Abstract
Different compilers and optimization levels can be used to compile the source code. Revealed in reverse from the produced binaries, these compiler details facilitate essential binary analysis tasks, such as malware analysis and software forensics. Most existing approaches adopt a signature matching based or machine learning based strategy to identify the compiler details, showing limits in either the detection accuracy or granularity. In this work, we propose NeuralCI (Neural modeling-based Compiler Identification) to infer these compiler details including compiler family, optimization level and compiler version on individual functions. The basic idea is to formulate sequence-oriented neural networks to process normalized instruction sequences generated using a lightweight function abstraction strategy. To evaluate the performance of NeuralCI, a large dataset consisting of 854,858 unique functions collected from 19 widely used real-world projects is constructed. The experiments show that NeuralCI achieves averagely 98.6% accuracy in identifying the compiler family, 95.3% accuracy in identifying the optimization level, 88.7% accuracy in identifying the compiler version, 94.8% accuracy in identifying the compiler family and optimization level, and 83.0% accuracy in identifying all compiler components simultaneously, outperforming existing function level compiler identification methods in terms of both detection accuracy and comprehensiveness.
Highlights
In the software production process, diverse toolchains and toolchain settings can be adopted to transform the source code to the final binary
As its major subtask to focus on the compilation phase, compiler identification attempts to infer from a piece of binary code the compiler-related details such as the specific compiler family, the optimization options, etc., which can facilitate essential binary analysis tasks such
EVALUATION In the following parts, we evaluate the performance of NeuralCI on identifying the compiler family, optimization level, compiler version and compiler setting combination respectively, and report the comparative results across the neural network models as well as against existing function level methods that support the detection of corresponding compiler settings
Summary
In the software production process, diverse toolchains and toolchain settings can be adopted to transform the source code to the final binary. PROBLEM OVERVIEW The goal of compiler identification is to reveal in reverse from the final produced binary the compiler-related details applied in processing the program source code The feasibility of this task lies in the usually significant differences imposed by different compiler and optimization settings. Inspired by the tremendous successes and superior feature learning power of deep learning in various program analysis tasks [16], [23], [34], [45], [48], [51], in this work, we resort to typical neural network structures to automatically capture and select the scattered, subtle yet significant features that manifest compiler settings, so as to achieve less human intervened yet effective and efficient fine-grained compiler identification
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
