Improving cross-platform binary analysis using representation learning via graph alignment

Geunwoo Kim; Sanghyun Hong; Michael Franz; Dokyung Song

doi:10.1145/3533767.3534383

Improving cross-platform binary analysis using representation learning via graph alignment

Geunwoo Kim, Sanghyun Hong, Michael Franz, Dokyung Song

College of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Citation (Scopus)

Abstract

Cross-platform binary analysis requires a common representation of binaries across platforms, on which a specific analysis can be performed. Recent work proposed to learn low-dimensional, numeric vector representations (i.e., embeddings) of disassembled binary code, and perform binary analysis in the embedding space. Unfortunately, however, existing techniques fall short in that they are either (i) specific to a single platform producing embeddings not aligned across platforms, or (ii) not designed to capture the rich contextual information available in a disassembled binary. We present a novel deep learning-based method, XBA, which addresses the aforementioned problems. To this end, we first abstract binaries as typed graphs, dubbed binary disassembly graphs (BDGs), which encode control-flow and other rich contextual information of different entities found in a disassembled binary, including basic blocks, external functions called, and string literals referenced. We then formulate binary code representation learning as a graph alignment problem, i.e., finding the node correspondences between BDGs extracted from two binaries compiled for different platforms. XBA uses graph convolutional networks to learn the semantics of each node, (i) using its rich contextual information encoded in the BDG, and (ii) aligning its embeddings across platforms. Our formulation allows XBA to learn semantic alignments between two BDGs in a semi-supervised manner, requiring only a limited number of node pairs be aligned across platforms for training. Our evaluation shows that XBA can learn semantically-rich embeddings of binaries aligned across platforms without apriori platform-specific knowledge. By training our model only with 50% of the oracle alignments, XBA was able to predict, on average, 75% of the rest. Our case studies further show that the learned embeddings encode knowledge useful for cross-platform binary analysis.

Original language	English
Title of host publication	ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis
Editors	Sukyoung Ryu, Yannis Smaragdakis
Publisher	Association for Computing Machinery, Inc
Pages	151-163
Number of pages	13
ISBN (Electronic)	9781450393799
DOIs	https://doi.org/10.1145/3533767.3534383
Publication status	Published - 2022 Jul 18
Event	31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2022 - Virtual, Online, Korea, Republic of Duration: 2022 Jul 18 → 2022 Jul 22

Publication series

Name	ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis

Conference

Conference	31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2022
Country/Territory	Korea, Republic of
City	Virtual, Online
Period	22/7/18 → 22/7/22

Bibliographical note

Funding Information:
We thank the anonymous reviewers for their insightful feedback. This material is based upon work partly supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) under awards 2021R1F1A1057436 and 2022R1C1C1003551, the Office of Naval Research (ONR) under awards N00014-21-1-2409 and N00014-17-1-2232, the Defense Advanced Research Projects Agency (DARPA) under award N66001-20-C-4027, and the Defense Advanced Research Projects Agency (DARPA) Small Business Technology Transfer (STTR) Program Office under contracts W31P4Q-20-C-0052 and W912CG-21-C-0020. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of NRF, MSIT, ONR, DARPA, the DARPA STTR Program Office, or any other South Korea and U.S. government agency. We also gratefully acknowledge an łEndeavorž research award from the Donald Bren School of Information and Computer Sciences at UC Irvine, and an award from the Yonsei University Research Fund of 2021 (2021-22-0039).

Publisher Copyright:
© 2022 ACM.

All Science Journal Classification (ASJC) codes

Computational Theory and Mathematics
Computer Science Applications
Software

Access to Document

10.1145/3533767.3534383

Cite this

Kim, G., Hong, S., Franz, M., & Song, D. (2022). Improving cross-platform binary analysis using representation learning via graph alignment. In S. Ryu, & Y. Smaragdakis (Eds.), ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis (pp. 151-163). (ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis). Association for Computing Machinery, Inc. https://doi.org/10.1145/3533767.3534383

Kim, Geunwoo ; Hong, Sanghyun ; Franz, Michael et al. / Improving cross-platform binary analysis using representation learning via graph alignment. ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. editor / Sukyoung Ryu ; Yannis Smaragdakis. Association for Computing Machinery, Inc, 2022. pp. 151-163 (ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis).

