Poster: Atoms of Style: Identifying the Authors of Program Binaries

Being able to identify the author of a program has many applications in both academic and commercial environments. In most use cases, the source code is readily available, and this is reflected in the literature, as previous work has mostly focused on source code analyses. In contrast, scant research has been carried out on identifying the authors of executable program binaries. This would be most applicable to the analysis of malware, but it also has applications in other areas, such as the evaluation of code obfuscators. Our research builds on and extends the work of previous studies on source code analysis to the realm of executable binaries. We take the approach of initially reverse engineering the executable code to extract a source code representation, before applying deanonymization techniques and analyzing the results. Our reasons for reverse engineering are to use the results to better understand whether elements of style are preserved through compilation, and of those, which are instrumental in identifying authors. Our preliminary results suggest that some logical stylistic features remain after compilation, however there is far less variety in these features due in part to the loss of information after compiling, which goes beyond loss of indentation, comments and naming conventions. However, the results provide some encouragement that accuracy can be improved given a more detailed investigation and experimentation with different feature sets.