Abstract
Binary code vulnerability detection is an important research direction in the field of network security. The extensive reuse of open-source code has led to the spread of vulnerabilities that originally only affected a small number of targets to other software. Existing vulnerability detection methods are mainly based on binary code similarity analysis, that is, by comparing the similarity of code embedding to detect vulnerabilities. However, existing methods lack semantic understanding of binary code and cannot distinguish between different functions with similar code structures, which reduces the accuracy of vulnerability detection. This paper proposes a binary vulnerability detection method BinAIV based on function semantics. BinAIV is based on a neural network model, which defines and constructs binary function semantics to achieve more accurate similarity analysis. Experimental results show that in terms of binary code similarity analysis performance, BinAIV has a significant improvement compared to traditional methods that only use function embedding. In cross-compiler function search, cross-optimization function search, and cross-obfuscation function search experiments, the average Recall@1 value of BinAIV compared to the best-performing baseline methods increased by 40.1 %, 99.8 %, and 184.0 %. In the real-world vulnerability detection experiment, BinAIV had the highest detection accuracy for all vulnerabilities, with an improvement of 155.1 % and 97.7 % compared to Asm2Vec and SAFE, respectively.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.