Abstract
Users frequently lack access to the underlying source code and build artifacts of the programs they use. Without access, uncovering information about programs, such as compiler information or security properties, becomes a difficult task. Various methods exist for static analysis testing on source code languages, but few tools work solely with the executable machine code. This paper proposes constructing the code property graph from a program’s lifted machine code to observe structural differences between other executables. We implement our approach with the Binary Ninja Intermediate Language (BNIL) and the graph2vec neural embedding framework to create embedded representations of the graphical properties of the program. Downstream applications, such as supervised machine learning, can then analyze these representations. We demonstrate the effectiveness of our approach by training a supervised random forest classifier on the embedded graphs to determine, at the function level, which compiler, clang or gcc, created the executable the function belongs to. Our results achieved an accuracy of 100% across our testing set of 25,600 samples.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
