# Neural Reverse Engineering of Stripped Binaries using Augmented Control   Flow Graphs

**Authors:** Yaniv David, Uri Alon, Eran Yahav

arXiv: 1902.09122 · 2020-12-01

## TL;DR

This paper introduces a neural approach combining static analysis and control-flow graph representations to improve procedure name prediction in stripped binaries, significantly outperforming previous models.

## Contribution

The novel integration of static analysis with neural models and CFG encoding advances reverse engineering of stripped executables.

## Key findings

- Models outperform existing methods by 28%
- Achieve 100% improvement over neural textual models without static analysis
- Predictions are more accurate and time-consuming for humans to replicate

## Abstract

We address the problem of reverse engineering of stripped executables, which contain no debug information. This is a challenging problem because of the low amount of syntactic information available in stripped executables, and the diverse assembly code patterns arising from compiler optimizations.   We present a novel approach for predicting procedure names in stripped executables. Our approach combines static analysis with neural models. The main idea is to use static analysis to obtain augmented representations of call sites; encode the structure of these call sites using the control-flow graph (CFG) and finally, generate a target name while attending to these call sites. We use our representation to drive graph-based, LSTM-based and Transformer-based architectures.   Our evaluation shows that our models produce predictions that are difficult and time consuming for humans, while improving on existing methods by 28% and by 100% over state-of-the-art neural textual models that do not use any static analysis. Code and data for this evaluation are available at https://github.com/tech-srl/Nero .

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1902.09122/full.md

## Figures

25 figures with captions in the complete paper: https://tomesphere.com/paper/1902.09122/full.md

## References

62 references — full list in the complete paper: https://tomesphere.com/paper/1902.09122/full.md

---
Source: https://tomesphere.com/paper/1902.09122