Fingerprint Extraction of Executables Based on the Potential Field Graph of Callgraph

This paper describes a novel method for extracting fingerprints of executables. A new data visual approach based on data field is imported. The 3-tuple (in-degree, out-degree, function call relationship) extracted from call graph are used for constructing data field and the potential field graph. This potential field graph is fingerprinted by the method of shape invariant moments which is mature and statistic approach to analyze the shape of image. Experimental results show that the shape invariant moments of the potential field graph can be used to identify different executable programs as a fingerprint.