@inproceedings{9d6b32673f734f999c32673118f0fcc8,

title = "Improving cross-platform binary analysis using representation learning via graph alignment",

abstract = "Cross-platform binary analysis requires a common representation of binaries across platforms, on which a specific analysis can be performed. Recent work proposed to learn low-dimensional, numeric vector representations (i.e., embeddings) of disassembled binary code, and perform binary analysis in the embedding space. Unfortunately, however, existing techniques fall short in that they are either (i) specific to a single platform producing embeddings not aligned across platforms, or (ii) not designed to capture the rich contextual information available in a disassembled binary. We present a novel deep learning-based method, XBA, which addresses the aforementioned problems. To this end, we first abstract binaries as typed graphs, dubbed binary disassembly graphs (BDGs), which encode control-flow and other rich contextual information of different entities found in a disassembled binary, including basic blocks, external functions called, and string literals referenced. We then formulate binary code representation learning as a graph alignment problem, i.e., finding the node correspondences between BDGs extracted from two binaries compiled for different platforms. XBA uses graph convolutional networks to learn the semantics of each node, (i) using its rich contextual information encoded in the BDG, and (ii) aligning its embeddings across platforms. Our formulation allows XBA to learn semantic alignments between two BDGs in a semi-supervised manner, requiring only a limited number of node pairs be aligned across platforms for training. Our evaluation shows that XBA can learn semantically-rich embeddings of binaries aligned across platforms without apriori platform-specific knowledge. By training our model only with 50% of the oracle alignments, XBA was able to predict, on average, 75% of the rest. Our case studies further show that the learned embeddings encode knowledge useful for cross-platform binary analysis.",

author = "Geunwoo Kim and Sanghyun Hong and Michael Franz and Dokyung Song",

note = "Funding Information: We thank the anonymous reviewers for their insightful feedback. This material is based upon work partly supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) under awards 2021R1F1A1057436 and 2022R1C1C1003551, the Office of Naval Research (ONR) under awards N00014-21-1-2409 and N00014-17-1-2232, the Defense Advanced Research Projects Agency (DARPA) under award N66001-20-C-4027, and the Defense Advanced Research Projects Agency (DARPA) Small Business Technology Transfer (STTR) Program Office under contracts W31P4Q-20-C-0052 and W912CG-21-C-0020. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of NRF, MSIT, ONR, DARPA, the DARPA STTR Program Office, or any other South Korea and U.S. government agency. We also gratefully acknowledge an {\l}Endeavor{\v z} research award from the Donald Bren School of Information and Computer Sciences at UC Irvine, and an award from the Yonsei University Research Fund of 2021 (2021-22-0039). Publisher Copyright: {\textcopyright} 2022 ACM.; 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2022 ; Conference date: 18-07-2022 Through 22-07-2022",

year = "2022",

month = jul,

day = "18",

doi = "10.1145/3533767.3534383",

language = "English",

series = "ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis",

publisher = "Association for Computing Machinery, Inc",

pages = "151--163",

editor = "Sukyoung Ryu and Yannis Smaragdakis",

booktitle = "ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis",

}

Kim, G, Hong, S, Franz, M & Song, D 2022, Improving cross-platform binary analysis using representation learning via graph alignment. in S Ryu & Y Smaragdakis (eds), ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, Association for Computing Machinery, Inc, pp. 151-163, 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2022, Virtual, Online, Korea, Republic of, 22/7/18. https://doi.org/10.1145/3533767.3534383

Improving cross-platform binary analysis using representation learning via graph alignment. / Kim, Geunwoo; Hong, Sanghyun; Franz, Michael et al.

ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. ed. / Sukyoung Ryu; Yannis Smaragdakis. Association for Computing Machinery, Inc, 2022. p. 151-163 (ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Improving cross-platform binary analysis using representation learning via graph alignment

AU - Kim, Geunwoo

AU - Hong, Sanghyun

AU - Franz, Michael

AU - Song, Dokyung

N1 - Funding Information: We thank the anonymous reviewers for their insightful feedback. This material is based upon work partly supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT) under awards 2021R1F1A1057436 and 2022R1C1C1003551, the Office of Naval Research (ONR) under awards N00014-21-1-2409 and N00014-17-1-2232, the Defense Advanced Research Projects Agency (DARPA) under award N66001-20-C-4027, and the Defense Advanced Research Projects Agency (DARPA) Small Business Technology Transfer (STTR) Program Office under contracts W31P4Q-20-C-0052 and W912CG-21-C-0020. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of NRF, MSIT, ONR, DARPA, the DARPA STTR Program Office, or any other South Korea and U.S. government agency. We also gratefully acknowledge an łEndeavorž research award from the Donald Bren School of Information and Computer Sciences at UC Irvine, and an award from the Yonsei University Research Fund of 2021 (2021-22-0039). Publisher Copyright: © 2022 ACM.

