We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:

References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: SAFE: Self-Attentive Function Embeddings for Binary Similarity

Abstract: The binary similarity problem consists in determining if two functions are similar by only considering their compiled form. Advanced techniques for binary similarity recently gained momentum as they can be applied in several fields, such as copyright disputes, malware analysis, vulnerability detection, etc., and thus have an immediate practical impact. Current solutions compare functions by first transforming their binary code in multi-dimensional vector representations (embeddings), and then comparing vectors through simple and efficient geometric operations. However, embeddings are usually derived from binary code using manual feature extraction, that may fail in considering important function characteristics, or may consider features that are not important for the binary similarity problem. In this paper we propose SAFE, a novel architecture for the embedding of functions based on a self-attentive neural network. SAFE works directly on disassembled binary functions, does not require manual feature extraction, is computationally more efficient than existing solutions (i.e., it does not incur in the computational overhead of building or manipulating control flow graphs), and is more general as it works on stripped binaries and on multiple architectures. We report the results from a quantitative and qualitative analysis that show how SAFE provides a noticeable performance improvement with respect to previous solutions. Furthermore, we show how clusters of our embedding vectors are closely related to the semantic of the implemented algorithms, paving the way for further interesting applications (e.g. semantic-based binary function search).
Comments: Published in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) 2019
Subjects: Cryptography and Security (cs.CR); Machine Learning (cs.LG)
Cite as: arXiv:1811.05296 [cs.CR]
  (or arXiv:1811.05296v4 [cs.CR] for this version)

Submission history

From: Luca Massarelli [view email]
[v1] Tue, 13 Nov 2018 14:01:16 GMT (2602kb,D)
[v2] Wed, 21 Nov 2018 20:59:31 GMT (2594kb,D)
[v3] Wed, 30 Jan 2019 17:26:46 GMT (2594kb,D)
[v4] Thu, 19 Dec 2019 10:06:09 GMT (2599kb,D)

Link back to: arXiv, form interface, contact.