Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

BinGo: Identifying Security Patches in Binary Code with Graph Representation Learning (2312.07921v1)

Published 13 Dec 2023 in cs.CR and cs.SE

Abstract: A timely software update is vital to combat the increasing security vulnerabilities. However, some software vendors may secretly patch their vulnerabilities without creating CVE entries or even describing the security issue in their change log. Thus, it is critical to identify these hidden security patches and defeat potential N-day attacks. Researchers have employed various machine learning techniques to identify security patches in open-source software, leveraging the syntax and semantic features of the software changes and commit messages. However, all these solutions cannot be directly applied to the binary code, whose instructions and program flow may dramatically vary due to different compilation configurations. In this paper, we propose BinGo, a new security patch detection system for binary code. The main idea is to present the binary code as code property graphs to enable a comprehensive understanding of program flow and perform a LLM over each basic block of binary code to catch the instruction semantics. BinGo consists of four phases, namely, patch data pre-processing, graph extraction, embedding generation, and graph representation learning. Due to the lack of an existing binary security patch dataset, we construct such a dataset by compiling the pre-patch and post-patch source code of the Linux kernel. Our experimental results show BinGo can achieve up to 80.77% accuracy in identifying security patches between two neighboring versions of binary code. Moreover, BinGo can effectively reduce the false positives and false negatives caused by the different compilers and optimization levels.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (57)
  1. Learning to Represent Programs with Graphs. arXiv:1711.00740 [cs.LG]
  2. Code2Vec: Learning Distributed Representations of Code. Proc. ACM Program. Lang. 3, POPL, Article 40 (Jan. 2019), 29 pages. https://doi.org/10.1145/3290353
  3. BinRec: Dynamic Binary Lifting and Recompilation. In Proceedings of the Fifteenth European Conference on Computer Systems (EuroSys) (Heraklion, Greece). Association for Computing Machinery, New York, NY, USA, Article 36, 16 pages. https://doi.org/10.1145/3342195.3387550
  4. An in-depth analysis of disassembly on full-scale x86/x64 binaries. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, USA, 583–600.
  5. Angr. 2021. A python framework for analyzing binaries. http://angr.io/.
  6. Benjamin Bowman and H Howie Huang. 2020. Vgraph: A robust vulnerable code clone detection system using code property triplets. In 2020 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, Genoa, Italy, 53–69.
  7. Measuring and relieving the over-smoothing problem for graph neural networks from the topological view. In Proceedings of the AAAI conference on artificial intelligence, Vol. 34. Association for the Advancement of Artificial Intelligence, New York, USA, 3438–3445.
  8. Clang Team. 2020. clang - the Clang C, C++, and Objective-C compiler. https://clang.llvm.org/docs/CommandGuide/clang.html.
  9. BScout: Direct Whole Patch Presence Test for Java Executables. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Online, 1147–1164. https://www.usenix.org/conference/usenixsecurity20/presentation/dai
  10. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. arXiv:1810.04805 [cs.CL]
  11. Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries. In 26th Annual Network and Distributed System Security Symposium, NDSS. The Internet Society, San Diego, CA, USA, 15 pages. https://dx.doi.org/10.14722/ndss.2019.23126
  12. DEEPBINDIFF: Learning Program-Wide Code Representations for Binary Diffing. In Proceedings of the 27th Annual Network and Distributed System Security Symposium (NDSS’20). Internet Society, SanDiego,CA,USA, 16 pages. https://dx.doi.org/10.14722/ndss.2020.24311
  13. Detecting Security Patches via Behavioral Data in Code Repositories. arXiv:2302.02112 [cs.CR]
  14. CodeBERT: A Pre-Trained Model for Programming and Natural Languages. In Findings of the Association for Computational Linguistics (EMNLP 2020). Association for Computational Linguistics, Online, 1536–1547. https://doi.org/10.18653/v1/2020.findings-emnlp.139
