Abstract

The success of deep learning techniques in diverse fields has prompted research into their application for automatic software vulnerability discovery. The first step in the design of a deep learning based vulnerability detector fundamentally involves selecting an appropriate binary representation. A second challenge arises from the need to automatically localize the vulnerability to specific instructions, so as to allow for better detection and to enable downstream applications such as triage and patching.In this paper, we propose BinHunter, an automated tool for vulnerability discovery in binary programs. BinHunter leverages a new graph representation derived from slices of the combined control and data dependency graphs of a binary executable, and can learn code properties by propagating information through the graph edges. This representation enables graph convolutional network (GCN) learning algorithms to …

Date

December 9, 2024

Authors

Sima Arasteh, Jelena Mirkovic, Mukund Raghothaman, Christophe Hauser

Conference

2024 Annual Computer Security Applications Conference (ACSAC)

Pages

1062-1074

Publisher

IEEE