{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,16]],"date-time":"2024-09-16T08:37:24Z","timestamp":1726475844410},"reference-count":37,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2023,6,25]],"date-time":"2023-06-25T00:00:00Z","timestamp":1687651200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"This article is part of a series aimed at determining the authorship of source codes. Analyzing binary code is a crucial aspect of cybersecurity, software development, and computer forensics, particularly in identifying malware authors. Any program is machine code, which can be disassembled using specialized tools and analyzed for authorship identification, similar to natural language text using Natural Language Processing methods. We propose an ensemble of fastText, support vector machine (SVM), and the authors\u2019 hybrid neural network developed in previous works in this research. The improved methodology was evaluated using a dataset of source codes written in C and C++ languages collected from GitHub and Google Code Jam. The collected source codes were compiled into executable programs and then disassembled using reverse engineering tools. The average accuracy of author identification for disassembled codes using the improved methodology exceeds 0.90. Additionally, the methodology was tested on the source codes, achieving an average accuracy of 0.96 in simple cases and over 0.85 in complex cases. These results validate the effectiveness of the developed methodology and its applicability to solving cybersecurity challenges.<\/jats:p>","DOI":"10.3390\/info14070361","type":"journal-article","created":{"date-parts":[[2023,6,26]],"date-time":"2023-06-26T07:14:56Z","timestamp":1687763696000},"page":"361","source":"Crossref","is-referenced-by-count":1,"title":["Authorship Identification of Binary and Disassembled Codes Using NLP Methods"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"http:\/\/orcid.org\/0000-0002-2587-2222","authenticated-orcid":false,"given":"Aleksandr","family":"Romanov","sequence":"first","affiliation":[{"name":"Department of Security, Tomsk State University of Control Systems and Radioelectronics, 634050 Tomsk, Russia"}]},{"ORCID":"http:\/\/orcid.org\/0000-0001-5619-1836","authenticated-orcid":false,"given":"Anna","family":"Kurtukova","sequence":"additional","affiliation":[{"name":"Department of Security, Tomsk State University of Control Systems and Radioelectronics, 634050 Tomsk, Russia"}]},{"ORCID":"http:\/\/orcid.org\/0000-0001-7844-4363","authenticated-orcid":false,"given":"Anastasia","family":"Fedotova","sequence":"additional","affiliation":[{"name":"Department of Security, Tomsk State University of Control Systems and Radioelectronics, 634050 Tomsk, Russia"}]},{"given":"Alexander","family":"Shelupanov","sequence":"additional","affiliation":[{"name":"Department of Security, Tomsk State University of Control Systems and Radioelectronics, 634050 Tomsk, Russia"}]}],"member":"1968","published-online":{"date-parts":[[2023,6,25]]},"reference":[{"key":"ref_1","unstructured":"Palmer, G. (2023, May 10). A Road Map for Digital Forensic Research. Technical Report DTR-T001-01 FINAL, Digital Forensics Research Workshop. Available online: https:\/\/dfrws.org\/wp-content\/uploads\/2019\/06\/2001_USA_a_road_map_for_digital_forensic_research.pdf."},{"key":"ref_2","unstructured":"Schleimer, S., Wilkerson, D.S., and Aiken, A. (2023, May 10). Winnowing: Local Algorithms for Document Fingerprinting. Available online: https:\/\/theory.stanford.edu\/~aiken\/publications\/papers\/sigmod03.pdf."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Abuhamad, M., AbuHmed, T., Mohaisen, A., and Nyang, D. (2018, January 15\u201319). Large-Scale and Language-Oblivious Code Authorship Identification. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, Toronto, ON, Canada.","DOI":"10.1145\/3243734.3243738"},{"key":"ref_4","unstructured":"Zhen, L., Chen, G., Chen, C., Zou, Y., and Xu, S. (2022, January 25\u201327). RoPGen: Towards Robust Code Authorship Attribution via Automatic Coding Style Transformation. Proceedings of the 2022 IEEE 44th International Conference on Software Engineering (ICSE), Pittsburgh, PA, USA."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Holland, C., Khoshavi, N., and Jaimes, L.G. (2022, January 18\u201320). Code authorship identification via deep graph CNNs. Proceedings of the 2022 ACM Southeast Conference (ACM SE \u201822), Virtual.","DOI":"10.1145\/3476883.3520227"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Bogomolov, E., Kovalenko, V., Rebryk, Y., Bacchelli, A., and Bryksin, T. (2021, January 23\u201328). Authorship attribution of source code: A language-agnostic approach and applicability in software engineering. Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Athens, Greece.","DOI":"10.1145\/3468264.3468606"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"141987","DOI":"10.1109\/ACCESS.2019.2943639","article-title":"Source code authorship attribution using hybrid approach of program dependence graph and deep learning model","volume":"7","author":"Ullah","year":"2019","journal-title":"IEEE Access"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Song, Q., Zhang, Y., Ouyang, L., and Chen, Y. (2022, January 15\u201318). BinMLM: Binary Authorship Verification with Flow-aware Mixture-of-Shared Language Model. Proceedings of the 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), Honolulu, HI, USA.","DOI":"10.1109\/SANER53432.2022.00120"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Atluri, V., and Diaz, C. (2011). Computer Security\u2014ESORICS 2011, Springer. Lecture Notes in Computer Science, 6879.","DOI":"10.1007\/978-3-642-23822-2"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1016\/j.diin.2016.04.002","article-title":"BinGold: Towards robust binary analysis by extracting the semantics of binary code as semantic flow graphs (SFGs)","volume":"18","author":"Alrabaee","year":"2016","journal-title":"Dig. Investig."