Abstract
Binary and source matching is vital for vulnerability detection or program comprehension. Most existing works focus on library matching (coarse-grained) by utilizing some simple features. However, they are so coarse-grained that high false positives occur since developers tend to reuse source code library partly. These shortcomings drive us to perform fine-grained matching (i.e., binary and source function matching). At the same time, due to the enormous differences between the form of binary and source functions, function matching (fine-grained) meets huge challenges. In this work, inspired by the decompilation technique and advanced neural networks, we propose tool, a Decompilation based deep Binary-Source function Matching framework. Specifically, we take the triplet features from both binary pseudo-code and source code functions as input, which are extracted from code property graph and can represent both the syntactic and semantic information. In this way, the binary and source functions are represented in the same feature space so to ease the matching model to learn function similarity. For the matching model, we adopt a self-attention based siamese network with contrastive loss. Experiments on two datasets, R0 and R3, show that our tool achieves consistent improvements than other methods, which demonstrate the effectiveness of our self-attention based matching model, and our triplets features can well capture the two kinds of code functions. Our work improves the accuracy of binary and source code matching, which in turn enables us to better address security issues such as vulnerability detection and program comprehension.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Langley, P.: Crafting papers on machine learning. In: Langley, P. (ed.) Proceedings of the 17th International Conference on Machine Learning (ICML 2000), pp. 1207–1216. Morgan Kaufmann, Stanford (2000)
Mitchell, T.M.: The need for biases in learning generalizations. Computer Science Department, Rutgers University, New Brunswick, MA, Technical Report (1980)
Kearns, M.J.: Computational complexity of machine learning. Ph.D. dissertation, Department of Computer Science, Harvard University (1989)
Michalski, R.S., Carbonell, J.G., Mitchell, T.M. (eds.): Machine Learning: An Artificial Intelligence Approach, vol. I. Tioga, Palo Alto (1983)
Duda, R.O., Hart, P.E., Stork, D.G.: Pattern Classification, 2nd edn. John Wiley and Sons, Hoboken (2000)
Author, N.N.: Suppressed for anonymity (2021)
Newell, A., Rosenbloom, P.S.: Mechanisms of skill acquisition and the law of practice. In: Anderson, J.R. (ed.) Cognitive Skills and Their Acquisition, vol. 1, pp. 1–51. Lawrence Erlbaum Associates Inc., Hillsdale (1981)
Samuel, A.L.: Some studies in machine learning using the game of checkers. IBM J. Res. Dev. 3(3), 211–229 (1959)
Feng, M., et al.: B2sfinder: detecting open-source software reuse in cots software. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 1038–1049 (2019)
Ding, S.H.H., Fung, B., Charland, P.: Asm2vec: boosting static representation robustness for binary clone search against code obfuscation and compiler optimization. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 472–489 (2019)
Feng, Q., Zhou, R., Xu, C., Cheng, Y., Testa, B., Yin, H.: Scalable graph-based bug search for firmware images. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016)
Ida pro (2020). https://www.hex-rays.com/products/ida/
Yamaguchi, F., Golde, N., Arp, D., Rieck, K.: Modeling and discovering vulnerabilities with code property graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 590–604 (2014)
Duan, R., Bijlani, A., Xu, M., Kim, T., Lee, W.: Identifying open-source license violation and 1-day security risk at large scale. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017)
Zhang, J., Beresford, A., Kollmann, S.A.: Libid: reliable identification of obfuscated third-party android libraries. In: Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (2019)
Hemel, A., Kalleberg, K., Vermaas, R., Dolstra, E.: Finding software license violations through binary code clone detection. In: MSR 2011 (2011)
Zuo, F., Li, X., Zhang, Z., Young, P., Luo, L., Zeng, Q.: Neural machine translation inspired binary code similarity comparison beyond function pairs. ArXiv:1808.04706 (2019)
Li, X.: Learning program-wide code representations for binary diffing. In: NDSS (2020)
Liu, B., et al.: \(\alpha \) diff: cross-version binary code similarity detection with dnn. In: 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 667–678 (2018)
Yu, Z., Zheng, W., Wang, J., Tang, Q., Nie, S., Wu, S.: Codecmr: cross-modal retrieval for function-level binary source code matching. In: NeurIPS (2020)
