{"title":"Makefile什么?使用代码属性图检测没有源代码的编译器信息","authors":"Shaun R. Deaton","doi":"10.1109/TPS-ISA56441.2022.00039","DOIUrl":null,"url":null,"abstract":"Users frequently lack access to the underlying source code and build artifacts of the programs they use. Without access, uncovering information about programs, such as compiler information or security properties, becomes a difficult task. Various methods exist for static analysis testing on source code languages, but few tools work solely with the executable machine code. This paper proposes constructing the code property graph from a program’s lifted machine code to observe structural differences between other executables. We implement our approach with the Binary Ninja Intermediate Language (BNIL) and the graph2vec neural embedding framework to create embedded representations of the graphical properties of the program. Downstream applications, such as supervised machine learning, can then analyze these representations. We demonstrate the effectiveness of our approach by training a supervised random forest classifier on the embedded graphs to determine, at the function level, which compiler, clang or gcc, created the executable the function belongs to. Our results achieved an accuracy of 100% across our testing set of 25,600 samples.","PeriodicalId":427887,"journal":{"name":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"What Makefile? Detecting Compiler Information Without Source Using The Code Property Graph\",\"authors\":\"Shaun R. Deaton\",\"doi\":\"10.1109/TPS-ISA56441.2022.00039\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Users frequently lack access to the underlying source code and build artifacts of the programs they use. Without access, uncovering information about programs, such as compiler information or security properties, becomes a difficult task. Various methods exist for static analysis testing on source code languages, but few tools work solely with the executable machine code. This paper proposes constructing the code property graph from a program’s lifted machine code to observe structural differences between other executables. We implement our approach with the Binary Ninja Intermediate Language (BNIL) and the graph2vec neural embedding framework to create embedded representations of the graphical properties of the program. Downstream applications, such as supervised machine learning, can then analyze these representations. We demonstrate the effectiveness of our approach by training a supervised random forest classifier on the embedded graphs to determine, at the function level, which compiler, clang or gcc, created the executable the function belongs to. Our results achieved an accuracy of 100% across our testing set of 25,600 samples.\",\"PeriodicalId\":427887,\"journal\":{\"name\":\"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TPS-ISA56441.2022.00039\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TPS-ISA56441.2022.00039","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
What Makefile? Detecting Compiler Information Without Source Using The Code Property Graph
Users frequently lack access to the underlying source code and build artifacts of the programs they use. Without access, uncovering information about programs, such as compiler information or security properties, becomes a difficult task. Various methods exist for static analysis testing on source code languages, but few tools work solely with the executable machine code. This paper proposes constructing the code property graph from a program’s lifted machine code to observe structural differences between other executables. We implement our approach with the Binary Ninja Intermediate Language (BNIL) and the graph2vec neural embedding framework to create embedded representations of the graphical properties of the program. Downstream applications, such as supervised machine learning, can then analyze these representations. We demonstrate the effectiveness of our approach by training a supervised random forest classifier on the embedded graphs to determine, at the function level, which compiler, clang or gcc, created the executable the function belongs to. Our results achieved an accuracy of 100% across our testing set of 25,600 samples.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
