Please use this identifier to cite or link to this item:
https://dair.nps.edu/handle/123456789/4167
Title: | Analysis of Differences between Versions of Software Executables |
Authors: | Neil Rowe Bruce Allen |
Keywords: | Software Executable Files Corpus Database Digital Devices Fraudulent Software Malicious Software |
Issue Date: | 2-Dec-2019 |
Publisher: | Acquisition Research Program |
Citation: | Published--Unlimited Distribution |
Series/Report no.: | Software;NPS-IT-20-014 |
Abstract: | We studied differences between versions of software by comparing their executable files. We used a large database (“corpus”) of around 2600 digital-forensic copies of secondary storage of computers and digital devices purchased around the world. We extracted families of executable files in the EXE and DLL formats having the same name; we also included in these families other files having the same contents as files in the family but different names. We measured file similarities between files in the same family by finding matches between 8-bit bytes in the two files, and then looking for sequences of unbroken consecutive matches. We developed several kinds of useful visualizations to show file similarities: Two ways to display the bytes that match between two files, and two ways to show the similarities between members of a file family over time. These methods should make it considerably easier to detect fraudulent or malicious software because it will stand out in the visualizations. |
Description: | Information Technology / NPS Faculty Research |
URI: | https://dair.nps.edu/handle/123456789/4167 |
Appears in Collections: | Sponsored Acquisition Research & Technical Reports |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
NPS-IT-20-014.pdf | Technical Report | 1.84 MB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.