Neural Network-based Graph Embedding for Cross-Platform Binary Code Similarity Detection

TL;DR

This paper introduces Gemini, a neural network-based method for cross-platform binary code similarity detection that significantly improves accuracy and efficiency over existing graph matching approaches, enabling faster and more effective security analysis.

Contribution

The paper presents a novel neural network approach for embedding control flow graphs, outperforming existing methods in accuracy and speed, and demonstrating practical security applications.

Findings

Gemini outperforms state-of-the-art methods in similarity detection accuracy.

Gemini reduces embedding generation time by 3 to 4 orders of magnitude.

Gemini identifies more vulnerable firmware images than previous approaches.

Abstract

The problem of cross-platform binary code similarity detection aims at detecting whether two binary functions coming from different platforms are similar or not. It has many security applications, including plagiarism detection, malware detection, vulnerability search, etc. Existing approaches rely on approximate graph matching algorithms, which are inevitably slow and sometimes inaccurate, and hard to adapt to a new task. To address these issues, in this work, we propose a novel neural network-based approach to compute the embedding, i.e., a numeric vector, based on the control flow graph of each binary function, then the similarity detection can be done efficiently by measuring the distance between the embeddings for two functions. We implement a prototype called Gemini. Our extensive evaluation shows that Gemini outperforms the state-of-the-art approaches by large margins with respect to similarity detection accuracy. Further, Gemini can speed up prior art's embedding generation time by 3 to 4 orders of magnitude and reduce the required training time from more than 1 week down to 30 minutes to 10 hours. Our real world case studies demonstrate that Gemini can identify significantly more vulnerable firmware images than the state-of-the-art, i.e., Genius. Our research showcases a successful application of deep learning on computer security problems.