检索结果-内蒙古大学图书馆

Fine-Grained Compiler Identification With Sequence-Oriented Neural Modeling

IEEE ACCESS 2021年 9卷 49160-49175页

作者： Tian, Zhenzhou Huang, Yaqian Xie, Borun Chen, Yanping Chen, Lingwei Wu, Dinghao Xian Univ Posts & Telecommun Sch Comp Sci & Technol Xian 710121 Peoples R China Shaanxi Key Lab Network Data Anal & Intelligent P Xian 710121 Peoples R China Penn State Univ Coll Informat Sci & Technol University Pk PA 16802 USA

Different compilers and optimization levels can be used to compile the source code. Revealed in reverse from the produced binaries, these compiler details facilitate essential binary analysis tasks, such as malware analysis and software forensics. Most existing approaches adopt a signature matching based or machine learning based strategy to identify the compiler details, showing limits in either the detection accuracy or granularity. In this work, we propose NeuralCI (Neural modeling-based Compiler Identification) to infer these compiler details including compiler family, optimization level and compiler version on individual functions. The basic idea is to formulate sequence-oriented neural networks to process normalized instruction sequences generated using a lightweight function abstraction strategy. To evaluate the performance of NeuralCI, a large dataset consisting of 854,858 unique functions collected from 19 widely used real-world projects is constructed. The experiments show that NeuralCI achieves averagely 98.6% accuracy in identifying the compiler family, 95.3% accuracy in identifying the optimization level, 88.7% accuracy in identifying the compiler version, 94.8% accuracy in identifying the compiler family and optimization level, and 83.0% accuracy in identifying all compiler components simultaneously, outperforming existing function level compiler identification methods in terms of both detection accuracy and comprehensiveness.

关键词： Optimization Program processors binary codes Task analysis Tools Production Recurrent neural networks Software forensics binary code analysis compiler identification neural network

来源：评论

学校读者我要写书评

暂无评论

GENES ISP: code analysis platform

GENES ISP: code analysis platform

引用

Ivannikov Ispras Open Conference (ISPRAS)

作者： Sargsyan, Sevak Vardanyan, Vahagn Aslanyan, Hayk Harutunyan, Mariam Mehrabyan, Matevos Sargsyan, Karen Hovahannisyan, Hripsime Movsisyan, Hovhannes Hakobyan, Jivan Kurmangaleev, Shamil Russian Armenian Slavon Univ Yerevan Armenia ISP RAS Moscow Russia

ISBN: (纸本)9781665412919

In this paper we present a novel code analysis platform referred as "GENESISP". Its aim is to collect vast database of open source software and apply several integrated analyses. This analysis allows to understand relations within source and binary code, as well as detect existing defects. All the analyses are compatible with each other and can be combined, which provides more robust possibilities. In the first stage the framework tries to collect, process and store software related data into database. Various open source resources are used for that purpose. For open source software, we collect and store: source and binary code, debug information, build dependencies, linker commands, confirmed CVE and their possible fixes, etc. For operating systems distributions, we additionally store the list of available software packages. In the second stage the tool performs various analysis: source code clone detection, binary code clone detection, source/binary fragments search, statically linked libraries identification in binaries, unfixed CVE search, source and binary code matching, patch analysis, etc. We provide web interface for convenient use of the provided analyses. Beside it, there is an interactive terminal which enables users to query the database and combine the results of different analysis. We were able to find number of confirmed CVE in mainstream versions of different open source software, which proves the effectiveness of proposed platform.

