Binary Analysis Overview

Alrabaee, Saed; Debbabi, Mourad; Shirani, Paria; Wang, Lingyu; Youssef, Amr M.; Rahimian, Ashkan; Nouh, Lina; Mouheb, Djedjiga; Huang, He; Hanna, Aiman

doi:10.1007/978-3-030-34238-8_2

Cited by 4 publications

(3 citation statements)

References 107 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Intra-procedural matching is used in malware identification, redundancy elimination, and plagiarism detection. Two recent surveys Alrabaee et al [2020], Haq and Caballero [2021] mention only one work on intraprocedural matching as a way to deal with stale profiling: the BMAT approach that we have evaluated in Section 4. These very surveys indicate that the inter-procedural version of binary matching is more commonly discussed in the context of profiling reuse.…”

Section: Related Workmentioning

confidence: 99%

“…Kim et al [2022], in turn, understand binary diffing as intra-procedural code matching. This divergent understanding leads to two very different approaches to dealing with the problem called binary diffing Alrabaee et al [2020], Haq and Caballero [2021]. On the one hand, we have stochastic techniques-machine learning models such as Shin et al [2015]'s-to solve the semantic problem of determining when two binaries perform similar actions.…”

Section: Binary Diffingmentioning

confidence: 99%

See 1 more Smart Citation

Beetle: A Feature-Based Approach to Reduce Staleness in Profile Data

Pereira

Moreira

Ottoni

2023

Preprint

View full text Add to dashboard Cite

Profiling is one of the most effective enablers of compiler optimizations. Reports of speedups of 20-30% on top of highly optimized codes are common in the industry. Despite these gains, profiling is rarely used during development — rather, it is used during the generation of production-ready executables. Collecting profile information takes time, and reusing it across different versions of the same software leads to poor results, particularly for binary-level optimizations: small changes to the code might invalidate large portions of otherwise good data. This paper proposes a methodology to mitigate this problem. When mapping profile information from one program to a newer version of it, we use branch features, instead of addresses or hash of instructions, as anchor points between programs. Branch features have been used for decades as a way to predict the outcome of branches: they are characteristics of the branch, such as direction and opcode. By choosing good feature sets, it is possible to minimize collisions between branches, so that different branches seldom share the same features. We have modified the BOLT binary optimizer to use branch features to map profile information across programs. By optimizing three new versions of four large executables — Clang, GCC, MySQL, and PostgreSQL — we show that the new approach to reuse profile data yields speedups of about 8.00% over Clang -O3. In contrast, BOLT’s default mapping, which uses relative addresses as anchor points, yields speedups of 6.06%. Previous work based on hashing of basic blocks yields speedups of 5.02%.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Binary Diffingmentioning

confidence: 99%

Beetle: A Feature-Based Approach to Reduce Staleness in Profile Data

Pereira

Moreira

Ottoni

2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Open source libraries are widely adopted in software development cycles, which improves the development efficiency and reduces the costs (Laguë et al 1997). They also result in a large number of code duplicates and clones in different software (Alrabaee et al 2020). Source code level code auditing and clone detection tools (Fang et al 2020;Zhang et al 2019) are developed to find the usage of open source components in the software.…”

Section: Introductionmentioning

confidence: 99%

Unleashing the power of pseudo-code for binary code similarity analysis

Zhang

Xiao

et al. 2022

Cybersecurity

View full text Add to dashboard Cite

Code similarity analysis has become more popular due to its significant applicantions, including vulnerability detection, malware detection, and patch analysis. Since the source code of the software is difficult to obtain under most circumstances, binary-level code similarity analysis (BCSA) has been paid much attention to. In recent years, many BCSA studies incorporating AI techniques focus on deriving semantic information from binary functions with code representations such as assembly code, intermediate representations, and control flow graphs to measure the similarity. However, due to the impacts of different compilers, architectures, and obfuscations, binaries compiled from the same source code may vary considerably, which becomes the major obstacle for these works to obtain robust features. In this paper, we propose a solution, named UPPC (Unleashing the Power of Pseudo-code), which leverages the pseudo-code of binary function as input, to address the binary code similarity analysis challenge, since pseudo-code has higher abstraction and is platform-independent compared to binary instructions. UPPC selectively inlines the functions to capture the full function semantics across different compiler optimization levels and uses a deep pyramidal convolutional neural network to obtain the semantic embedding of the function. We evaluated UPPC on a data set containing vulnerabilities and a data set including different architectures (X86, ARM), different optimization options (O0-O3), different compilers (GCC, Clang), and four obfuscation strategies. The experimental results show that the accuracy of UPPC in function search is 33.2% higher than that of existing methods.

show abstract

Program Lifting using Gray-Box Behavior

Collie

O’Boyle

2021

2021 30th International Conference on Parallel Architectures and Compilation Techniques (PACT)

View full text Add to dashboard Cite

Binary Analysis Overview

Cited by 4 publications

References 107 publications

Beetle: A Feature-Based Approach to Reduce Staleness in Profile Data

Beetle: A Feature-Based Approach to Reduce Staleness in Profile Data

Unleashing the power of pseudo-code for binary code similarity analysis

Program Lifting using Gray-Box Behavior

Contact Info

Product

Resources

About