Semantics-Aware Machine Learning for Function Recognition in Binary Code

机译：二进制代码中功能识别的语义感知机器学习

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Function recognition in program binaries serves as the foundation for many binary instrumentation and analysis tasks. However, as binaries are usually stripped before distribution, function information is indeed absent in most binaries. By far, identifying functions in stripped binaries remains a challenge. Recent research work proposes to recognize functions in binary code through machine learning techniques. The recognition model, including typical function entry point patterns, is automatically constructed through learning. However, we observed that as previous work only leverages syntax-level features to train the model, binary obfuscation techniques can undermine the pre-learned models in real-world usage scenarios. In this paper, we propose FID, a semantics-based method to recognize functions in stripped binaries. We leverage symbolic execution to generate semantic information and learn the function recognition model through well-performing machine learning techniques.FID extracts semantic information from binary code and, therefore, is effectively adapted to different compilers and optimizations. Moreover, we also demonstrate that FID has high recognition accuracy on binaries transformed by widely-used obfuscation techniques. We evaluate FID with over four thousand test cases. Our evaluation shows that FID is comparable with previous work on normal binaries and it notably outperforms existing tools on obfuscated code.

机译：程序二进制文件中的功能识别是许多二进制仪器和分析任务的基础。但是，由于通常在分发前剥离二进制文件，在大多数二进制文件中确实不存在函数信息。到目前为止，识别剥离二进制文件的功能仍然是一个挑战。最近的研究工作建议通过机器学习技术识别二进制代码的功能。识别模型包括典型的函数入口点模式，通过学习自动构建。但是，我们观察到，作为以前的工作只利用语法级别来训练模型，二进制混淆技术可以破坏现实世界使用场景中预先学习的模型。在本文中，我们提出了一种基于语义的方法来识别剥离二进制文件的方法。我们利用符号执行来生成语义信息，并通过良好的计算机学习技术来学习功能识别模型.FID从二进制代码中提取语义信息，因此，有效地适应不同的编译器和优化。此外，我们还表明FID在广泛使用的混淆技术转化的二进制中具有高识别准确性。我们评估了超过四千个测试用例的FID。我们的评估表明，FID与以前的正常二进制文件的工作相当，并且略高于现有的替补代码上的现有工具。

著录项

来源
《IEEE International Conference on Software Maintenance and Evolution》|2017年|689p|共11页
会议地点
作者
Shuai Wang; Pei Wang; Dinghao Wu;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP311.5-53;
关键词
Semantics; Tools; Syntactics; Binary codes; Registers; Reverse engineering; Instruments;

机译：语义;工具;句法;二元代码;寄存器;逆向工程;仪器;

相似文献

外文文献
中文文献
专利

1. Category-preserving binary feature learning and binary codebook learning for finger vein recognition [J] . Liu Haiying, Yang Gongping, Yin Yilong International journal of machine learning and cybernetics . 2020,第11期

机译：类别保留二元特征学习与手指静脉识别的二进制码本学习
2. Learning personalized binary codes for finger vein recognition [J] . Liu Haiying, Yang Gongping, Yang Lu, Neurocomputing . 2019,第NOVa6期

机译：学习个性化的二进制代码以进行手指静脉识别
3. Learning personalized binary codes for finger vein recognition [J] . Liu Haiying, Yang Gongping, Yang Lu, Neurocomputing . 2019,第Nova6期

机译：学习个性化的二进制代码以进行手指静脉识别
4. Semantics-Aware Machine Learning for Function Recognition in Binary Code [C] . Shuai Wang, Pei Wang, Dinghao Wu IEEE International Conference on Software Maintenance and Evolution . 2017

机译：用于二进制代码中功能识别的语义感知机器学习
5. Bridging the semantic gap in virtual machine introspection via binary code reuse. [D] . Fu, Yangchun. 2016

机译：通过二进制代码重用弥合虚拟机自省中的语义鸿沟。
6. Radar HRRP Target Recognition Based on Stacked Autoencoder and Extreme Learning Machine [O] . Feixiang Zhao, Yongxiang Liu, Kai Huo, 2018

机译：基于堆叠式自动编码器和极限学习机的雷达HRRP目标识别
7. Data-driven input variable selection for rainfall-runoff modeling using binary-coded particle swarm optimization and Extreme Learning Machines [O] . Taormina R, Chau KW 2015

机译：数据驱动的输入变量选择，用于使用二进制编码粒子群优化和极限学习机的降雨径流建模

Semantics-Aware Machine Learning for Function Recognition in Binary Code

摘要

著录项

相似文献

相关主题

期刊订阅