关键词： GENESISP code analysis code clones patch analysis code query binary code analysis vulnerability detection

来源：评论

学校读者我要写书评

暂无评论

A Survey of binary code Fingerprinting Approaches: Taxonomy, Methodologies, and Features

引用

ACM COMPUTING SURVEYS 2023年第1期55卷 19-19页

作者： Alrabaee, Saed Debbabi, Mourad Wang, Lingyu United Arab Emirates Univ Coll IT Informat Syst & Secur Al Ain U Arab Emirates Concordia Univ Concordia Inst Informat Syst Montreal PQ Canada Concordia Univ 1455 Blvd Maisonneuve O Montreal PQ H3G 1M8 Canada

binary code fingerprinting is crucial in many security applications. Examples include malware detection, software infringement, vulnerability analysis, and digital forensics. It is also useful for security researchers and reverse engineers since it enables high fidelity reasoning about the binary code such as revealing the functionality, authorship, libraries used, and vulnerabilities. Numerous studies have investigated binary code with the goal of extracting fingerprints that can illuminate the semantics of a target application. However, extracting fingerprints is a challenging task since a substantial amount of significant information will be lost during compilation, notably, variable and function naming, the original data and control flow structures, comments, semantic information, and the code layout. This article provides the first systematic review of existing binary code fingerprinting approaches and the contexts in which they are used. In addition, it discusses the applications that rely on binary code fingerprints, the information that can be captured during the fingerprinting process, and the approaches used and their implementations. It also addresses limitations and open questions related to the fingerprinting process and proposes future directions.

关键词： binary code analysis reverse engineering software security

来源：评论

学校读者我要写书评

暂无评论

Padding Matters - Exploring Function Detection in PE Files: Data/Toolset paper 25

Padding Matters - Exploring Function Detection in PE Files: ...

引用

Proceedings of the Fifteenth ACM Conference on Data and Application Security and Privacy

作者： Raphael Springer Alexander Schmitz Artur Leinweber Tobias Urban Christian Dietrich Institute for Internet Security Westphalian University of Applied Sciences Gelsenkirchen Germany

ISBN: (纸本)9798400714764

Function detection is a well-known problem in binary analysis. While prior work has focused on Linux/ELF, Windows/PE binaries have only partially been considered. This paper introduces FuncPEval, a dataset for Windows x86 and x64 PE files, featuring Chromium and the Conti ransomware, along with ground truth data for 1,092,820 function starts. Utilizing FuncPEval, we evaluate five heuristics-based (Ghidra, IDA, Nucleus, ***, SMDA) and three machine-learning-based (DeepDi, RNN, XDA) function start detection tools. Among these, IDA achieves the highest F1-score (98.44%) for Chromium x64, while DeepDi closely follows (97%) but stands out as the fastest. Towards explainability, we examine the impact of padding between functions on the detection results, finding all tested tools, except ***, are susceptible to randomized padding. The randomized padding significantly diminishes the effectiveness of the RNN, XDA, and Nucleus. Among the learning-based tools, DeepDi exhibits the least sensitivity, while Nucleus is the most adversely affected among the non-learning-based tools.

关键词： binary code analysis

来源：评论

学校读者我要写书评

暂无评论

Advanced Reverse Engineering Techniques for binary code Security Retrofitting and analysis

Advanced Reverse Engineering Techniques for Binary Code Secu...

引用

作者： Wang, Shuai PennState University Libraries

学位级别：Doctor of Philosophy

In software security, many techniques and applications depend on binary code reverse engineering, i.e., analyzing and retrofitting executables with the source code unavailable. Despite the fact that many security hardening techniques rely heavily on reverse engineering, modern binary disassembling and reconstruction techniques still cannot adequately fulfill many of the requirements. In particular, no reverse engineering tool can disassemble an executable into assembly code which can be reassembled back in a fully automated manner, especially when the processed objects are Commercial-Off-The-Shelf (COTS) binaries with most symbol and relocation information stripped. Due to the lack of support for direct reassembling, existing binary instrumentation tools leverage patch or replica-based rewriting techniques to guarantee the correct functionality of the instrumented outputs, which usually incur high execution slowdown and binary code size *** present Uroboros, a tool that can disassemble legacy executables to the extent that the generated code can be assembled back to working binaries without manual effort. The key technique proposed in Uroboros is named reassembleable disassembling, in which we develop a set of methods to precisely recover each component of a binary executable, including code, data and meta-information. In particular, Uroboros is the first to be capable of not only recovering the assembly program, but enabling reassembling of the disassembled output with the correct functionality. We further extend Uroboros into a general purpose binary instrumentation platform with a rich set of binary instrumentation APIs and utilities. Our evaluation on widely-used program binaries shows that Uroboros can provide support for reassembly and instrumentation on legacy binary executables with better performance, lower labor cost, and a broader scope of *** addition, we build advanced binary analysis and instrumentation applications for security pur

