BinProv: Binary Code Provenance Identification without Disassembly

“…Therefore, the classification performance of our method when the machine code is compressed or obfuscated is unknown. Experiments have confirmed that BinProv performs well for simple obfuscations such as instruction substitution [6]. However, they claim that multiple obfuscations are very difficult to classify, and our method is expected to be very difficult as well.…”

“…As a result, they confirmed that the classification performance is better with raw byte strings than with encoded input data, provided that the input data is of a certain length. Their experimental results show the possibility of supporting multiple CPU architectures simultaneously by using raw input data, which is demonstrated by BinProv [6], described next.…”

“…Since the aggregation process is a simple majority vote, the classification accuracy from a single file The best result is indicated in bold. The experimental results of BinProv are quoted from the paper [6].…”

“…For the analysis of file fragments recovered by digital forensics, we need a BSR method that takes a raw input bitstream and enables highly accurate class classification while simultaneously addressing various domains without any preprocessing. However, there are still only a few studies that use raw bitstreams as training data and has high classification accuracy while simultaneously addressing various domains [6]. CPR is mainly a classification for machine language instruction sequences.…”

“…It is also known that, in general, losses in natural language processing models decrease as the size of the model, the size of the data set, and the computational power used for training increase [10]. In CPR, there has been a trend toward the giant size of models, as seen in the publication of a method using RoBERTa [6]. On the other hand, there are issues such as increasing the size of the data set for training in accordance with the model size increase, and the increase in the computational cost of training limits the fields in which it can be applied.…”

Compiler Provenance Recovery for Multi-CPU Architectures Using a Centrifuge Mechanism

“…Therefore, the classification performance of our method when the machine code is compressed or obfuscated is unknown. Experiments have confirmed that BinProv performs well for simple obfuscations such as instruction substitution [6]. However, they claim that multiple obfuscations are very difficult to classify, and our method is expected to be very difficult as well.…”

“…As a result, they confirmed that the classification performance is better with raw byte strings than with encoded input data, provided that the input data is of a certain length. Their experimental results show the possibility of supporting multiple CPU architectures simultaneously by using raw input data, which is demonstrated by BinProv [6], described next.…”

“…Since the aggregation process is a simple majority vote, the classification accuracy from a single file The best result is indicated in bold. The experimental results of BinProv are quoted from the paper [6].…”

“…For the analysis of file fragments recovered by digital forensics, we need a BSR method that takes a raw input bitstream and enables highly accurate class classification while simultaneously addressing various domains without any preprocessing. However, there are still only a few studies that use raw bitstreams as training data and has high classification accuracy while simultaneously addressing various domains [6]. CPR is mainly a classification for machine language instruction sequences.…”

“…It is also known that, in general, losses in natural language processing models decrease as the size of the model, the size of the data set, and the computational power used for training increase [10]. In CPR, there has been a trend toward the giant size of models, as seen in the publication of a method using RoBERTa [6]. On the other hand, there are issues such as increasing the size of the data set for training in accordance with the model size increase, and the increase in the computational cost of training limits the fields in which it can be applied.…”

Compiler Provenance Recovery for Multi-CPU Architectures Using a Centrifuge Mechanism

A Survey of Control Flow Graph Recovery for Binary Code

HAformer: Semantic fusion of hex machine code and assembly code for cross-architecture binary vulnerability detection