Accurate and Scalable Cross-Architecture Cross-OS Binary Code Search with Emulation

Xue, Yinxing; Xu, Zhengzi; Chandramohan, Mahinthan; Liu, Yang

doi:10.1109/tse.2018.2827379

Cited by 47 publications

(39 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Flake et al proposed a method to compare CFGs to cope with compiler optimizations [46]. Xue [47] used user-defined functions and an inlining relevant library to capture the fully function semantics based on a selective inlining technique from high-level semantic features and structural features. These solutions rely on expensive graph matching, and are not scalable for searching in large codebases.…”

Section: Related Workmentioning

confidence: 99%

Codee: A Tensor Embedding Scheme for Binary Code Search

Yang

Liu

et al. 2022

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Given a target binary function, the binary code search retrieves top-K similar functions in the repository, and similar functions represent that they are compiled from the same source codes. Searching binary code is particularly challenging due to large variations of compiler tool-chains and options and CPU architectures, as well as thousands of binary codes. Furthermore, there are some pivotal issues in current binary code search schemes, including inaccurate text-based or token-based analysis, slow graph matching, or complex deep learning processes. In this paper, we present an unsupervised tensor embedding scheme, Codee, to carry out code search efficiently and accurately at the binary function level. First, we use an NLP-based neural network to generate the semantic-aware token embedding. Second, we propose an efficient basic block embedding generation algorithm based on the network representation learning model. We learn both the semantic information of instructions and the control flow structural information to generate the basic block embedding. Then we use all basic block embeddings in a function to obtain a variable-length function feature vector. Third, we build a tensor to generate function embeddings based on the tensor singular value decomposition, which compresses the variable-length vectors into short fixed-length vectors to facilitate efficient search afterward. We further propose a dynamic tensor compression algorithm to incrementally update the function embedding database. Finally, we use the local sensitive hash method to find the top-K similar matching functions in the repository. Compared with state-of-the-art cross-optimization-level code search schemes, such as Asm2Vec and DeepBinDiff, our scheme achieves higher average search accuracy, shorter feature vectors, and faster feature generation performance using four datasets, OpenSSL, Coreutils, libgmp and libcurl. Compared with other cross-platform and cross-optimization-level code search schemes, such as Gemini, Safe, the average recall of our method also outperforms others.

show abstract

Section: Related Workmentioning

confidence: 99%

Codee: A Tensor Embedding Scheme for Binary Code Search

Yang

Liu

et al. 2022

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

“…To alleviate the aforementioned problems in static malware analysis, in the recent years, researchers have proposed behaviour-based malware analysis, where the malware is executed to understand its malicious behaviour. There exists a significant literature on behaviour-based malware analysis techniques for malware detection [3][4][5][6][7] and triaging [8][9][10][11][12][13][14]. Unfortunately, one of the key issues in existing behaviour-based malware analysis techniques is that they are not scalable.…”

Section: Motivation and Goalsmentioning

confidence: 99%

“…Accurate and Scalable Cross-Architecture Cross-OS Binary Code Search with Emulation 115score is calculated and if it is below some threshold value t, the callee is inlined (lines[13][14][15][16][17][18][19][20][21][22][23][24]. This recursive procedure is continued until all the related functions are analysed.In our preliminary study on BusyBox compiled for x86 32bit, we identify that 14 UD…”

mentioning

confidence: 99%

Scalable analysis for malware and vulnerability detection in binaries

Chandramohan¹

Self Cite

View full text Add to dashboard Cite

for their valuable advice and suggestions that helped me to improve my research work. Further, they also helped to improve my writing skills. In addition, I would like to take this opportunity to thank my friends and colleagues at the Cyber Security Lab (CSL) for their support and making my doctoral journey a pleasant experience. Further, I would also like to thank CSL laboratory executive Mr. Tan Suan Hai for his help and technical support during my stay at Cyber Security Lab. Finally, I am indebted to my parents for their unconditional support and love, and always encouraging me for my studies and raising me to the level where I stand today. vii List of Figures 2.1 BOFM and eBOFM features extracted for the sample malware trace

show abstract

“…BLEX [81] uses program execution to extract the semantic features to improve the matching accuracy. BinGo [82] and BinGo-E [83] combine syntactic, structural and semantic features to produce more accurate matching results. However, it is difficult for the current function matching solutions to differentiate vulnerable and patched functions, since patches usually introduce subtle changes to fix vulnerabilities [4].…”

Section: Introductionmentioning

confidence: 99%

“…It can precisely differentiate patched functions from vulnerable functions in the binaries. It reduces the error rate by more than 30% compared to the state-of-the-art function matching tool, Bingo-E [83], with less time consumed. It is more accurate than the patch identification tool FIBER [85], without source code.…”

Section: Introductionmentioning

confidence: 99%

Semantic driven vulnerability detection and patch analysis

Xu¹

Self Cite

View full text Add to dashboard Cite

First, I would like to express my very great appreciation to my Ph.D. supervisor Prof. Liu Yang. He has been always supportive to all my researches and gave me valuable suggestions on all my projects. He is passionate about researches. He always tries to find time to synchronize the project progress with me, despite that he has many other projects and teams to be supervised. We often stay up late to discusses research ideas and methodologies. I am appreciated that he can sacrifice his after-work time to join the meetings. I have learned a lot from Prof. Liu Yang, not only the way to do researches but also the positive attitude towards work and life.Second, I would like to offer my great appreciation to Prof. Chen Bihuan, Prof.Meng Guozhu and Prof. Xue Yingxing. They co-worked with me to publish several papers. They provides help when I first start my Ph.D. journey. I learned from them gradually to become a independent research, who can lead a research project. I would like to thank Dr. Xie Xiaofei, Prof. Wang Zhi and Prof. Song Fu for their help in my researches.

show abstract

Accurate and Scalable Cross-Architecture Cross-OS Binary Code Search with Emulation

Cited by 47 publications

References 35 publications

Codee: A Tensor Embedding Scheme for Binary Code Search

Codee: A Tensor Embedding Scheme for Binary Code Search

Scalable analysis for malware and vulnerability detection in binaries

Semantic driven vulnerability detection and patch analysis

Contact Info

Product

Resources

About