Go to TRUSTCOM 2021 homepageBinDeep: Binary to Source Code Matching Using Deep Learning
Abstract: Mapping a binary function taken from a compiled binary to the same function in the original source code has many security applications, such as discovering reused free open source code in malware binaries. To facilitate malware analysis, we present BINDEEP, a framework that learns the semantic relationships among binary functions based on assembly code. It also learns semantic information about the source functions in order to carry out function matching. We demonstrate how BINDEEP can be applied to fingerprint the origin of functions in malware binaries, and then benchmark its performance against that of five competing systems (i.e., RESOURCE, the Binary Analysis Tool (BAT), BinPro, Statistical Machine Translation (SMT), and FOSSIL). The findings show that BINDEEP is more robust and achieves significant improvement over these existing systems when confronted with changes introduced by code transformation methods or the use of different compilers and optimization levels. Furthermore, BINDEEP is able to discover source packages in malware binaries, such as Zeus and Citadel, that match those listed in existing security reports.
0 Replies
Loading