:\/\/web.stanford.edu\/class\/archive\/cs\/cs224n\/cs224n.1174\/reports\/2761021.pdf."},{"key":"e_1_3_1_135_2","doi-asserted-by":"publisher","DOI":"10.1145\/2897073.2897094"},{"key":"e_1_3_1_136_2","unstructured":"Marion Marschalek and Claudio Guarnieri. 2015. Big game hunting: The peculiarities in nation-state malware research. Black Hat Las Vegas NV USA."},{"key":"e_1_3_1_137_2","doi-asserted-by":"publisher","DOI":"10.1145\/2248487.2151012"},{"key":"e_1_3_1_138_2","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3055156"},{"key":"e_1_3_1_139_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.csda.2008.10.015"},{"key":"e_1_3_1_140_2","doi-asserted-by":"publisher","DOI":"10.1145\/2931037.2931047"},{"key":"e_1_3_1_141_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_16"},{"key":"e_1_3_1_142_2","doi-asserted-by":"publisher","DOI":"10.1145\/2746194.2746202"},{"key":"e_1_3_1_143_2","doi-asserted-by":"publisher","DOI":"10.1109\/2.471178"},{"key":"e_1_3_1_144_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-18467-8_28"},{"key":"e_1_3_1_145_2","volume-title":"Supply Chain Analysis: From Quartermaster to Sunshop","author":"Moran Ned","year":"2013","unstructured":"Ned Moran and James T. Bennett. 2013. Supply Chain Analysis: From Quartermaster to Sunshop. Vol. 11. FireEye."},{"key":"e_1_3_1_146_2","volume-title":"Proceedings of the Annual Computer Security Conference (ACSAC) Worshop on Next Generation Malware Attacks and Defense (NGMAD)","author":"Nataraj Lakshmanan","year":"2013","unstructured":"Lakshmanan Nataraj, Dhilung Kirat, BS Manjunath, and Giovanni Vigna. 2013. Sarvam: Search and retrieval of malware. In Proceedings of the Annual Computer Security Conference (ACSAC) Worshop on Next Generation Malware Attacks and Defense (NGMAD)."},{"key":"e_1_3_1_147_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-58469-0_23"},{"key":"e_1_3_1_148_2","doi-asserted-by":"publisher","DOI":"10.1145\/3313391"},{"key":"e_1_3_1_149_2","doi-asserted-by":"publisher","DOI":"10.1145\/3329786"},{"key":"e_1_3_1_150_2","doi-asserted-by":"publisher","DOI":"10.1145\/800020.808263"},{"key":"e_1_3_1_151_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-21424-0_13"},{"key":"e_1_3_1_152_2","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.070813.00214"},{"key":"e_1_3_1_153_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2008.22"},{"key":"e_1_3_1_154_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.49"},{"key":"e_1_3_1_155_2","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664269"},{"key":"e_1_3_1_156_2","doi-asserted-by":"publisher","DOI":"10.1145\/3276517"},{"key":"e_1_3_1_157_2","first-page":"261","volume-title":"Proceedings of the IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER)","author":"Qiu Jing","year":"2015","unstructured":"Jing Qiu, Xiaohong Su, and Peijun Ma. 2015. Library functions identification in binary code by using graph isomorphism testings. In Proceedings of the IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER). IEEE, 261\u2013270."},{"key":"e_1_3_1_158_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2015.2470241"},{"key":"e_1_3_1_159_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-016-0283-1"},{"key":"e_1_3_1_160_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2015.05.015"},{"key":"e_1_3_1_161_2","first-page":"49","volume-title":"Proceedings of the InfoSec Southwest","author":"Raman K.","year":"2012","unstructured":"K. Raman. 2012. Selecting features to classify malware. In Proceedings of the InfoSec Southwest. 49\u201364."},{"key":"e_1_3_1_162_2","doi-asserted-by":"publisher","DOI":"10.5555\/2831143.2831147"},{"key":"e_1_3_1_163_2","doi-asserted-by":"publisher","DOI":"10.1109\/DSA.2017.16"},{"key":"e_1_3_1_164_2","doi-asserted-by":"publisher","DOI":"10.5555\/2671225.2671280"},{"key":"e_1_3_1_165_2","doi-asserted-by":"publisher","DOI":"10.37419\/LR.V3.I3.7"},{"key":"e_1_3_1_166_2","doi-asserted-by":"publisher","DOI":"10.1145\/2001420.2001433"},{"key":"e_1_3_1_167_2","doi-asserted-by":"publisher","DOI":"10.5555\/2041225.2041239"},{"key":"e_1_3_1_168_2","doi-asserted-by":"publisher","DOI":"10.1145\/1806672.1806678"},{"key":"e_1_3_1_169_2","doi-asserted-by":"publisher","DOI":"10.5555\/1894166.1894188"},{"key":"e_1_3_1_170_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2009.02.007"},{"key":"e_1_3_1_171_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08509-8_2"},{"key":"e_1_3_1_172_2","doi-asserted-by":"publisher","DOI":"10.1145\/1572272.1572287"},{"key":"e_1_3_1_173_2","first-page":"64","article-title":"Opcode sequences as representation of executables for data-mining-based unknown malware detection","author":"I. Brezo F. Ugarte-Pedrero X. & Bringas P. G. Santos,","year":"2013","unstructured":"Brezo F. Ugarte-Pedrero X. & Bringas P. G. Santos, I.2013. Opcode sequences as representation of executables for data-mining-based unknown malware detection. Information Sciences 231 (2013), 64\u201382. DOI:https:\/\/doi.org\/10.1016\/j.ins.2011.08.020","journal-title":"Information