Version 1
: Received: 22 August 2022 / Approved: 26 August 2022 / Online: 26 August 2022 (03:50:01 CEST)
Version 2
: Received: 24 September 2022 / Approved: 26 September 2022 / Online: 26 September 2022 (04:24:48 CEST)
How to cite:
Musgrave, J.; Campan, A.; Messay-Kebede, T.; Kapp, D.; Ralescu, A. Empirical Network Structure of Malicious Programs. Preprints2022, 2022080440. https://doi.org/10.20944/preprints202208.0440.v2
Musgrave, J.; Campan, A.; Messay-Kebede, T.; Kapp, D.; Ralescu, A. Empirical Network Structure of Malicious Programs. Preprints 2022, 2022080440. https://doi.org/10.20944/preprints202208.0440.v2
Musgrave, J.; Campan, A.; Messay-Kebede, T.; Kapp, D.; Ralescu, A. Empirical Network Structure of Malicious Programs. Preprints2022, 2022080440. https://doi.org/10.20944/preprints202208.0440.v2
APA Style
Musgrave, J., Campan, A., Messay-Kebede, T., Kapp, D., & Ralescu, A. (2022). Empirical Network Structure of Malicious Programs. Preprints. https://doi.org/10.20944/preprints202208.0440.v2
Chicago/Turabian Style
Musgrave, J., David Kapp and Anca Ralescu. 2022 "Empirical Network Structure of Malicious Programs" Preprints. https://doi.org/10.20944/preprints202208.0440.v2
Abstract
A modern binary executable is a composition of various networks. Control flow graphs are commonly used to represent an executable program in labeled datasets used for classification tasks. Control flow and term representations are widely adopted, but provide only a partial view of program semantics. This study is an empirical analysis of the networks composing malicious binaries in order to provide a complete representation of the structural properties of a program. This is accomplished by the measurement of structural properties of program networks in a malicious binary executable dataset. We demonstrate the presence of Scale-Free properties of network structure for program data dependency and control flow graphs, and show that data dependency graphs also have Small-World structural properties. We show that program data dependency graphs have a degree correlation that is structurally disassortative, and that control flow graphs have a neutral degree assortativity, indicating the use of random graphs to model the structural properties of program control flow graphs would show increased accuracy. By providing an increase in feature resolution within labeled datasets of executable programs we provide a quantitative basis to interpret the results of classifiers trained on CFG graph features. An increase in feature resolution allows for the structural properties of program classes to be analyzed for patterns as well as their component parts. By capturing a complete picture of program graphs we can enable theoretical solutions for the mapping a program's operational semantics to its structure.
Computer Science and Mathematics, Computer Science
Copyright:
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Commenter: John Musgrave
Commenter's Conflict of Interests: Author