In this paper we investigate the problem of automatically naming pieces of assembly code. Where by naming we mean assigning to an assembly function a string of words that would likely be assigned by a human reverse engineer. We formally and precisely define the framework in which our investigation takes place. That is we define the problem, we provide reasonable justifications for the choices that we made for the design of training and the tests. We performed an analysis on a large real-world corpora constituted by nearly 9 millions of functions taken from more than 22k softwares. In such framework we test baselines coming from the field of Natural Language Processing (e.g., Seq2Seq networks and Transformer). Interestingly, our evaluation shows promising results beating the state-of-the-art and reaching good performance. We investigate the applicability of tine-tuning (i.e., taking a model already trained on a large generic corpora and retraining it for a specific task). Such technique is popular and well-known in the NLP field. Our results confirm that fine-tuning is effective even when neural networks are applied to binaries. We show that a model, pre-trained on the aforementioned corpora, when fine-tuned has higher performances on specific domains (such as predicting names in system utilites, malware, etc).
翻译:在本文中,我们调查自动命名组装代码的问题。当我们通过命名指向组装功能分配一连串可能由人类反向工程师指派的单词时,我们正式和准确地界定我们进行调查的框架。这就是我们界定了问题,我们为我们为设计培训和测试所作的选择提供了合理的理由。我们分析了一个由来自22千多个软件的近900万个功能组成的大型真实世界公司。在这个框架中,我们测试来自自然语言处理领域的基线(例如Seq2Seq网络和变异器)。有趣的是,我们的评估显示,在最先进和取得良好业绩方面,取得了有希望的结果。我们调查了微调(例如,采用一个已经在大型通用公司上受过训练的模型,并为具体任务进行再培训)的适用性。这种技术在NLP领域很受欢迎和广为人所知。我们的结果证实,即使在将神经网络应用时,我们测试了来自自然语言处理领域的基线(例如Seq2Seqeqeq网络和变异器) 。我们展示了一种模型,在高级系统上,预先训练了高端的系统,在精确时,变装时,在特定的系统上也作了。
相关内容
微信扫码咨询专知VIP会员