BinAug: Enhancing Binary Similarity Analysis with Low-Cost Input Repairing
Binary code similarity analysis (BCSA) is a fundamental building block for various software security, reverse engineering, and re-engineering applications. Existing research has applied deep neural networks (DNNs) to measure the similarity between binary code, following the major breakthrough of DNNs in processing media data like images. Despite the encouraging results of DNN-based BCSA, it is however not widely deployed in the industry due to the instability and the black-box nature of DNNs.
In this work, we first launch an extensive study over the state-of-the-art (SoTA) BCSA tools, and investigate their erroneous predictions from both quantitative and qualitative perspectives. Then, we accordingly design a low-cost and generic framework, namely Binaug, to improve the accuracy of BCSA tools by repairing their input binary codes. Aligned with the typical workflow of DNN-based BCSA, Binaug obtains the sorted top-K results of code similarity, and then re-ranks the results using a set of carefully-designed transformations. Binaug supports both black- and white-box settings, depending on the accessibility of the DNN model internals. Our experimental results show that Binaug can constantly improve performance of the SoTA BCSA tools by an average of 2.38pt and 6.46pt in the black- and the white-box settings. Moreover, with Binaug, we enhance the F1 score of binary software component analysis, an important downstream application of BCSA, by an average of 5.43pt and 7.45pt in the black- and the white-box settings.
Wed 17 AprDisplayed time zone: Lisbon change
14:00 - 15:30 | Program Repair 2Journal-first Papers / Research Track / Software Engineering in Practice at Pequeno Auditório Chair(s): Xiang Gao Beihang University | ||
14:00 15mTalk | Practical Program Repair via Preference-based Ensemble Strategy Research Track Wenkang Zhong State Key Laboratory for Novel Software and Technology, Nanjing University, 22 Hankou Road, Nanjing, China, Chuanyi Li Nanjing University, Kui Liu Huawei, Tongtong Xu Huawei, Jidong Ge Nanjing University, Tegawendé F. Bissyandé University of Luxembourg, Bin Luo Nanjing University, Vincent Ng Human Language Technology Research Institute, University of Texas at Dallas, Richardson, TX 75083-0688 | ||
14:15 15mTalk | Learning and Repair of Deep Reinforcement Learning Policies from Fuzz-Testing Data Research Track Martin Tappler TU Graz; Silicon Austria Labs, Andrea Pferscher Institute of Software Technology, Graz University of Technology , Bernhard Aichernig Graz University of Technology, Bettina Könighofer Graz University of Technology | ||
14:30 15mTalk | BinAug: Enhancing Binary Similarity Analysis with Low-Cost Input Repairing Research Track WONG Wai Kin Hong Kong University of Science and Technology, Huaijin Wang Hong Kong University of Science and Technology, Li Zongjie Hong Kong University of Science and Technology, Shuai Wang The Hong Kong University of Science and Technology | ||
14:45 15mTalk | Constraint Based Program Repair for Persistent Memory Bugs Research Track | ||
15:00 15mTalk | User-Centric Deployment of Automated Program Repair at Bloomberg Software Engineering in Practice David Williams University College London, James Callan UCL, Serkan Kirbas Bloomberg LP, Sergey Mechtaev University College London, Justyna Petke University College London, Thomas Prideaux-Ghee Bloomberg LP, Federica Sarro University College London | ||
15:15 7mTalk | AIBugHunter: A Practical Tool for Predicting, Classifying and Repairing Software Vulnerabilities Journal-first Papers Michael Fu Monash University, Kla Tantithamthavorn Monash University, Trung Le Monash University, Australia, Yuki Kume Monash University, Van Nguyen Monash University, Dinh Phung Monash University, Australia, John Grundy Monash University Link to publication DOI Pre-print | ||