PY - 2022/7/18

Y1 - 2022/7/18

N2 - Cross-platform binary analysis requires a common representation of binaries across platforms, on which a specific analysis can be performed. Recent work proposed to learn low-dimensional, numeric vector representations (i.e., embeddings) of disassembled binary code, and perform binary analysis in the embedding space. Unfortunately, however, existing techniques fall short in that they are either (i) specific to a single platform producing embeddings not aligned across platforms, or (ii) not designed to capture the rich contextual information available in a disassembled binary. We present a novel deep learning-based method, XBA, which addresses the aforementioned problems. To this end, we first abstract binaries as typed graphs, dubbed binary disassembly graphs (BDGs), which encode control-flow and other rich contextual information of different entities found in a disassembled binary, including basic blocks, external functions called, and string literals referenced. We then formulate binary code representation learning as a graph alignment problem, i.e., finding the node correspondences between BDGs extracted from two binaries compiled for different platforms. XBA uses graph convolutional networks to learn the semantics of each node, (i) using its rich contextual information encoded in the BDG, and (ii) aligning its embeddings across platforms. Our formulation allows XBA to learn semantic alignments between two BDGs in a semi-supervised manner, requiring only a limited number of node pairs be aligned across platforms for training. Our evaluation shows that XBA can learn semantically-rich embeddings of binaries aligned across platforms without apriori platform-specific knowledge. By training our model only with 50% of the oracle alignments, XBA was able to predict, on average, 75% of the rest. Our case studies further show that the learned embeddings encode knowledge useful for cross-platform binary analysis.

AB - Cross-platform binary analysis requires a common representation of binaries across platforms, on which a specific analysis can be performed. Recent work proposed to learn low-dimensional, numeric vector representations (i.e., embeddings) of disassembled binary code, and perform binary analysis in the embedding space. Unfortunately, however, existing techniques fall short in that they are either (i) specific to a single platform producing embeddings not aligned across platforms, or (ii) not designed to capture the rich contextual information available in a disassembled binary. We present a novel deep learning-based method, XBA, which addresses the aforementioned problems. To this end, we first abstract binaries as typed graphs, dubbed binary disassembly graphs (BDGs), which encode control-flow and other rich contextual information of different entities found in a disassembled binary, including basic blocks, external functions called, and string literals referenced. We then formulate binary code representation learning as a graph alignment problem, i.e., finding the node correspondences between BDGs extracted from two binaries compiled for different platforms. XBA uses graph convolutional networks to learn the semantics of each node, (i) using its rich contextual information encoded in the BDG, and (ii) aligning its embeddings across platforms. Our formulation allows XBA to learn semantic alignments between two BDGs in a semi-supervised manner, requiring only a limited number of node pairs be aligned across platforms for training. Our evaluation shows that XBA can learn semantically-rich embeddings of binaries aligned across platforms without apriori platform-specific knowledge. By training our model only with 50% of the oracle alignments, XBA was able to predict, on average, 75% of the rest. Our case studies further show that the learned embeddings encode knowledge useful for cross-platform binary analysis.

UR - http://www.scopus.com/inward/record.url?scp=85136810430&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85136810430&partnerID=8YFLogxK

U2 - 10.1145/3533767.3534383

DO - 10.1145/3533767.3534383

M3 - Conference contribution

AN - SCOPUS:85136810430

T3 - ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis

SP - 151

EP - 163

BT - ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis

A2 - Ryu, Sukyoung

A2 - Smaragdakis, Yannis

PB - Association for Computing Machinery, Inc

T2 - 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2022

Y2 - 18 July 2022 through 22 July 2022

ER -

Kim G, Hong S, Franz M, Song D. Improving cross-platform binary analysis using representation learning via graph alignment. In Ryu S, Smaragdakis Y, editors, ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis. Association for Computing Machinery, Inc. 2022. p. 151-163. (ISSTA 2022 - Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis). doi: 10.1145/3533767.3534383

Improving cross-platform binary analysis using representation learning via graph alignment

Abstract

Publication series

Conference

Bibliographical note

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this