Affiliation:
1. Institute of Information Engineering, Chinese Academy of Sciences, China and School of Cyber Security, University of Chinese Academy of Sciences, China
Abstract
Widespread code reuse allows vulnerabilities to proliferate among a vast variety of firmware. There is an urgent need to detect these vulnerable codes effectively and efficiently. By measuring code similarities,
AI-based binary code similarity detection
is applied to detecting vulnerable code at scale. Existing studies have proposed various function features to capture the commonality for similarity detection. Nevertheless, the significant code syntactic variability induced by the diversity of IoT hardware architectures diminishes the accuracy of binary code similarity detection. In our earlier study and the tool
Asteria
, we adopted a Tree-LSTM network to summarize function semantics as function commonality, and the evaluation result indicates an advanced performance. However, it still has utility concerns due to excessive time costs and inadequate precision while searching for large-scale firmware bugs.
To this end, we propose a novel deep learning-enhancement architecture by incorporating domain knowledge-based pre-filtration and re-ranking modules, and we develop a prototype named
Asteria-Pro
based on
Asteria
. The pre-filtration module eliminates dissimilar functions, thus reducing the subsequent deep learning-model calculations. The re-ranking module boosts the rankings of vulnerable functions among candidates generated by the deep learning model. Our evaluation indicates that the pre-filtration module cuts the calculation time by 96.9%, and the re-ranking module improves MRR and Recall by 23.71% and 36.4%, respectively. By incorporating these modules,
Asteria-Pro
outperforms existing state-of-the-art approaches in the bug search task by a significant margin. Furthermore, our evaluation shows that embedding baseline methods with pre-filtration and re-ranking modules significantly improves their precision. We conduct a large-scale real-world firmware bug search, and
Asteria-Pro
manages to detect 1,482 vulnerable functions with a high precision 91.65%.
Funder
National Key R&D Program of China
Strategic Priority Research Program of Chinese Academy of Sciences
Joint Fund Cultivation Project of National Natural Science Foundation of China
Science and Technology Project of State Grid Corporation of China
National Natural Science Foundation of China
Chinese National Natural Science Foundation
Publisher
Association for Computing Machinery (ACM)
Reference74 articles.
1. Asteria-BCSD. 2022. Asteria-Pro Code Repository. Retrieved from https://github.com/Asteria-BCSD/Asteria-Pro
2. Microsoft Security. 2022. Binwalk. Retrieved from https://www.refirmlabs.com/binwalk/
3. Buildroot. 2022. Buildroot Making Embedded Linux Easy. Retrieved from https://buildroot.org
4. Cisco. 2022. Cisco website. Retrieved from https://www.cisco.com/c/en_hk/index.html
5. cxxfilt. 2022. cxxfilt. Retrieved from https://pypi.org/project/cxxfilt/
Cited by
8 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. CEBin: A Cost-Effective Framework for Large-Scale Binary Code Similarity Detection;Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis;2024-09-11
2. A Semantics-Based Approach on Binary Function Similarity Detection;IEEE Internet of Things Journal;2024-08-01
3. CodeExtract: Enhancing Binary Code Similarity Detection with Code Extraction Techniques;Proceedings of the 25th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems;2024-06-20
4. AdvBinSD: Poisoning the Binary Code Similarity Detector via Isolated Instruction Sequences;2023 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom);2023-12-21
5. Analysis of Decompiled Program Code Using Abstract Syntax Trees;Automatic Control and Computer Sciences;2023-12