Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs

TL;DR

This paper introduces INNEREYE, a novel NLP-inspired system for binary code similarity comparison across different architectures, improving accuracy and scalability for applications like vulnerability discovery and code plagiarism detection.

Contribution

It applies NLP techniques to binary analysis, addressing cross-architecture semantic similarity and containment detection with a new system outperforming existing methods.

Findings

Outperforms existing methods in accuracy, efficiency, and scalability.

Effective in cross-architecture vulnerability discovery.

Demonstrates the applicability of NLP techniques to large-scale binary analysis.

Abstract

Binary code analysis allows analyzing binary code without having access to the corresponding source code. A binary, after disassembly, is expressed in an assembly language. This inspires us to approach binary analysis by leveraging ideas and techniques from Natural Language Processing (NLP), a rich area focused on processing text of various natural languages. We notice that binary code analysis and NLP share a lot of analogical topics, such as semantics extraction, summarization, and classification. This work utilizes these ideas to address two important code similarity comparison problems. (I) Given a pair of basic blocks for different instruction set architectures (ISAs), determining whether their semantics is similar or not; and (II) given a piece of code of interest, determining if it is contained in another piece of assembly code for a different ISA. The solutions to these two problems have many applications, such as cross-architecture vulnerability discovery and code plagiarism detection. We implement a prototype system INNEREYE and perform a comprehensive evaluation. A comparison between our approach and existing approaches to Problem I shows that our system outperforms them in terms of accuracy, efficiency and scalability. And the case studies utilizing the system demonstrate that our solution to Problem II is effective. Moreover, this research showcases how to apply ideas and techniques from NLP to large-scale binary code analysis.