Investigating Graph Embedding Methods for Cross-Platform Binary Code Similarity Detection


Ressource 1Télécharger: EuroSP_final.pdf (1551.73 [Ko])
Etat: Public
Version: de l'auteur⸱e
Licence: Non spécifiée
ID Serval
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Investigating Graph Embedding Methods for Cross-Platform Binary Code Similarity Detection
Titre de la conférence
Proceedings of the IEEE European Symposium on Security and Privacy (EuroS&P)
Cochard Victor, Pfammatter Damian, Duong Chi Thang, Humbert Mathias
Statut éditorial
Date de publication
IoT devices are increasingly present, both in the industry and in consumer markets, but their security remains weak, which leads to an unprecedented number of attacks against them. In order to reduce the attack surface, one approach is to analyze the binary code of these devices to early detect whether they contain potential security vulnerabilities. More specifically, knowing some vulnerable function, we can determine whether the firmware of an IoT device contains some security flaw by searching for this function. However, searching for similar vulnerable functions is in general challenging due to the fact that the source code is often not openly available and that it can be compiled for different architectures, using different compilers and compilation settings. In order to handle these varying settings, we can compare the similarity between the graph embeddings derived from the binary functions. In this paper, inspired by the recent advances in deep learning, we propose a new method – GESS (graph embeddings for similarity search) – to derive graph embeddings, and we compare it with various state-of-the-art methods. Our empirical evaluation shows that GESS reaches an AUC of 0.979, thereby outperforming the best known approach. Furthermore, for a fixed low false positive rate, GESS provides a true positive rate (or recall) about 36% higher than the best previous approach. Finally, for a large search space, GESS provides a recall between 50% and 60% higher than the best previous approach.
Création de la notice
10/06/2022 14:39
Dernière modification de la notice
11/06/2022 7:09
Données d'usage