Static Analysis of Binary Executables Using Structural SVMs
نویسنده
چکیده
We cast the problem of identifying basic blocks of code in a binary executable as learning a mapping from a byte sequence to a segmentation of the sequence. In general, inference in segmentation models, such as semi-CRFs, can be cubic in the length of the sequence. By taking advantage of the structure of our problem, we derive a linear-time inference algorithm which makes our approach practical, given that even small programs are tens or hundreds of thousands bytes long. Furthermore, we introduce two loss functions which are appropriate for our problem and show how to use structural SVMs to optimize the learned mapping for these losses. Finally, we present experimental results that demonstrate the advantages of our method against a strong baseline.
منابع مشابه
Intraprocedural Static Slicing of Binary Executables
Program slicing is a technique for determining the set of statements of a program that potentially affect the value of a variable at some point in the program. Intra and interprocedural slicing of high-level languages has greatly been studied in the literature; both static and dynamic techniques have been used to aid in the debugging, maintenance, parallelization, program integration, and dataa...
متن کاملA compiler level intermediate representation based binary analysis system and its applications
Title of Dissertation: A COMPILER LEVEL INTERMEDIATE REPRESENTATION BASED BINARY ANALYSIS SYSTEM AND ITS APPLICATIONS Kapil Anand, Doctor of Philosophy, 2013 Dissertation directed by: Professor Rajeev Barua Department of Electrical and Computer Engineering Analyzing and optimizing programs from their executables has received a lot of attention recently in the research community. There has been ...
متن کاملA Static Birthmark of Binary Executables Based on API Call Structure
A software birthmark is a unique characteristic of a program that can be used as a software theft detection. In this paper we suggest and empirically evaluate a static birthmark of binary executables based on API call structure. The program properties employed in this birthmark are functions and standard API calls when the functions are executed. The API calls from a function includes the API c...
متن کاملClassifying Malicious Windows Executables Using Anomaly Based Detection
CLASSIFYING MALICIOUS WINDOWS EXECUTABLES USING ANOMALY BASED DETECTION by Ronak Sutaria A malicious executable is broadly defined as any program or piece of code designed to cause damage to a system or the information it contains, or to prevent the system from being used in a normal manner. A generic term used to describe any kind of malicious software is Malware, which includes Viruses, Worms...
متن کاملProxy-Annotated Control Flow Graphs: Deterministic Context-Sensitive Monitoring for Intrusion Detection
Model or specification based intrusion detection systems have been effective in detecting known and unknown host based attacks with few false alarms [12, 15]. In this approach, a model of program behavior is developed either manually, by using a high level specification language, or automatically, by static or dynamic analysis of the program. The actual program execution is then monitored using...
متن کامل