Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

2-2020

Abstract

Binary diffing analysis quantitatively measures the differences between two given binaries and produces fine-grained basic block matching. It has been widely used to enable different kinds of critical security analysis. However, all existing program analysis and machine learning based techniques suffer from low accuracy, poor scalability, coarse granularity, or require extensive labeled training data to function. In this paper, we propose an unsupervised program-wide code representation learning technique to solve the problem. We rely on both the code semantic information and the program-wide control flow information to generate block embeddings. Furthermore, we propose a k-hop greedy matching algorithm to find the optimal diffing results using the generated block embeddings. We implement a prototype called DeepBinDiff and evaluate its effectiveness and efficiency with large number of binaries. The results show that our tool could outperform the state-of-the-art binary diffing tools by a large margin for both cross-version and cross-optimization level diffing. A case study for OpenSSL using real-world vulnerabilities further demonstrates the usefulness of our system.

Discipline

Information Security

Research Areas

Cybersecurity; Information Systems and Management

Publication

Proceedings of the Network and Distributed System Security Symposium, California, USA, 2020 February 23-26

Identifier

10.14722/ndss.2020.24311

City or Country

US

Copyright Owner and License

Authors

Additional URL

http://doi.org/10.14722/ndss.2020.24311

Share

COinS