HAN-BSVD: A hierarchical attention network for binary software vulnerability detection

Abstract

Deep learning has shown effectiveness in binary software vulnerability detection due to its outstanding feature extraction capability independent of human expert experience. However, detection approaches such as Instruction2vec still have the following defects: (1) the context between an instruction’s elements (opcode, registers, etc.) is not fully incorporated when embedding a single instruction into its vector representation; (2) the crucial regions that related to vulnerability are not highlighted when extracting features of the vulnerable code. In this paper, we propose a hierarchical attention network for binary software vulnerability detection (HAN-BSVD). Through HAN-BSVD, the contextual information is first enriched by the preprocessor with unifying jump address and normalizing instruction, and then preserved by the instruction embedding network that composed of Bi-GRU and word-attention module; the local features are captured and the crucial regions are highlighted by the feature extraction network that composed of Text-CNN and spatial-attention module. The proposed approach is evaluated on the Juliet Test Suite dataset and the ICLR19 dataset, detection result performs better than the other compared approaches. Extensive ablation studies are also conducted to further prove the effectiveness of each design choice.