ClearAgent: Agentic Binary Analysis for Effective Vulnerability Detection
Statically detecting bugs at the binary level has been crucial for the security of Commercial-Off-The-Shelf (COTS) software when source code is not available. However, traditional methods suffer from the inherent limitations of binary translation and static analysis, which hinders their scalability for complex real-world binaries. Recent efforts that leverage large language models (LLMs) for bug detection are still limited by possible hallucination, inaccurate code property retrieval, and insufficient guidance.
In this paper, we propose a new agentic binary analysis framework ClearAgent, which features a novel binary language server that provides both LLM-friendly and analyzer-friendly interfaces to facilitate effective understanding of binary code semantics, enabling effective vulnerability detection. ClearAgent works by automatically interacting with the server and iteratively exploring for buggy locations. For candidate bug reports, ClearAgent further tries to verify the existence of the vulnerability by constructing concrete inputs that can trigger the buggy locations.
Wed 15 OctDisplayed time zone: Perth change
13:40 - 15:20 | LLMs for Program Analysis and Verification ILMPL at Orchid East Chair(s): Puzhuo Liu Ant Group & Tsinghua University | ||
13:40 15mTalk | Function Renaming in Reverse Engineering of Embedded Device Firmware with ChatGPT LMPL Puzhuo Liu Ant Group & Tsinghua University, Peng Di Ant Group & UNSW Sydney, Yu Jiang Tsinghua University | ||
13:55 15mTalk | Enhancing Semantic Understanding in Pointer Analysis Using Large Language Models LMPL Baijun Cheng Peking University, Kailong Wang Huazhong University of Science and Technology, Ling Shi Nanyang Technological University, Haoyu Wang Huazhong University of Science and Technology, Yao Guo Peking University, Ding Li Peking University, Xiangqun Chen Peking University | ||
14:10 15mTalk | Improving SAST Detection Capability with LLMs and Enhanced DFArecorded LMPL Yuan Luo Tencent Security Yunding Lab, Zhaojun Chen Tencent Security Yunding Lab, Yuxin Dong Peking University, Haiquan Zhang Tencent Security Yunding Lab, Yi Sun Tencent Security Yunding Lab, Fei Xie Tencent Security Yunding Lab, Zhiqiang Dong Tencent Security Yunding Lab | ||
14:25 15mTalk | ClearAgent: Agentic Binary Analysis for Effective Vulnerability Detection LMPL Xiang Chen The Hong Kong University of Science and Technology, Anshunkang Zhou The Hong Kong University of Science and Technology, Chengfeng Ye The Hong Kong University of Science and Technology, Charles Zhang The Hong Kong University of Science and Technology | ||
14:40 15mTalk | CG-Bench: Can Language Models Assist Call Graph Construction in the Real World?recorded LMPL Ting Yuan , Wenrui Zhang Huawei Technologies Co., Ltd, Dong Chen Huawei Technologies Co., Ltd, Jie Wang Huawei Technologies Co., Ltd Pre-print | ||
14:55 20mTalk | Beyond Static Pattern Matching? Rethinking Automatic Cryptographic API Misuse Detection in the Era of LLMs LMPL | ||