Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization
Title | Asm2Vec: Boosting Static Representation Robustness for Binary Clone Search against Code Obfuscation and Compiler Optimization |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Ding, Steven H. H., Fung, Benjamin C. M., Charland, Philippe |
Conference Name | 2019 IEEE Symposium on Security and Privacy (SP) |
ISBN Number | 978-1-5386-6660-9 |
Keywords | Asm2Vec, assembly clone search engine, assembly code representation learning model, assembly function, binary clone search, Binary-Code-Search, Cloning, code obfuscation techniques, compiler optimization options, composability, dynamic clone search approaches, feature engineering process, Human Behavior, invasive software, learning (artificial intelligence), lexical semantic relationships, Malware, optimising compilers, Optimization, optimizations, program assemblers, pubcrawl, Representation-Learning, resilience, Resiliency, reverse engineering, robust clone search engine, robust vector representation, search engines, search problems, Semantics, Software, static code analysis, static representation robustness, Static-Analysis, Syntactics, vector representation, Vectors, Vulnerability-Search |
Abstract | Reverse engineering is a manually intensive but necessary technique for understanding the inner workings of new malware, finding vulnerabilities in existing systems, and detecting patent infringements in released software. An assembly clone search engine facilitates the work of reverse engineers by identifying those duplicated or known parts. However, it is challenging to design a robust clone search engine, since there exist various compiler optimization options and code obfuscation techniques that make logically similar assembly functions appear to be very different. A practical clone search engine relies on a robust vector representation of assembly code. However, the existing clone search approaches, which rely on a manual feature engineering process to form a feature vector for an assembly function, fail to consider the relationships between features and identify those unique patterns that can statistically distinguish assembly functions. To address this problem, we propose to jointly learn the lexical semantic relationships and the vector representation of assembly functions based on assembly code. We have developed an assembly code representation learning model \textbackslashemphAsm2Vec. It only needs assembly code as input and does not require any prior knowledge such as the correct mapping between assembly functions. It can find and incorporate rich semantic relationships among tokens appearing in assembly code. We conduct extensive experiments and benchmark the learning model with state-of-the-art static and dynamic clone search approaches. We show that the learned representation is more robust and significantly outperforms existing methods against changes introduced by obfuscation and optimizations. |
URL | https://ieeexplore.ieee.org/document/8835340 |
DOI | 10.1109/SP.2019.00003 |
Citation Key | ding_asm2vec_2019 |
- search problems
- program assemblers
- pubcrawl
- Representation-Learning
- resilience
- Resiliency
- reverse engineering
- robust clone search engine
- robust vector representation
- search engines
- optimizations
- Semantics
- Software
- static code analysis
- static representation robustness
- Static-Analysis
- Syntactics
- vector representation
- Vectors
- Vulnerability-Search
- dynamic clone search approaches
- assembly clone search engine
- assembly code representation learning model
- assembly function
- binary clone search
- Binary-Code-Search
- Cloning
- code obfuscation techniques
- compiler optimization options
- composability
- Asm2Vec
- feature engineering process
- Human behavior
- invasive software
- learning (artificial intelligence)
- lexical semantic relationships
- malware
- optimising compilers
- optimization