Can we generate shellcodes via natural language? An empirical study-Reference-Cited by-同舟云学术

Can we generate shellcodes via natural language? An empirical study

Published:2022-03-05 Issue:1 Volume:29 Page:
ISSN:0928-8910
Container-title:Automated Software Engineering
language:en
Short-container-title:Autom Softw Eng

Author:

Liguori Pietro^ORCID,Al-Hossami Erfan,Cotroneo Domenico,Natella Roberto,Cukic Bojan,Shaikh Samira

Abstract

AbstractWriting software exploits is an important practice for offensive security analysts to investigate and prevent attacks. In particular, shellcodes are especially time-consuming and a technical challenge, as they are written in assembly language. In this work, we address the task of automatically generating shellcodes, starting purely from descriptions in natural language, by proposing an approach based on Neural Machine Translation (NMT). We then present an empirical study using a novel dataset (Shellcode_IA32), which consists of 3200 assembly code snippets of real Linux/x86 shellcodes from public databases, annotated using natural language. Moreover, we propose novel metrics to evaluate the accuracy of NMT at generating shellcodes. The empirical analysis shows that NMT can generate assembly code snippets from the natural language with high accuracy and that in many cases can generate entire shellcodes with no errors.

Publisher

Springer Science and Business Media LLC

Subject

Software

Link

https://link.springer.com/content/pdf/10.1007/s10515-022-00331-3.pdf

Reference93 articles.

1. Alhuzali, A., Eshete, B., Gjomemo, R., Venkatakrishnan, V.: Chainsaw: Chained automated workflow-based exploit generation. In: ACM Conf. on Computer and Communications Security, pp. 641–652 (2016)

2. Alon, U., Brody, S., Levy, O., Yahav, E.: code2seq: Generating sequences from structured representations of code. In: Intl. Conf. on Learning Representations (2018)

3. Anley, C., Heasman, J., Lindner, F., Richarte, G.: The Shellcoder’s Handbook: Discovering and Exploiting Security Holes. Wiley (2007). https://books.google.it/books?id=8PLYwAEACAAJ

4. Arce, I.: The shellcode generation. IEEE Security & Privacy 2(5), 72–76 (2004)

5. Avgerinos, T., Cha, S.K., Hao, B.L.T., Brumley, D.: Aeg: Automatic exploit generation. In: NDSS (2011)

Cited by 10 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Automating the correctness assessment of AI-generated code for security contexts;Journal of Systems and Software;2024-10

2. AI Code Generators for Security: Friend or Foe?;IEEE Security & Privacy;2024-09

3. AAHEG: Automatic Advanced Heap Exploit Generation Based on Abstract Syntax Tree;Symmetry;2023-12-14

4. How Important are Good Method Names in Neural Code Generation? A Model Robustness Perspective;ACM Transactions on Software Engineering and Methodology;2023-10-23

5. Who evaluates the evaluators? On automatic metrics for assessing AI-based offensive code generators;Expert Systems with Applications;2023-09