Extraction Scheme of Function Information in Stripped Binaries using LSTM (스트립된 바이너리에서 LSTM을 이용한 함수정보 추출 기법)

Duhyeuk Chang (장두혁); Seon-Min Kim (김선민); Junyoung Heo (허준영)

doi:10.29056/jsav.2021.12.05

Extraction Scheme of Function Information in Stripped Binaries using LSTM

Journal of Software Assessment and Valuation
Abbr : JSAV
2021, 17(2), pp.39-46
DOI : 10.29056/jsav.2021.12.05
Publisher : Korea Software Assessment and Valuation Society
Research Area : Engineering > Computer Science
Received : October 21, 2021
Accepted : December 20, 2021
Published : December 31, 2021

Duhyeuk Chang ¹, Seon-Min Kim ¹, Junyoung Heo ¹

¹한성대학교

Accredited

ABSTRACT

To analyze and defend malware codes, reverse engineering is used as identify function location information. However, the stripped binary is not easy to find information such as function location because function symbol information is removed. To solve this problem, there are various binary analysis tools such as BAP and BitBlaze IDA Pro, but they are based on heuristics method, so they do not perform well in general. In this paper, we propose a technique to extract function information using LSTM-based models by applying algorithms of N-byte method that is extracted binaries corresponding to reverse assembling instruments in a recursive descent method. Through experiments, the proposed techniques were superior to the existing techniques in terms of time and accuracy.

KEYWORDS

Bidrectional RNN, Function information, Machine Learning, N-byte, RNN, Reverse Engineering, Stripped Binary

Citation status

* References for papers published after 2023 are currently being built.

[journal] 박동혁 / 2016 / Efficient Detection of Android Mutant Malwares Using the DEX file / 정보보호학회논문지 / 한국정보보호학회 26(4) : 895~902

[journal] CHA, Sang-Gil / 2018 / Software Security and Binary Analysis / Communications of the Korean Institute of Information Scientists and Engineers 36(3) : 11~16

[journal] 김태은 / 2019 / A Study on Hybrid Fuzzing using Dynamic Analysis for Automatic Binary Vulnerability Detection / 한국산학기술학회논문지 / 한국산학기술학회 20(6) : 541~547

[journal] 정호철 / 2019 / Prediction for Energy Demand Using 1D-CNN and Bidirectional LSTM in Internet of Energy / 전기전자학회논문지 / 한국전기전자학회 23(1) : 134~142

[journal] 황성운 / 2012 / A Methodology for Security Vulnerability Assessment Process on Binary Code / 한국인터넷방송통신학회 논문지 / 한국인터넷방송통신학회 12(5) : 237~242

[confproc] Jianming Fu / 2018 / Function Risk Assessment Under Memory Leakage / Networking and Network Applications (NaNA) 2018 International Conference on : 284~291

[confproc] BRUMLEY, David / 2011 / BAP: A binary analysis platform / International Conference on Computer Aided Verification / platform : 463~469

[confproc] SHIN, Eui Chul Richard / 2015 / Recognizing functions in binaries with neural networks / 24th USENIX Security Symposium (USENIX Security 15) : 611~626

[journal] DAVID, Yaniv / 2020 / Neural reverse engineering of stripped binaries using augmented control flow graphs / Proceedings of the ACM on Programming Languages 4(Neural reverse engineering of stripped binaries using augmented control flow graphs) : 1~28

[journal] Laune C. Harris / 2005 / Practical analysis of stripped binary code / SIGARCH Comput. Archit. News 33(5) : 63~68

KJCKorea
Journal Central

Journal of Software Assessment and Valuation 2023 KCI Impact Factor : 0.35

Extraction Scheme of Function Information in Stripped Binaries using LSTM

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of Software Assessment and Valuation 2023 KCI Impact Factor : 0.35

Extraction Scheme of Function Information in Stripped Binaries using LSTM

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (10) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.