Version-Wide Software Birthmark via Machine Learning

Abstract: Identifying the credibility of executable files is critical for the security of an operating system. Modern operating systems rely on code signing for executable files to identify their publishers. Because code signing uses a default-valid trust model, a malware could pass software validation of operating systems and security software by using counterfeit code-signing certificates. Although the counterfeit certificates can be revoked by CAs, the previous research showed that the revocation delay takes as long … Show more