Vestige: Identifying Binary Code Provenance for Vulnerability Detection

Ji, Yuede; Cui, Lei; Huang, H. Howie

doi:10.1007/978-3-030-78375-4_12

Cited by 9 publications

(2 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The learning-based approaches [3,4,[18][19][20] treat the task as a machine learning challenge, with the assumption that the unique characteristics reflected within the binaries can reveal the specific compilation settings used for their creation by identifying the compilation-specific patterns implied within the binary code. Identification models are trained with labeled samples to recognize these patterns, which are then used to make predictions on new unseen binaries.…”

Section: Learning-based Approachesmentioning

confidence: 99%

Function-Level Compilation Provenance Identification with Multi-Faceted Neural Feature Distillation and Fusion

Gao,

Liang,

et al. 2024

Electronics

View full text Add to dashboard Cite

In the landscape of software development, the selection of compilation tools and settings plays a pivotal role in the creation of executable binaries. This diversity, while beneficial, introduces significant challenges for reverse engineers and security analysts in deciphering the compilation provenance of binary code. To this end, we present MulCPI, short for Multi-representation Fusion-based Compilation Provenance Identification, which integrates the features collected from multiple distinct intermediate representations of the binary code for better discernment of the fine-grained function-level compilation details. In particular, we devise a novel graph-oriented neural encoder improved upon the gated graph neural network by subtly introducing an attention mechanism into the neighborhood nodes’ information aggregation computation, in order to better distill the more informative features from the attributed control flow graph. By further integrating the features collected from the normalized assembly sequence with an advanced Transformer encoder, MulCPI is capable of capturing a more comprehensive set of features manifesting the multi-faceted lexical, syntactic, and structural insights of the binary code. Extensive evaluation on a public dataset comprising 854,858 unique functions demonstrates that MulCPI exceeds the performance of current leading methods in identifying the compiler family, optimization level, compiler version, and the combination of compilation settings. It achieves average accuracy rates of 99.3%, 96.4%, 90.7%, and 85.3% on these tasks, respectively. Additionally, an ablation study highlights the significance of MulCPI’s core designs, validating the efficiency of the proposed attention-enhanced gated graph neural network encoder and the advantages of incorporating multiple code representations.

show abstract

Section: Learning-based Approachesmentioning

confidence: 99%

Function-Level Compilation Provenance Identification with Multi-Faceted Neural Feature Distillation and Fusion

Gao,

Liang,

et al. 2024

Electronics

View full text Add to dashboard Cite

show abstract

“…Releases should only be public if it can be demonstrated that they were created from a specific codebase. Efforts such as applying program analysis [27] and compiler and attribute identification [28] can help verification, but are difficult to make perfectly accurate given the diversity of compilation runtimes. Thus, a more practical technique is to require that releases be created through publicly verifiable continuous integration builds, rather than allowing users to directly upload assets on their own.…”

Section: A Recommendationsmentioning

confidence: 99%