When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries

Aylin Caliskan, Fabian Yamaguchi, Edwin Dauber, Richard Harang, Konrad Rieck, Rachel Greenstadt, Arvind Narayanan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

42 Scopus citations

Abstract

The ability to identify authors of computer programs based on their coding style is a direct threat to the privacy and anonymity of programmers. While recent work found that source code can be attributed to authors with high accuracy, attribution of executable binaries appears to be much more difficult. Many distinguishing features present in source code, e.g. variable names, are removed in the compilation process, and compiler optimization may alter the structure of a program, further obscuring features that are known to be useful in determining authorship. We examine programmer de-anonymization from the standpoint of machine learning, using a novel set of features that include ones obtained by decompiling the executable binary to source code. We adapt a powerful set of techniques from the domain of source code authorship attribution along with stylistic representations embedded in assembly, resulting in successful de-anonymization of a large set of programmers. We evaluate our approach on data from the Google Code Jam, obtaining attribution accuracy of up to 96% with 100 and 83% with 600 candidate programmers. We present an executable binary authorship attribution approach, for the first time, that is robust to basic obfuscations, a range of compiler optimization settings, and binaries that have been stripped of their symbol tables. We perform programmer de-anonymization using both obfuscated binaries, and real-world code found “in the wild” in single-author GitHub repositories and the recently leaked Nulled.IO hacker forum. We show that programmers who would like to remain anonymous need to take extreme countermeasures to protect their privacy.

Original languageEnglish (US)
Title of host publication25th Annual Network and Distributed System Security Symposium, NDSS 2018
PublisherThe Internet Society
ISBN (Electronic)1891562495, 9781891562495
DOIs
StatePublished - 2018
Event25th Annual Network and Distributed System Security Symposium, NDSS 2018 - San Diego, United States
Duration: Feb 18 2018Feb 21 2018

Publication series

Name25th Annual Network and Distributed System Security Symposium, NDSS 2018

Conference

Conference25th Annual Network and Distributed System Security Symposium, NDSS 2018
Country/TerritoryUnited States
CitySan Diego
Period2/18/182/21/18

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Control and Systems Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'When Coding Style Survives Compilation: De-anonymizing Programmers from Executable Binaries'. Together they form a unique fingerprint.

Cite this