DeLink: Source File Information Recovery in Binaries
This program is tentative and subject to change.
Program comprehension can help analysts understand the primary behavior of a binary and enhance the efficiency of reverse engineering analysis. The existing works focus on instruction translation and function name prediction. However, they are limited in understanding the entire program. The recovered source file information can offer insights into the primary behavior of a binary, serving as high-level program summaries. However, the files recovered by the function clustering-based approach contain binary functions with discontinuous distributions, resulting in low accuracy. Additionally, there is no existing research related to predicting the names of these recovered files. To this end, we propose a framework for source file information recovery in binaries, DeLink. This framework first leverages a file structure recovery approach based on boundary location to recognize files within a binary. Then, it utilizes an encoder-decoder model to predict the names of these files. The experimental results show that our file structure recovery approach achieves an average improvement of 14% across six evaluation metrics and requires only an average time of 16.74 seconds, outperforming the state-of-the-art work in recovery quality and efficiency. Additionally, our file name prediction model achieves 70.09% precision and 63.91% recall. Moreover, we demonstrate the effective application of DeLink in malware homology analysis.
This program is tentative and subject to change.
Fri 20 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 16:30 | |||
15:30 20mTalk | Enhancing Robustness of Code Authorship Attribution through Expert Feature Knowledge Technical Papers XiaoweiGuo Huazhong University of Science and Technology, Cai Fu Huazhong University of Science and Technology, Juan Chen Xihua University, China, Hongle Liu Huazhong University of Science and Technology, Lansheng Han Huazhong University of Science and Technology, Wenjin Li NSFOCUS Technologies Group DOI | ||
15:50 20mTalk | Your "Notice" is Missing: Detecting and Fixing Violations of Modification Terms in Open Source Licenses during Forking Technical Papers Kaifeng Huang Tongji University, Yingfeng Xia Fudan University, Bihuan Chen Fudan University, Siyang He Fudan University, Huazheng Zeng Fudan University, Zhuotong Zhou Fudan University, Jin Guo Fudan University, Xin Peng Fudan University | ||
16:10 20mTalk | DeLink: Source File Information Recovery in Binaries Technical Papers Zhe Lang Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS; School of Cyber Security, University of Chinese Academy of Sciences, Zhengzi Xu Nanyang Technological University, Xiaohui Chen Institute of Information Engineering, CAS; School of Cyber Security, University of Chinese Academy of Sciences, lvshichao College of Cyberspace Security, Chinese Academy of Sciences, Zhanwei Song Beijing Key Laboratory of IOT Information Security Technology, Institute of Information Engineering, CAS; School of Cyber Security, University of Chinese Academy of Sciences, zhiqiang shi Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences,, Limin Sun Institute of Information Engineering, Chinese Academy of Sciences, School of Cyber Security, University of Chinese Academy of Sciences, | ||