BinDeep: Binary to Source Code Matching Using Deep Learning

Saed Alrabaee, Kim Kwang Raymond Choo, Mohammad Qbea'h, Mahmoud Khasawneh

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Mapping a binary function taken from a compiled binary to the same function in the original source code has many security applications, such as discovering reused free open source code in malware binaries. To facilitate malware analysis, we present BINDEEP, a framework that learns the semantic relationships among binary functions based on assembly code. It also learns semantic information about the source functions in order to carry out function matching. We demonstrate how BINDEEP can be applied to fingerprint the origin of functions in malware binaries, and then benchmark its performance against that of five competing systems (i.e., RESOURCE, the Binary Analysis Tool (BAT), BinPro, Statistical Machine Translation (SMT), and FOSSIL). The findings show that BINDEEP is more robust and achieves significant improvement over these existing systems when confronted with changes introduced by code transformation methods or the use of different compilers and optimization levels. Furthermore, BINDEEP is able to discover source packages in malware binaries, such as Zeus and Citadel, that match those listed in existing security reports.

Original languageEnglish
Title of host publicationProceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
EditorsLiang Zhao, Neeraj Kumar, Robert C. Hsu, Deqing Zou
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1100-1107
Number of pages8
ISBN (Electronic)9781665416580
DOIs
Publication statusPublished - 2021
Event20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021 - Shenyang, China
Duration: Oct 20 2021Oct 22 2021

Publication series

NameProceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021

Conference

Conference20th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
Country/TerritoryChina
CityShenyang
Period10/20/2110/22/21

Keywords

  • binary code
  • machine learning
  • malicious code

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'BinDeep: Binary to Source Code Matching Using Deep Learning'. Together they form a unique fingerprint.

Cite this