Binary2vec:Cross-architecture binary embeddings with global attention-enhanced graph neural networks

Abstract

Binary analysis is crucial in the software security domain, supporting tasks such as software plagiarism detection and reverse engineering. However, existing methods either struggle to generalize across hardware architectures or fail to fully capture high-level program semantics. Moreover, in binary similarity analysis, some approaches yield both high precision and high mean squared error, indicating that they assign high similarity scores to both similar and dissimilar binaries. To address these challenges, we propose Binary2vec, a novel framework for constructing cross-architecture binary embeddings. First, Binary2vec leverages the LLVM intermediate representation to achieve cross-architecture compatibility. Then, Binary2vec captures program semantics through a novel graph representation, A-PROGRAML. Finally, A-PROGRAML graph is fed into a graph neural network called GPS with a global attention mechanism to obtain the binary embeddings. To demonstrate its effectiveness, we evaluate Binary2vec on three binary analysis tasks: heterogeneous compute device mapping, optimal thread coarsening factor prediction, and similarity analysis. In heterogeneous compute device mapping and optimal thread coarsening factor prediction, Binary2vec demonstrates better performance than NCC and IR2VEC on average. In similarity analysis, Binary2vec outperforms BinaryAI (the state-of-the-art method) proposed by Tencent Security Keen Lab in cross-architecture scenarios, and works well even with binaries with a small number of functions, where BinaryAI fails.