Sciences"},{"key":"e_1_3_1_174_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-11747-3_3"},{"key":"e_1_3_1_175_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2016.2536605"},{"key":"e_1_3_1_176_2","doi-asserted-by":"publisher","DOI":"10.1145\/872757.872770"},{"key":"e_1_3_1_177_2","doi-asserted-by":"publisher","DOI":"10.5555\/882495.884439"},{"key":"e_1_3_1_178_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_7"},{"key":"e_1_3_1_179_2","doi-asserted-by":"publisher","DOI":"10.1109\/icc.2011.5963012"},{"key":"e_1_3_1_180_2","doi-asserted-by":"publisher","DOI":"10.5555\/2150963.2150968"},{"key":"e_1_3_1_181_2","doi-asserted-by":"publisher","DOI":"10.5555\/2831143.2831182"},{"key":"e_1_3_1_182_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-93411-2_6"},{"key":"e_1_3_1_183_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-60876-1_14"},{"key":"e_1_3_1_184_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_1_185_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_1_186_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"e_1_3_1_187_2","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029825"},{"key":"e_1_3_1_188_2","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.101613.00077"},{"key":"e_1_3_1_189_2","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2016.2646641"},{"key":"e_1_3_1_190_2","doi-asserted-by":"publisher","DOI":"10.14778\/2311906.2311907"},{"key":"e_1_3_1_191_2","doi-asserted-by":"publisher","DOI":"10.1145\/1559845.1559905"},{"key":"e_1_3_1_192_2","doi-asserted-by":"publisher","DOI":"10.1145\/1806907.1806912"},{"key":"e_1_3_1_193_2","doi-asserted-by":"publisher","DOI":"10.5555\/762761.762771"},{"key":"e_1_3_1_194_2","doi-asserted-by":"publisher","DOI":"10.1145\/321921.321925"},{"key":"e_1_3_1_195_2","doi-asserted-by":"publisher","DOI":"10.4236\/jsea.2018.116020"},{"key":"e_1_3_1_196_2","doi-asserted-by":"publisher","DOI":"10.5555\/786775.787216"},{"key":"e_1_3_1_197_2","volume-title":"Proceedings of the 2007 Conference on BlackHat DC","author":"Walenstein Andrew","year":"2007","unstructured":"Andrew Walenstein, Michael Venable, Matthew Hayes, Christopher Thompson, and Arun Lakhotia. 2007. Exploiting similarity between variants to defeat malware. In Proceedings of the 2007 Conference on BlackHat DC."},{"key":"e_1_3_1_198_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2008.30"},{"key":"e_1_3_1_199_2","first-page":"1","article-title":"Bmat-a binary matching tool for stale profile propagation","volume":"2","author":"Wang Zheng","year":"2000","unstructured":"Zheng Wang, Ken Pierce, and Scott McFarling. 2000. Bmat-a binary matching tool for stale profile propagation. The Journal of Instruction-Level Parallelism 2 (2000), 1\u201320.","journal-title":"The Journal of Instruction-Level Parallelism"},{"key":"e_1_3_1_200_2","doi-asserted-by":"publisher","DOI":"10.1145\/174675.177907"},{"key":"e_1_3_1_201_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-31980-1_24"},{"key":"e_1_3_1_202_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-68690-5_26"},{"key":"e_1_3_1_203_2","article-title":"Type learning for binaries and its applications","author":"Xu Zhiwu","year":"2018","unstructured":"Zhiwu Xu, Cheng Wen, and Shengchao Qin. 2018. Type learning for binaries and its applications. IEEE Transactions on Reliability 63, 3 (2018), 893\u2013912.","journal-title":"IEEE Transactions on Reliability"},{"key":"e_1_3_1_204_2","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2917668"},{"key":"e_1_3_1_205_2","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.54"},{"key":"e_1_3_1_206_2","article-title":"CodeCMR: Cross-modal retrieval for function-level binary source code matching","volume":"33","author":"Yu Zeping","year":"2020","unstructured":"Zeping Yu, Wenxin Zheng, Jiaqi Wang, Qiyi Tang, Sen Nie, and Shi Wu. 2020. CodeCMR: Cross-modal retrieval for function-level binary source code matching. Advances in Neural Information Processing Systems 33 (2020), 1\u201310.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_1_207_2","first-page":"487","volume-title":"Proceedings of the ACM SIGSAC Conference on Computer & Communications Security","author":"J. Fu Y. Miller K. A. Lin Z. Zhang X. & Xu D. Zeng,","year":"2013","unstructured":"Fu Y. Miller K. A. Lin Z. Zhang X. & Xu D. Zeng, J.2013. Obfuscation resilient binary code reuse through trace-oriented programming. In Proceedings of the ACM SIGSAC Conference on Computer & Communications Security. ACM, 487\u2013498."},{"key":"e_1_3_1_208_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2018.8330204"},{"key":"e_1_3_1_209_2","doi-asserted-by":"publisher","DOI":"10.1007\/s11219-018-9435-5"},{"key":"e_1_3_1_210_2","doi-asserted-by":"publisher","DOI":"10.1145\/2430553.2430556"}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3486860","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3486860","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:18:47Z","timestamp":1750191527000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3486860"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,1,17]]},"references-count":209,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,1,31]]}},"alternative-id":["10.1145\/3486860"],"URL":"https:\/\/doi.org\/10.1145\/3486860","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,1,17]]},"assertion":[{"value":"2020-11-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-01-17","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}