Paper Info
Title
Disassemble Byte Sequence Using Graph Attention Network
Abstract
Disassembly is the basis of static analysis of binary code and is used in malicious code detection, vulnerability mining, software optimization, etc. Disassembly of arbitrary suspicious code blocks (e.g., for suspicious traffic packets intercepted by the network) is a difficult task. Traditional disassembly methods require manual specification of the starting address and cannot automate the disassembly of arbitrary code blocks. In this paper, we propose a disassembly method based on code extension selection network by combining traditional linear sweep and recursive traversal methods. First, each byte of a code block is used as the disassembly start address, and all disassembly results (control flow graphs) are combined into a single flow graph. Then a graph attention network is trained to pick the correct subgraph (control flow graph) as the final result. In the experiment, the compiler-generated executable file, as well as the executable file generated by hand-written assembly code, the data file and the byte sequence intercepted by the code segment were tested, and the disassembly accuracy was 93%, which can effectively distinguish the code from the data.
Year
DOI
Venue
2022
10.3897/jucs.76528
JOURNAL OF UNIVERSAL COMPUTER SCIENCE
Keywords
DocType
Volume
Graph neural network, disassembly, function identification, reverse engineering, binary code analysis
Journal
28
Issue
ISSN
Citations 
7
0948-695X
0
PageRank 
References 
Authors
0.34
0
3
Name
Order
Citations
PageRank
Jing Qiu100.34
Feng Dong200.34
Guang-Lu Sun35816.03