关键词： reverse engineering software security binary code analysis

来源：评论

学校读者我要写书评

暂无评论

Accurate and Robust Malware analysis through Similarity of External Calls Dependency Graphs (ECDG) 21

Accurate and Robust Malware Analysis through Similarity of E...

引用

16th International Conference on Availability, Reliability and Security (ARES)

作者： Puodzius, Cassius Zendra, Olivier Heuser, Annelie Noureddine, Lamine INRIA Rennes France IRISA Rennes France

ISBN: (纸本)9781450390514

Malware is a primary concern in cybersecurity, being one of the attacker's favorite cyberweapons. Over time, malware evolves not only in complexity but also in diversity and quantity. Malware analysis automation is thus crucial. In this paper we present ECDGs, a shorter call graph representation, and a new similarity function that is accurate and robust. Toward this goal, we revisit some principles of malware analysis research to define basic primitives and an evaluation paradigm addressed for the setup of more reliable experiments. Our benchmark shows that our similarity function is very efficient in practice, achieving speedup rates of 3.30x and 354, 11x wrt. radiff2 for the standard and the cache-enhanced implementations, respectively. Our evaluations generate clusters that produce almost unerring results - homogeneity score of 0.983 for the accuracy phase - and marginal information loss for a highly polluted dataset - NMI score of 0.974 between initial and final clusters of the robustness phase. Overall, ECDGs and our similarity function enable autonomous frameworks for malware search and clustering that can assist human-based analysis or improve classification models for malware analysis.

关键词： binary code analysis similarity call graph malware

来源：评论

学校读者我要写书评

暂无评论

Improved Algorithm for the Network Alignment Problem with Application to binary Diffing 25

Improved Algorithm for the Network Alignment Problem with Ap...

引用

25th KES International Conference on Knowledge-Based and Intelligent Information & Engineering Systems (KES)

作者： Mengin, Elie Rossi, Fabrice Univ Paris 1 Pantheon Sorbonne SAMM EA 4543 F-75013 Paris France Quarkslab SA 13 Rue St Ambroise F-75011 Paris France Univ Paris 09 PSL Univ CNRS CEREMADEUMR 7534 F-75016 Paris France

In this paper, we present a novel algorithm to address the Network Alignment problem. It is inspired from a previous message passing framework of Bayati et al. [2] and includes several modifications designed to significantly speed up the message updates as well as to enforce their convergence. Experiments show that our proposed model outperforms other state-of-the-art solvers. Finally, we propose an application of our method in order to address the binary Diffing problem. We show that our solution provides better assignment than the reference differs in almost all submitted instances and outline the importance of leveraging the graphical structure of binary programs. (C) 2021 The Authors. Published by Elsevier B.V.

关键词： Network Alignment Graph Matching Belief Propagation binary Diffing binary code analysis

来源：评论

学校读者我要写书评

暂无评论

binary level toolchain provenance identification with graph neural networks 28

Binary level toolchain provenance identification with graph ...

