Conference proceeding
When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries
25TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2018)
01 Jan 2018
Abstract
The ability to identify authors of computer programs based on their coding style is a direct threat to the privacy and anonymity of programmers. While recent work found that source code can be attributed to authors with high accuracy, attribution of executable binaries appears to be much more difficult. Many distinguishing features present in source code, e.g. variable names, are removed in the compilation process, and compiler optimization may alter the structure of a program, further obscuring features that are known to be useful in determining authorship. We examine programmer de-anonymization from the standpoint of machine learning, using a novel set of features that include ones obtained by decompiling the executable binary to source code. We adapt a powerful set of techniques from the domain of source code authorship attribution along with stylistic representations embedded in assembly, resulting in successful de-anonymization of a large set of programmers.
We evaluate our approach on data from the Google Code Jam, obtaining attribution accuracy of up to 96% with 100 and 83% with 600 candidate programmers. We present an executable binary authorship attribution approach, for the first time, that is robust to basic obfuscations, a range of compiler optimization settings, and binaries that have been stripped of their symbol tables. We perform programmer de-anonymization using both obfuscated binaries, and real-world code found "in the wild" in single-author GitHub repositories and the recently leaked Nulled.IO hacker forum. We show that programmers who would like to remain anonymous need to take extreme countermeasures to protect their privacy.
Metrics
Details
- Title
- When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries
- Creators
- Aylin Caliskan - Princeton UniversityFabian Yamaguchi - Technische Universität BraunschweigEdwin Dauber - Drexel UniversityRichard Harang - United States Army Research LaboratoryKonrad Rieck - Technische Universität BraunschweigRachel Greenstadt - Drexel UniversityArvind Narayanan - Princeton UniversityInternet Soc
- Publication Details
- 25TH ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2018)
- Publisher
- INTERNET SOC
- Number of pages
- 15
- Resource Type
- Conference proceeding
- Language
- English
- Academic Unit
- Computer Science
- Web of Science ID
- WOS:000722005800050
- Scopus ID
- 2-s2.0-85145616074
- Other Identifier
- 991019168515804721
InCites Highlights
Data related to this publication, from InCites Benchmarking & Analytics tool:
- Collaboration types
- Domestic collaboration
- International collaboration
- Web of Science research areas
- Computer Science, Information Systems
- Computer Science, Theory & Methods