CAREER: Advanced Trace-Oriented Binary Code Analysis

职业：高级面向跟踪的二进制代码分析

• 批准号: 1652790
• 负责人: Dinghao Wu
• 金额: $ 49.47万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-04-01 至 2025-03-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1652790&HistoricalAwards=false
• 关键词: CAREER; Advanced; Trace; Oriented; Binary

Binary code analysis is very attractive from a security viewpoint. First, in many tasks such as malware analysis, the source code of the program under examination is often absent, and the analysis has to be done on binary code. Second, even the source code is available, binary analysis allows us to reason about the real instructions executed on hardware and avoid the well-known WYSINWYX problem, What You See Is Not What You Execute. Third, some program behaviors, such as cache access patterns, are only exhibited in the low-level code. On the other hand, binary code analysis is faced with an increasing challenge caused by the emerging, readily available code obfuscation techniques. Traditional signature-based malware detection is often problematic as it relies on file hashes and byte (or instruction) signatures which are not very resilient to obfuscation.This project tackles the challenge by proposing several advanced methods that combine techniques from the behavior and semantics perspectives. Two new concepts, System Call Sliced Segment Equivalence Checking and N-gram Basic Block Semantics Memoization, are proposed to achieve better obfuscation resiliency and scalability. Compared with the existing approaches, these methods are based on the strong principles of program semantics and logics, more resilient to automatic obfuscation schemes, and more scalable with the proposed advanced semantics memoization techniques. In addition, the application is extended to side-channel detection with a new rigorous model. Upon completion, the project will make a significant contribution to binary code analysis in general. It will advance the state of the art of malware analysis and side-channel detection and help better defend cyber attacks, leading to more secure cyber space. Broader impact will also result from the education and dissemination initiatives.

从安全的角度来看，二进制代码分析是非常有吸引力的。首先，在许多任务中，如恶意软件分析，被检查程序的源代码往往是缺席的，分析必须在二进制代码上完成。其次，即使源代码是可用的，二进制分析也允许我们推断在硬件上执行的实际指令，并避免众所周知的WYSINWYX问题，即所见并非所执行。第三，一些程序行为，如缓存访问模式，只在底层代码中显示。另一方面，由于新兴的、现成的代码混淆技术，二进制代码分析面临着越来越大的挑战。传统的基于签名的恶意软件检测通常是有问题的，因为它依赖于文件哈希和字节（或指令）签名，而这些签名对混淆不是很有弹性。这个项目通过提出几个先进的方法来解决这个挑战，这些方法结合了行为和语义方面的技术。提出了两个新概念：系统调用切片段等价性检查和N-gram基本块语义记忆，以获得更好的混淆弹性和可扩展性。与现有方法相比，这些方法基于强大的程序语义和逻辑原则，对自动混淆方案更具弹性，并且与所提出的高级语义记忆技术相比更具可扩展性。此外，还提出了一种新的严格模型，将其应用于侧通道检测。完成后，该项目将对二进制代码分析做出重大贡献。它将推动恶意软件分析和侧信道检测技术的发展，并有助于更好地防御网络攻击，从而带来更安全的网络空间。教育和传播倡议也将产生更广泛的影响。

项目成果

DeepFuzz: Automatic Generation of Syntax Valid C Programs for Fuzz Testing

• DOI: 10.1609/aaai.v33i01.33011044
• 发表时间: 2019-07
• 作者: Xiao Liu;Xiaoting Li;Rupesh Prajapati;Dinghao Wu

PackerGrind: An Adaptive Unpacking System for Android Apps

• DOI: 10.1109/tse.2020.2996433
• 发表时间: 2020-05
• 期刊: IEEE Transactions on Software Engineering
• 影响因子: 7.4
• 作者: Lei Xue;Hao Zhou;Xiapu Luo;Le Yu;Dinghao Wu;Yajin Zhou;Xiaobo Ma

Source Code Implied Language Structure Abstraction through Backward Taint Analysis

通过向后污点分析进行源代码隐含语言结构抽象

• DOI: 10.5220/0012129000003538
• 发表时间: 2023
• 期刊: Proceedings of the 18th International Conference on Software Technologies (ICSOFT
• 作者: Wang, Zihao;Wang, Pei;Bao, Qinkun;Wu, Dinghao
• 通讯作者: Wu, Dinghao

A Lightweight Framework for Regular Expression Verification

• DOI: 10.1109/hase.2019.00011
• 发表时间: 2019
• 期刊: 2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE)
• 作者: Xiao Liu;Yufei Jiang;Dinghao Wu

Large-Scale Third-Party Library Detection in Android Markets

• DOI: 10.1109/tse.2018.2872958
• 发表时间: 2020-09
• 期刊: IEEE Transactions on Software Engineering
• 影响因子: 7.4
• 作者: Menghao Li;Pei Wang;Wei Wang;Shuai Wang;Dinghao Wu;Jian Liu;Rui Xue;Wei Huo;Wei Zou