DeLink: Source File Information Recovery in Binaries
Program comprehension can help analysts understand the primary behavior of a binary and enhance the efficiency of reverse engineering analysis. The existing works focus on instruction translation and function name prediction. However, they are limited in understanding the entire program. The recovered source file information can offer insights into the primary behavior of a binary, serving as high-level program summaries. Nevertheless, the files recovered by the function clustering-based approach contain binary functions with discontinuous distributions, resulting in low accuracy. Additionally, there is no existing research related to predicting the names of these recovered files.
To this end, we propose a framework for source file information recovery in binaries, DeLink. This framework first leverages a file structure recovery approach based on boundary location to recognize files within a binary. Then, it utilizes an encoder-decoder model to predict the names of these files. The experimental results show that our file structure recovery approach achieves an average improvement of 14% across six evaluation metrics and requires only an average time of 16.74 seconds, outperforming the state-of-the-art work in both recovery quality and efficiency. Additionally, our file name prediction model achieves 70.09% precision and 63.91% recall. Moreover, we demonstrate the effective application of DeLink in malware homology analysis.
Fri 20 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 16:30 | Analysis of Code OriginTechnical Papers at EI 10 Fritz Paschke Chair(s): Darko Marinov University of Illinois at Urbana-Champaign | ||
15:30 20mTalk | Enhancing Robustness of Code Authorship Attribution through Expert Feature Knowledge Technical Papers Xiaowei Guo Huazhong University of Science and Technology, Cai Fu Huazhong University of Science and Technology, Juan Chen Huazhong University of Science and Technology, Hongle Liu Huazhong University of Science and Technology, Lansheng Han Huazhong University of Science and Technology, Wenjin Li NSFOCUS Technologies Group DOI | ||
15:50 20mTalk | Your “Notice” Is Missing: Detecting and Fixing Violations of Modification Terms in Open Source Licenses during Forking Technical Papers Kaifeng Huang Tongji University, Yingfeng Xia Fudan University, Bihuan Chen Fudan University, Siyang He Fudan University, Huazheng Zeng Fudan University, Zhuotong Zhou Fudan University, Jin Guo Fudan University, Xin Peng Fudan University DOI | ||
16:10 20mTalk | DeLink: Source File Information Recovery in Binaries Technical Papers Zhe Lang Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhengzi Xu Nanyang Technological University; Imperial Global Singapore, Xiaohui Chen China Mobile Research Institute, Shichao Lv Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhanwei Song Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Zhiqiang Shi Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences DOI | ||