VulCatch: Enhancing Binary Vulnerability Detection through CodeT5 Decompilation and KAN Advanced Feature Extraction

TL;DR

VulCatch is a novel binary vulnerability detection framework that leverages code decompilation and advanced neural network features to improve detection accuracy and reduce false positives in binary analysis.

Contribution

It introduces a synergistic decompilation module and KAN for high-level semantic extraction from binaries, enhancing vulnerability detection capabilities.

Findings

Achieves 98.88% detection accuracy

Maintains 97.92% precision

Reduces false positives to 1.56%

Abstract

Binary program vulnerability detection is critical for software security, yet existing deep learning approaches often rely on source code analysis, limiting their ability to detect unknown vulnerabilities. To address this, we propose VulCatch, a binary-level vulnerability detection framework. VulCatch introduces a Synergy Decompilation Module (SDM) and Kolmogorov-Arnold Networks (KAN) to transform raw binary code into pseudocode using CodeT5, preserving high-level semantics for deep analysis with tools like Ghidra and IDA. KAN further enhances feature transformation, enabling the detection of complex vulnerabilities. VulCatch employs word2vec, Inception Blocks, BiLSTM Attention, and Residual connections to achieve high detection accuracy (98.88%) and precision (97.92%), while minimizing false positives (1.56%) and false negatives (2.71%) across seven CVE datasets.