引用

28th IEEE International Conference on Software analysis, Evolution and Reengineering (SANER)

作者： Benoit, Tristan Marion, Jean-Yves Bardin, Sebastien Univ Lorraine CNRS LORIA F-54000 Nancy France Univ Paris Saclay CEA LIST Saclay France

ISBN: (纸本)9781728196305

We consider the problem of recovering the compiling chain used to generate a given stripped binary code. We present a Graph Neural Network framework at the binary level to solve this problem, with the idea to take into account the shallow semantics provided by the binary code's structured control flow graph (CFG). We introduce a Graph Neural Network, called Site Neural Network (SNN), dedicated to this problem. To attain scalability at the binary level, feature extraction is simplified by forgetting almost everything in a CFG except transfer control instructions and performing a parametric graph reduction. Our experiments show that our method recovers the compiler family with a very high F1-Score of 0.9950 while the optimization level is recovered with a moderately high F1-Score of 0.7517. On the compiler version prediction task, the F1-Score is about 0.8167 excluding the clang family. A comparison with a previous work demonstrates the accuracy and performance of this framework.

关键词： toolchain provenance graph neural networks binary code analysis

来源：评论

学校读者我要写书评

暂无评论

GENDA: A Graph Embedded Network Based Detection Approach on encryption algorithm of binary program

引用

JOURNAL OF INFORMATION SECURITY AND APPLICATIONS 2022年 65卷

作者： Li, Xiao Chang, Yuanhai Ye, Guixin Gong, Xiaoqing Tang, Zhanyong Northwest Univ Sch Informat Sci & Technol Xian 710127 Peoples R China

The cryptographic techniques are commonly used in software protection against malicious re-engineering. How to efficiently detect encryption algorithms used in the software to determine if they meet protection requirements is an interesting and significant task. However, existing encryption algorithm detection methods suffer from a high alarm rate or low efficiency as they fail to extract the complete program structure and semantic features of the encryption algorithms. In this article, we proposed GENDA, a graph embedding network-based detection method on encrypted binary code. We first analyze the characteristics of various encryption algorithms and construct the program graph for each encryption algorithm. Then the program graph is recursively embedded into the graph neural network as a basic unit, and the vector representation of the encryption algorithm graph is obtained. Finally, the type of encryption algorithm is determined by comparing the distance between these vectors. To evaluate GENDA, we collected a number of cryptographic libraries and real application programs from the open-source software. The experimental results show that GENDA can reach over a detection success rate of 92%. We also compared GENDA to existing state-of-the-art detection methods. The comparison results show that GENDA outperforms most of the existing methods.

关键词： Software security binary code analysis Cryptographic algorithm analysis Deep learning

来源：评论

学校读者我要写书评

暂无评论

binary code traceability of multigranularity information fusion from the perspective of software genes

引用

COMPUTERS & SECURITY 2022年 114卷 102607-102607页

作者： Huang, Yizhao Qiao, Meng Liu, Fudong Li, Xingwei Gui, Hairen Zhang, Chunyan State Key Lab Math Engn & Adv Comp Zhengzhou 450000 Peoples R China

binary code traceability aims to use the relevant characteristics of anonymous binary codes to identify concealed authors or teams and replace error-prone and time-consuming manual reverse engineering tasks with automated systems. Although significant progress has been made in source code traceability technology, research on tracking binary files is still limited. Hence, we propose a feature extraction method and deep learning model that exploit the sequence and structure information of binary codes to identify the authors of anonymous and malicious binary codes and their relations with other known binary code families. We further propose a new multigranularity information fusion feature based on biological genes oriented to the traceability of binary codes. The evaluations conducted on the Google code Jam (GCJ) dataset indicate that our method can accurately trace the binary code from 10 00 people to the target author with an accuracy rate of 71%. Further, experimental results verify the robustness of the proposed model. For malicious code datasets, in particular, the proposed method achieved a stable traceability accuracy rate for malicious samples using only a small number of training samples. For the problem of malicious code tracking, in 300 team organizations, the proposed method achieved a code-tracing accuracy rate of 82%. (C) 2022 Elsevier Ltd. All rights reserved.

关键词： binary code analysis Malware family classification GCN Software gene Information fusion

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：