When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries

Aylin Caliskan, Fabian Yamaguchi, Edwin Dauber, Richard Harang, Konrad Rieck, Rachel Greenstadt, Arvind Narayanan

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    The ability to identify authors of computer programs based on their coding style is a direct threat to the privacy and anonymity of programmers. While recent work found that source code can be attributed to authors with high accuracy, attribution of executable binaries appears to be much more difficult. Many distinguishing features present in source code, e.g. variable names, are removed in the compilation process, and compiler optimization may alter the structure of a program, further obscuring features that are known to be useful in determining authorship. We examine programmer de-anonymization from the standpoint of machine learning, using a novel set of features that include ones obtained by decompiling the executable binary to source code. We adapt a powerful set of techniques from the domain of source code authorship attribution along with stylistic representations embedded in assembly, resulting in successful de-anonymization of a large set of programmers. We evaluate our approach on data from the Google Code Jam, obtaining attribution accuracy of up to 96% with 100 and 83% with 600 candidate programmers. We present an executable binary authorship attribution approach, for the first time, that is robust to basic obfuscations, a range of compiler optimization settings, and binaries that have been stripped of their symbol tables. We perform programmer de-anonymization using both obfuscated binaries, and real-world code found “in the wild” in single-author GitHub repositories and the recently leaked Nulled.IO hacker forum. We show that programmers who would like to remain anonymous need to take extreme countermeasures to protect their privacy.

    Original languageEnglish (US)
    Title of host publication25th Annual Network and Distributed System Security Symposium, NDSS 2018
    PublisherThe Internet Society
    ISBN (Electronic)1891562495, 9781891562495
    DOIs
    StatePublished - 2018
    Event25th Annual Network and Distributed System Security Symposium, NDSS 2018 - San Diego, United States
    Duration: Feb 18 2018Feb 21 2018

    Publication series

    Name25th Annual Network and Distributed System Security Symposium, NDSS 2018

    Conference

    Conference25th Annual Network and Distributed System Security Symposium, NDSS 2018
    Country/TerritoryUnited States
    CitySan Diego
    Period2/18/182/21/18

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Control and Systems Engineering
    • Safety, Risk, Reliability and Quality

    Fingerprint

    Dive into the research topics of 'When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries'. Together they form a unique fingerprint.

    Cite this