},{"key":"ref_11","unstructured":"(2023, May 10). A Gentle Introduction to the Fbeta-Measure for Machine Learning. Available online: https:\/\/machinelearningmastery.com\/fbeta-measure-for-machine-learning\/."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Caliskan-Islam, A. (2017). When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries. arXiv.","DOI":"10.14722\/ndss.2018.23304"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1016\/j.diin.2014.03.012","article-title":"OBA2: An Onion Approach to Binary code Authorship Attribution","volume":"11","author":"Alrabaee","year":"2014","journal-title":"Dig. Investig."},{"key":"ref_14","unstructured":"Caliskan-Islam, A. (2015, January 12\u201314). Deanonymizing programmers via code stylometry. Proceedings of the 24th USENIX Security Symposium, Washington, DC, USA."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1016\/j.diin.2019.01.028","article-title":"On the Feasibility of Malware Authorship Attribution","volume":"28","author":"Alrabaee","year":"2016","journal-title":"Dig. Investig."},{"key":"ref_16","first-page":"27","article-title":"Source Code Author Attribution Using Author\u2019s Programming Style and Code Smells","volume":"5","author":"Zia","year":"2017","journal-title":"Intell. Syst. Appl."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"(2023, June 20). Available online: https:\/\/doi.org\/10.1016\/j.eswa.2023.119614.","DOI":"10.1016\/j.eswa.2023.119614"},{"key":"ref_18","unstructured":"(2023, June 20). Available online: https:\/\/journals.plos.org\/plosone\/article?id=10.1371\/journal.pone.0245230."},{"key":"ref_19","unstructured":"(2023, June 20). Available online: https:\/\/www.sciencedirect.com\/science\/article\/abs\/pii\/S1566253516302032?via%3Dihub."},{"key":"ref_20","unstructured":"Meng, X., Miller, B.P., and Jha, S. (2018). Adversarial Binaries for Authorship Identification. arXiv."},{"key":"ref_21","first-page":"741","article-title":"Identification author of source code by machine learning methods","volume":"18","author":"Kurtukova","year":"2019","journal-title":"Tr. SPIIRAN"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Kurtukova, A., Romanov, A., and Shelupanov, A. (2020). Source Code Authorship Identification Using Deep Neural Networks. Symmetry, 12.","DOI":"10.3390\/sym12122044"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Kurtukova, A., Romanov, A., Shelupanov, A., and Fedotova, A. (2022). Complex Cases of Source Code Authorship Identification Using a Hybrid Deep Neural Network. Future Internet, 14.","DOI":"10.3390\/fi14100287"},{"key":"ref_24","unstructured":"Romanov, A.S., Shelupanov, A.A., and Meshcheryakov, R.V. (2011). Development and Research of Mathematical Models, Methods and Software Tools of Information Processes in the Identification of the Author of the Text, V-Spektr."},{"key":"ref_25","unstructured":"(2023, May 10). Code Jam. Available online: https:\/\/codingcompetitions.withgoogle.com\/codejam."},{"key":"ref_26","unstructured":"(2023, May 10). GitHub API. Available online: https:\/\/docs.github.com\/en\/rest?apiVersion=2022-11-28."},{"key":"ref_27","unstructured":"(2023, May 10). GCC, the GNU Compiler Collection. Available online: https:\/\/gcc.gnu.org."},{"key":"ref_28","unstructured":"(2023, May 10). IDA Pro. Available online: https:\/\/hex-rays.com\/ida-pro\/."},{"key":"ref_29","unstructured":"(2023, May 10). The Friedman Test. Available online: https:\/\/docs.scipy.org\/doc\/scipy\/reference\/generated\/scipy.stats.friedmanchisquare.html."},{"key":"ref_30","unstructured":"(2023, May 10). Nemenyi Post hoc Test. Available online: https:\/\/scikit-posthocs.readthedocs.io\/en\/stable\/generated\/scikit_posthocs.posthoc_nemenyi_friedman\/."},{"key":"ref_31","unstructured":"(2023, May 10). Tuning the Hyper-Parameters of an Estimator. Available online: https:\/\/scikit-learn.org\/stable\/modules\/grid_search.html."},{"key":"ref_32","unstructured":"(2023, June 20). Sklearn.svm.SVC. Available online: https:\/\/scikit-learn.org\/stable\/modules\/generated\/sklearn.svm.SVC.html."},{"key":"ref_33","unstructured":"(2023, June 20). Adadelta. Available online: https:\/\/pytorch.org\/docs\/stable\/generated\/torch.optim.Adadelta.html."},{"key":"ref_34","unstructured":"(2023, May 10). List of Options. Available online: https:\/\/fasttext.cc\/docs\/en\/options.html."},{"key":"ref_35","unstructured":"(2023, May 10). AnalyseC. Available online: https:\/\/github.com\/ryarnyah\/AnalyseC."},{"key":"ref_36","unstructured":"(2023, May 10). Linux. Available online: https:\/\/github.com\/torvalds\/linux."},{"key":"ref_37","unstructured":"(2023, May 10). Linux Kernel Coding Style. Available online: https:\/\/www.kernel.org\/doc\/html\/v4.10\/process\/coding-style.html."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/14\/7\/361\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,26]],"date-time":"2023-06-26T09:23:26Z","timestamp":1687771406000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/14\/7\/361"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6,25]]},"references-count":37,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2023,7]]}},"alternative-id":["info14070361"],"URL":"https:\/\/doi.org\/10.3390\/info14070361","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,6,25]]}}}