Now showing items 1-1 of 1
Structural comparison of executable objects
Detection of intrusions and malware & vulnerability assessment, GI SIG SIDAR workshop, DIMVA 2004
A method to heuristically construct an isomorphism between the sets of functions in two similar but differing versions of the same executable file is presented. Such an isomorphism has multiple practical applications, specifically the ability to detect programmatic changes between the two executable versions. Moreover, ...