SAFE: Self Attentive Function Embedding for Binary Similarity

Presented at RomHack 2019, Sept. 28, 2019, 4 p.m. (45 minutes).

Deep Learning has been shown to be very effective when applied to binary analysis. In this talk we will present SAFE, an open source tool using a recurrent neural network to create similarity preserving vectorial representations of binary functions (the so called embeddings). Using them it is possible to detect if two functions are similar or not, thus embeddings can be a useful support for reverse engineering. As example, they permit to identify library functions inside a binary even if we don't have access to the exact compiled version of the linked library. Moreover, embeddings can be used also as a signature for vulnerability discovery and malware hunting. Finally, embeddings permit to identify the behaviour of a function, such as encryption.

Presenters:

• Luca Massarelli
  Luca Massarelli is PhD Student at Sapienza University of Rome from October 2017. After his master degree in Physics and some years of experience as analyst programmer in a consulting company he decided to focus on cybersecurity research. Its main research interest is application of Machine Learning to binary analysis, porting natural language processing technique in this new field.

Links:

• https://2019.romhack.io/speaker-massarelli-2019.html
• https://2019.romhack.io/slides-2019/RomHack2019 - Massarelli - SAFE.pdf

Similar Presentations:

• REcon 2012 / Be Social. Use Rewoltke.
• BSidesLV 2019 / Evaluating Code Embeddings
• BSidesSF 2019 / Attacking Deep Learning-Based NLP Systems with Malicious Word Embeddings