CFG2VEC: Hierarchical Graph Neural Network for Cross-Architectural Software Reverse Engineering

by   Shih Yuan Yu, et al.

Mission-critical embedded software is critical to our society's infrastructure but can be subject to new security vulnerabilities as technology advances. When security issues arise, Reverse Engineers (REs) use Software Reverse Engineering (SRE) tools to analyze vulnerable binaries. However, existing tools have limited support, and REs undergo a time-consuming, costly, and error-prone process that requires experience and expertise to understand the behaviors of software and vulnerabilities. To improve these tools, we propose cfg2vec, a Hierarchical Graph Neural Network (GNN) based approach. To represent binary, we propose a novel Graph-of-Graph (GoG) representation, combining the information of control-flow and function-call graphs. Our cfg2vec learns how to represent each binary function compiled from various CPU architectures, utilizing hierarchical GNN and the siamese network-based supervised learning architecture. We evaluate cfg2vec's capability of predicting function names from stripped binaries. Our results show that cfg2vec outperforms the state-of-the-art by 24.54% in predicting function names and can even achieve 51.84% better given more training data. Additionally, cfg2vec consistently outperforms the state-of-the-art for all CPU architectures, while the baseline requires multiple training to achieve similar performance. More importantly, our results demonstrate that our cfg2vec could tackle binaries built from unseen CPU architectures, thus indicating that our approach can generalize the learned knowledge. Lastly, we demonstrate its practicability by implementing it as a Ghidra plugin used during resolving DARPA Assured MicroPatching (AMP) challenges.


page 1

page 9


Graph Neural Network Training with Data Tiering

Graph Neural Networks (GNNs) have shown success in learning from graph-s...

Devign: Effective Vulnerability Identification by Learning Comprehensive Program Semantics via Graph Neural Networks

Vulnerability identification is crucial to protect the software systems ...

Story Point Effort Estimation by Text Level Graph Neural Network

Estimating the software projects' efforts developed by agile methods is ...

Graph Neural Network based Channel Tracking for Massive MIMO Networks

In this paper, we resort to the graph neural network (GNN) and propose t...

Graph Neural Network based Service Function Chaining for Automatic Network Control

Software-defined networking (SDN) and the network function virtualizatio...

Towards usable automated detection of CPU architecture and endianness for arbitrary binary files and object code sequences

Static and dynamic binary analysis techniques are actively used to rever...

NeuDep: Neural Binary Memory Dependence Analysis

Determining whether multiple instructions can access the same memory loc...

Please sign up or login with your details

Forgot password? Click here to reset