English

Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets

Cryptography and Security 2021-01-19 v2

Abstract

Attributing a piece of malware to its creator typically requires threat intelligence. Binary attribution increases the level of difficulty as it mostly relies upon the ability to disassemble binaries to identify authorship style. Our survey explores malicious author style and the adversarial techniques used by them to remain anonymous. We examine the adversarial impact on the state-of-the-art methods. We identify key findings and explore the open research challenges. To mitigate the lack of ground truth datasets in this domain, we publish alongside this survey the largest and most diverse meta-information dataset of 15,660 malware labeled to 164 threat actor groups.

Keywords

Cite

@article{arxiv.2101.06124,
  title  = {Identifying Authorship Style in Malicious Binaries: Techniques, Challenges & Datasets},
  author = {Jason Gray and Daniele Sgandurra and Lorenzo Cavallaro},
  journal= {arXiv preprint arXiv:2101.06124},
  year   = {2021}
}

Comments

31 pages, 3 figures, 10 tables; Modified table headings to make them readable

R2 v1 2026-06-23T22:12:13.643Z