Architecture-independent matching of stripped binary code files using BERT and a Siamese neural network
Tekijät
Päivämäärä
2020Pääsyrajoitukset
Tekijä ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyväskylän yliopiston kirjaston arkistotyöasemalta.
Tekijänoikeudet
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
The proliferation of IoT devices brings many cyber security challenges. Identifying executable code with known vulnerabilities is one of them, this despite the fact that open source code is commonly used in IoT firmware. Factors that contribute to this challenge include the high usage of heterogeneous architectures, as well as non-standard toolsets and compilers when developing IoT firmware. To address this issue, this work examines the latest research in bi-nary code matching. It concludes that the research does not adequately address the current cyber security issues incurred by IoT devices and proposes a new method of binary code matching based on techniques and methods commonly seen in Natural Language Processing (NLP). An artefact using Google’s BERT and a custom bi-directional LSTM Siamese network is developed and tested to demonstrate the viability of this new method. The BERT model was pre-trained using the code sections of binary executables compiled for the ARM architecture. It achieved scores of 89.1% and 98.0% in the key metrics of masked_lm_accuracy and next_sentence_accuracy respectively. This pre-trained BERT model was used to extract embeddings from the binary files’ code sections in order to train and validate the Siamese network. The Siamese network achieved an average rate of approximately 80% on the task of match-ing the stripped code sections of binary files compiled by two separate open source projects. This compares favorably to the 0% accuracy achieved by the fuzzy hashing algorithms SSDEEP and SDHASH.
...
Asiasanat
Metadata
Näytä kaikki kuvailutiedotKokoelmat
- Pro gradu -tutkielmat [29556]
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
ISAdetect : Usable Automated Detection of CPU Architecture and Endianness for Executable Binary Files and Object Code
Kairajärvi, Sami; Costin, Andrei; Hämäläinen, Timo (ACM, 2020)Static and dynamic binary analysis techniques are actively used to reverse engineer software's behavior and to detect its vulnerabilities, even when only the binary code is available for analysis. To avoid analysis errors ... -
Node co-activations as a means of error detection : Towards fault-tolerant neural networks
Myllyaho, Lalli; Nurminen, Jukka K.; Mikkonen, Tommi (Elsevier, 2022)Context: Machine learning has proved an efficient tool, but the systems need tools to mitigate risks during runtime. One approach is fault tolerance: detecting and handling errors before they cause harm. Objective: This ... -
LiquidAI : Towards an Isomorphic AI/ML System Architecture for the Cloud-Edge Continuum
Systä, Kari; Pautasso, Cesare; Taivalsaari, Antero; Mikkonen, Tommi (Springer Nature Switzerland, 2023)A typical Internet of Things (IoT) system consists of a large number of different subsystems and devices, including sensors and actuators, gateways that connect them to the Internet, cloud services, end-user applications ... -
Adversarial Attack’s Impact on Machine Learning Model in Cyber-Physical Systems
Vähäkainu, Petri; Lehto, Martti; Kariluoto, Antti (Peregrine Technical Solutions, 2020)Deficiency of correctly implemented and robust defence leaves Internet of Things devices vulnerable to cyber threats, such as adversarial attacks. A perpetrator can utilize adversarial examples when attacking Machine ... -
An Architecture for Enabling Collective Intelligence in IoT Networks
Frantti, Tapio; Şafak, Ilgın (Springer, 2023)Proliferation of the Internet of Things (IoT) has fundamentally changed how different application environments are being used. IoT networks are prone to malicious attacks similar to other networks. Additionally, physical ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.