Using Texture Vector Analysis to Measure Computer and Device File Similarity

Executable programs run on computers and digital devices. These programs are pre-installed by the device vendor or are downloaded or copied from a storage media. It is useful to study file similarity between executable files to verify valid updates, identify potential copyright infringement, identify malware, and detect other abuse of purchased software. An alternative to relying on simplistic methods of file comparison, such as comparing their hash codes to see if they are identical, is to identify the "texture" of files and then assess its similarity between files. To test this idea, we experimented with a sample of 23 Windows executable file families and 1,386 files. We identify points of similarity between files by comparing sections of data in their standard deviations, means, modes, mode counts, and entropies. When vectors are sufficiently similar, we calculate the offsets (shifts) between the sections to get them to align. Using analysis on these shifts, we can measure file similarity efficiently. By plotting similarity vs. time, we track the progression of similarity between files.Prepared for the Naval Postgraduate School, Monterey, CA 93943.Naval Postgraduate SchoolApproved for public release; distribution is unlimited.Approved for public release; distribution is unlimited

Visually summarising software change

Many authors have noted the problem of excessive information when attempting to create useful visualisations of software. The problem of visualising change over multiple versions of software is more complex still. We present a means of visualising changes in software, founded on information-theoretic arguments, that easily and automatically summarises difference between software versions with respect to their code, their structure or their behaviour. Further, we show, by creating visualisations in experiments on real-world data, that the method is of utility to practitioners and has implications beyond the field of software visualisation