Instruction2vec: Efficient Preprocessor of Assembly Code to Detect Software Weakness with CNN

Lee, Yong-Jun; Kwon, Hyun; Choi, Sang-Hoon; Lim, Seung-Ho; Baek, Sung Hoon; Park, Ki-Woong

doi:10.3390/app9194086

Cited by 31 publications

(23 citation statements)

References 12 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Instruction2Vec + Text-CNN This combination of methods [12,11] is evaluated on a small subset of the Juliet test suite, namely vulnerabilities of type CWE 121 (stack-based buffer overflows). It also relies on assembly language instructions instead of source code.…”

Section: Comparison With Other Methodsmentioning

confidence: 99%

“…Lee et al [12] combine a bespoke encoding of assembly language instructions called Instruction2vec [11] with a deep learning model "Text-CNN" to detect vulnerabilities in binary code. The encoding represents each instruction as a vector of a fixed length.…”

Section: Vulnerability Detection Using Assembly Language Representationsmentioning

confidence: 99%

“…While we cannot directly compare our representation combined with the Transformer-based approach (see section 4.1.3) to other methods on identical data (due to availability reasons explained in section 4.1.1), we can draw first conclusions from comparisons to other work on similar data. Specifically, we compare our approach to works that evaluate their methods on a test set derived from the Juliet test suite, namely Instruction2Vec [12,11], BVDetector [20], Russel et al [18], and REVEAL [5]. (1.…”

Section: Baselinesmentioning

confidence: 99%

See 2 more Smart Citations

ROMEO: Exploring Juliet through the Lens of Assembly Language

Brust¹,

Gruner²,

Sonnekalb³

2021

Preprint

View full text Add to dashboard Cite

Automatic vulnerability detection on C/C++ source code has benefitted from the introduction of machine learning to the field, with many recent publications considering this combination. In contrast, assembly language or machine code artifacts receive little attention, although there are compelling reasons to study them. They are more representative of what is executed, more easily incorporated in dynamic analysis and in the case of closed-source code, there is no alternative.We propose ROMEO, a publicly available, reproducible and reusable binary vulnerability detection benchmark dataset derived from the Juliet test suite. Alongside, we introduce a simple text-based assembly language representation that includes context for function-spanning vulnerability detection and semantics to detect high-level vulnerabilities. Finally, we show that this representation, combined with an off-the-shelf classifier, compares favorably to state-of-the-art methods, including those operating on the full C/C++ code.

show abstract

Section: Comparison With Other Methodsmentioning

confidence: 99%

Section: Vulnerability Detection Using Assembly Language Representationsmentioning

confidence: 99%

Section: Baselinesmentioning

confidence: 99%

See 1 more Smart Citation

ROMEO: Exploring Juliet through the Lens of Assembly Language

Brust¹,

Gruner²,

Sonnekalb³

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…The work [ 39 ] is devoted to finding vulnerabilities in software using static analysis. ELF files are considered programs, and their templates are analyzed for vulnerability criteria.…”

Section: Analysis Of Existing Review Workmentioning

confidence: 99%

Analytical Modeling for Identification of the Machine Code Architecture of Cyberphysical Devices in Smart Homes

Kotenko

Izrailov

Buinevich

2022

Sensors

View full text Add to dashboard Cite

Ensuring the security of modern cyberphysical devices is the most important task of the modern world. The reason for this is that such devices can cause not only informational, but also physical damage. One of the approaches to solving the problem is the static analysis of the machine code of the firmware of such devices. The situation becomes more complicated in the case of a Smart Home, since its devices can have different processor architectures (means instruction sets). In the case of cyberphysical devices of the Smart Home, the destruction of machine code due to physical influences is also possible. Therefore, the first step is to correctly identify the processor architecture. In the interests of this, a machine code model is proposed that has a formal notation and takes into account the possibility of code destruction. The article describes the full cycle of research (including experiment) in order to obtain this model. The model is based on byte-frequency machine code signatures. The experiment resulted in obtaining template signatures for the Top-16 processor architectures: Alpha, X32, Amd64, Arm64, Hppa64, I486, I686, Ia64, Mips, Mips64, Ppc, Ppc64, RiscV64, S390, S390x and Sparc64.

show abstract

“…Some early works apply fully-connected neural networks (FCNs) to learn high-level discriminative features from the low-level features that are manually crafted [16]. Considering software code is sequentially dependent data, CNNs are proposed to learn representations from code context of small sizes [17]. RNNs are introduced to model dependencies in code sequences and learn code vulnerability patterns [18].…”

Section: Introductionmentioning

confidence: 99%

Cyber Resilience in Healthcare Digital Twin on Lung Cancer

Zhang

Lin

et al. 2020

IEEE Access

View full text Add to dashboard Cite

As a key service of the future 6G network, healthcare digital twin is the virtual replica of a person, which employs Internet of Things (IoT) technologies and AI-powered models to predict the state of health and provide suggestions to a range of clinical questions. To support healthcare digital twins, the right cyber resilience technologies and policies must be applied and maintained to preserve cyber resilience. Vulnerability detection is a fundamental technology for cyber resilience in healthcare digital twins. Recently, deep learning (DL) has been applied to address the limitations of traditional machine learning in vulnerability detection. However, it is important to consider code context relationships and pay attention on the vulnerability related keywords for searching an IoT vulnerability in healthcare digital twins. Due to massive software and complexity of healthcare digital twin, a full automatic solution is really needed for assisting cyber resilience check in the real-world scenarios. This paper presents a novel scheme for recognising potential vulnerable functions to support healthcare digital twins. We develop a new deep neural model to capture bi-directional context relationships among the risky code keywords. A number of well-designed experiments are carried out on a large ground truth, which consists of tens of thousands of vulnerable and non-vulnerable functions from IoT related software. The results show our new scheme outperforms the state-of-the-art DL-based methods for vulnerability detection. INDEX TERMSInternet of Things (IoT), healthcare, digital twin, cyber resilience, lung cancer VOLUME xxx, 20xx

show abstract

Instruction2vec: Efficient Preprocessor of Assembly Code to Detect Software Weakness with CNN

Cited by 31 publications

References 12 publications

ROMEO: Exploring Juliet through the Lens of Assembly Language

ROMEO: Exploring Juliet through the Lens of Assembly Language

Analytical Modeling for Identification of the Machine Code Architecture of Cyberphysical Devices in Smart Homes

Cyber Resilience in Healthcare Digital Twin on Lung Cancer

Contact Info

Product

Resources

About