Mou, L., Li, G., Zhang, L., Wang, T., Jin, Z.: Convolutional neural networks over tree structures for programming language processing. In: AAAI (2016)
Fang, C., Liu, Z., Shi, Y., Huang, J., Shi, Q.: Functional code clone detection with syntax and semantics fusion learning. In: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (2020)
Bui, N.D.Q., Yu, Y., Jiang, L.: Treecaps: tree-based capsule networks for source code processing. ArXiv:2009.09777 (2020)
Zhou, Y., Liu, S., Siow, J., Du, X., Liu, Y.: Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks. In: NeurIPS (2019)
Xiao, Y., et al.: \(\{\)MVP\(\}\): detecting vulnerabilities using patch-enhanced vulnerability signatures. In: 29th \(\{\)USENIX\(\}\) Security Symposium (\(\{\)USENIX\(\}\) Security 20), pp. 1165–1182 (2020)
Vaswani, A., et al.: Attention is all you need. In: NIPS (2017)
Xu, X., Liu, C., Feng, Q., Yin, H., Song, L., Song, D.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 363–376 (2017)
Feng, Q., Zhou, R., Xu, C., Cheng, Y., Testa, B., Yin, H.: Scalable graph-based bug search for firmware images. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 480–491 (2016)
Luo, L., Ming, J., Wu, D., Liu, P., Zhu, S.: Semantics-based obfuscation-resilient binary code similarity comparison with applications to software and algorithm plagiarism detection. IEEE Trans. Softw. Eng. 43(12), 1157–1177 (2017)
Xu, D., Ming, J., Wu, D.: Cryptographic function detection in obfuscated binaries via bit-precise symbolic loop mapping. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 921–937. IEEE (2017)
Zuo, F., Li, X., Young, P., Luo, L., Zeng, Q., Zhang, Z.: Neural machine translation inspired binary code similarity comparison beyond function pairs. arXiv preprint arXiv:1808.04706 (2018)
David, Y., Partush, N., Yahav, E.: Similarity of binaries through re-optimization. In: Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 79–94 (2017)
Ramos, J., et al.: Using TF-IDF to determine word relevance in document queries. In: Proceedings of the First Instructional Conference on Machine Learning, vol. 242, no. 1, pp. 29–48. Citeseer (2003)
Lin, Z., et al.: A structured self-attentive sentence embedding. In: International Conference on Learning Representations (2017)
He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR) (2016)
Ba, J.L., Kiros, J.R., Hinton, G.E.: Layer normalization. arXiv preprint arXiv:1607.06450 (2016)
Larochelle, H., Bengio, Y., Louradour, J., Lamblin, P.: Exploring strategies for training deep neural networks. J. Mach. Learn. Res. 10(1), 1–40 (2009)
Hadsell, R., Chopra, S., LeCun, Y.: Dimensionality reduction by learning an invariant mapping. In: 2006 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR 2006), vol. 2, pp. 1735–1742. IEEE (2006)
De Boer, P.-T., Kroese, D.P., Mannor, S., Rubinstein, R.Y.: A tutorial on the cross-entropy method. Ann. Oper. Res. 134(1), 19–67 (2005)
Bromley, J., Guyon, I., LeCun, Y., Säckinger, E., Shah, R.: Signature verification using a “siamese” time delay neural network. In: Proceedings of the 6th International Conference on Neural Information Processing Systems, pp. 737–744 (1993)
Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)
Kim, Y.: Convolutional neural networks for sentence classification. In: Proceedings of the 2014 Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 1746–1751 (2014)
Johnson, R., Zhang, T.: Deep pyramid convolutional neural networks for text categorization. In: Proceedings of the 55th Annual Meeting of the Association for Computational Linguistics, vol. 1: Long Papers, pp. 562–570 (2017)
Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. arXiv preprint arXiv:1412.6980 (2014)
Acknowledgments
The authors would like to thank the anonymous reviewers for their helpful feedback on an earlier version of this paper. This work is partly supported by National Key R &D Program of China under Grant #2022YFB3103900, Strategic Priority Research Program of the CAS under Grant #XDC02030200 and Chinese National Natural Science Foundation (Grants #62032010, #62202462).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wang, X. et al. (2023). Decompilation Based Deep Binary-Source Function Matching. In: Yung, M., Chen, C., Meng, W. (eds) Science of Cyber Security . SciSec 2023. Lecture Notes in Computer Science, vol 14299. Springer, Cham. https://doi.org/10.1007/978-3-031-45933-7_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-45933-7_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-45932-0
Online ISBN: 978-3-031-45933-7
eBook Packages: Computer ScienceComputer Science (R0)