jTrans: Jump-Aware Transformer for Binary Code Similarity

Wang, Hao; Qu, Wenjie; Katz, Gilad; Zhu, Wei; Gao, Zeyu; Han, Qian; Zhuge, Jing; Zhang, Chao

doi:10.48550/arxiv.2205.12713

Cited by 5 publications

(18 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use IDA Pro binary, a disassembler tool [31] to dump the binary code of the functions for BinXray, which is the same as the BinXray used in their original experiments. To the best of our knowledge, no official open source implementation of Asm2Vec is available, so we utilized an unofficial implementation 5 followed [34] with default parameter settings. The experimental setup consists of an Intel CPU operating at 2.90GHz and running on Linux.…”

Section: Experimental Settingmentioning

confidence: 99%

PS3: Precise Patch Presence Test based on Semantic Symbolic Signature

Zhan,

Hu,

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

During software development, vulnerabilities have posed a significant threat to users. Patches are the most effective way to combat vulnerabilities. In a large-scale software system, testing the presence of a security patch in every affected binary is crucial to ensure system security. Identifying whether a binary has been patched for a known vulnerability is challenging, as there may only be small differences between patched and vulnerable versions. Existing approaches mainly focus on detecting patches that are compiled in the same compiler options. However, it is common for developers to compile programs with very different compiler options in different situations, which causes inaccuracy for existing methods. In this paper, we propose a new approach named PS 3 , referring to precise patch presence test based on semantic-level symbolic signature. PS 3 exploits symbolic emulation to extract signatures that are stable under different compiler options. Then PS 3 can precisely test the presence of the patch by comparing the signatures between the reference and the target at semantic level.To evaluate the effectiveness of our approach, we constructed a dataset consisting of 3,631 (CVE, binary) pairs of 62 recent CVEs in four C/C++ projects. The experimental results show that PS 3 achieves scores of 0.82, 0.97, and 0.89 in terms of precision, recall, and F1 score, respectively. PS 3 outperforms the state-of-the-art baselines by improving 33% in terms of F1 score and remains stable in different compiler options.

show abstract

Section: Experimental Settingmentioning

confidence: 99%

PS3: Precise Patch Presence Test based on Semantic Symbolic Signature

Zhan,

Hu,

et al. 2024

Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

View full text Add to dashboard Cite

show abstract

“…Moreover, traditional graph-based methods such as graph isomorphism matching are excessively time-consuming for analyzing large-scale firmware, leading to relatively lower accuracy and scalability. In recent years, researchers have increasingly adopted learning-based approaches to tackle BCSD tasks, and the current state-of-the-art BCSD approaches [11,13,14,34,35] are predominantly based on machine learning (ML) techniques. These approaches typically involve the disassembly of binary code into either assembly language or intermediate representation (IR).…”

Section: Introductionmentioning

confidence: 99%

“…As a consequence, considerable differences arise at the lexical and syntactic levels, resulting in severe OOV challenges. For OOV words, existing approaches [11,34,35,37] use normalization based on predefined rules to deal with string literals, immediate numbers, and address offsets. However, when these special words are replaced with dummy tokens, the essential semantics may be compromised.…”

Section: Introductionmentioning

confidence: 99%

“…Binary code similarity detection is a fundamental technique in computer security that can detect similarities between two binary code snippets. It is widely used for various applications, including vulnerability detection [ 8 , 9 , 10 , 11 , 12 , 13 , 14 , 15 , 16 , 17 , 18 , 19 , 20 , 21 , 22 ], malware analysis [ 23 , 24 , 25 , 26 , 27 , 28 ], and binary patch analysis [ 29 , 30 , 31 ]. Figure 1 shows an example of BCSD usage in firmware security analysis.…”

Section: Introductionmentioning

confidence: 99%

“…In recent years, researchers have increasingly adopted learning-based approaches to tackle BCSD tasks, and the current state-of-the-art BCSD approaches [ 11 , 13 , 14 , 34 , 35 ] are predominantly based on machine learning (ML) techniques. These approaches typically involve the disassembly of binary code into either assembly language or intermediate representation (IR).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

IoTSim: Internet of Things-Oriented Binary Code Similarity Detection with Multiple Block Relations

Luo,

Wang,

Xie

et al. 2023

Sensors

View full text Add to dashboard Cite

Binary code similarity detection (BCSD) plays a crucial role in various computer security applications, including vulnerability detection, malware detection, and software component analysis. With the development of the Internet of Things (IoT), there are many binaries from different instruction architecture sets, which require BCSD approaches robust against different architectures. In this study, we propose a novel IoT-oriented binary code similarity detection approach. Our approach leverages a customized transformer-based language model with disentangled attention to capture relative position information. To mitigate out-of-vocabulary (OOV) challenges in the language model, we introduce a base-token prediction pre-training task aimed at capturing basic semantics for unseen tokens. During function embedding generation, we integrate directed jumps, data dependency, and address adjacency to capture multiple block relations. We then assign different weights to different relations and use multi-layer Graph Convolutional Networks (GCN) to generate function embeddings. We implemented the prototype of IoTSim. Our experimental results show that our proposed block relation matrix improves IoTSim with large margins. With a pool size of 103, IoTSim achieves a recall@1 of 0.903 across architectures, outperforming the state-of-the-art approaches Trex, SAFE, and PalmTree.

show abstract

Khaos: The Impact of Inter-procedural Code Obfuscation on Binary Diffing Techniques

Zhang

Peng

et al. 2023

Proceedings of the 21st ACM/IEEE International Symposium on Code Generation and Optimization

View full text Add to dashboard Cite

jTrans: Jump-Aware Transformer for Binary Code Similarity

Cited by 5 publications

References 41 publications

PS3: Precise Patch Presence Test based on Semantic Symbolic Signature

PS3: Precise Patch Presence Test based on Semantic Symbolic Signature

IoTSim: Internet of Things-Oriented Binary Code Similarity Detection with Multiple Block Relations

Khaos: The Impact of Inter-procedural Code Obfuscation on Binary Diffing Techniques

Contact Info

Product

Resources

About