  15. GCC team. 2018. Options That Control Optimization. https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html.
  16. BinProv: Binary Code Provenance Identification without Disassembly. In Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (RAID’22). Association for Computing Machinery, New York, NY, USA, 350–363. https://doi.org/10.1145/3545948.3545956
  17. PatchNet: A Tool for Deep Patch Classification. In Proceedings of the 41st ACM/IEEE International Conference on Software Engineering (ICSE 2019). IEEE Press, Montreal, Canada, 83–86. https://doi.org/10.1109/ICSE-Companion.2019.00044
  18. Buggraph: Differentiating source-binary code similarity with graph triplet-loss network. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security(AsiaCCS’21). Association for Computing Machinery, New York, NY, USA, 702–715.
  19. Vestige: Identifying Binary Code Provenance for Vulnerability Detection. In Applied Cryptography and Network Security (ACNS 2021). Springer International Publishing, Cham, 287–310.
  20. PDiff: Semantic-Based Patch Presence Testing for Downstream Kernels. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (Virtual Event, USA) (CCS ’20). Association for Computing Machinery, New York, NY, USA, 1149–1163. https://doi.org/10.1145/3372297.3417240
  21. ALBERT: A Lite BERT for Self-supervised Learning of Language Representations. In 8th International Conference on Learning Representations, ICLR 2020. OpenReview.net, Addis Ababa, Ethiopia, 16 pages. https://openreview.net/forum?id=H1eA7AEtvS
  22. BART: Denoising Sequence-to-Sequence Pre-training for Natural Language Generation, Translation, and Comprehension. arXiv:1910.13461 [cs.CL]
  23. Frank Li and Vern Paxson. 2017. A large-scale empirical study of security patches. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, New York, NY, USA, 2201–2215.
  24. Palmtree: Learning an assembly language model for instruction embedding. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS’21). ACM, New York, NY, USA, 3236–3251.
  25. Graph matching networks for learning the similarity of graph structured objects. In International conference on machine learning. PMLR, LongBeach,CA, USA, 3835–3845.
  26. CommitBART: A Large Pre-trained Model for GitHub Commits. arXiv:2208.08100 [cs.SE]
  27. RoBERTa: A Robustly Optimized BERT Pretraining Approach. arXiv:1907.11692 [cs.CL]
  28. SPIDER: Enabling Fast Patch Propagation In Related Software Repositories. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 1562–1579. https://doi.org/10.1109/SP40000.2020.00038
  29. Modeling functional similarity in source code with graph-based siamese networks. IEEE Transactions on Software Engineering 48, 10 (2021), 3771–3789.
  30. HERA: Hotpatching of Embedded Real-time Applications. In Proc. of 28th Network and Distributed System Security Symposium (NDSS). Internet Society, SanDiego,CA,USA, 16 pages. hhttps://dx.doi.org/10.14722/ndss.2021.24159
  31. OpenAI. 2022a. OpenAI ChatGPT. https://openai.com/blog/chatgpt.
  32. OpenAI. 2022b. OpenAI Codex. https://openai.com/blog/openai-codex.
  33. Fabio Pagani and Davide Balzarotti. 2021. Autoprofile: Towards automated profile generation for memory analysis. ACM Transactions on Privacy and Security 25, 1 (2021), 1–26.
  34. PalmTree. 2021. Pre-trained BERT model. https://drive.google.com/file/d/1yC3M-kVTFWql6hCgM_QCbKtc1PbdVdvp/view.
  35. XDA: Accurate, Robust Disassembly with Transfer Learning. In Proceedings of the 2021 Network and Distributed System Security Symposium (NDSS). Internet Society, USA, 1–18.
  36. Improving language understanding by generative pre-training. https://cdn.openai.com/research-covers/language-unsupervised/language_understanding_paper.pdf
  37. SmartCommit: A Graph-Based Interactive Assistant for Activity-Oriented Commits. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2021) (Athens, Greece). Association for Computing Machinery, New York, NY, USA, 379–390. https://doi.org/10.1145/3468264.3468551
  38. The DWARF Debugging Standard. 2021. Welcome to the DWARF Debugging Standard Website. http://dwarfstd.org/.
  39. Locating the security patches for disclosed oss vulnerabilities with vulnerability-commit correlation ranking. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS’21). Association for Computing Machinery, New York, NY, USA, 3282–3299.
  40. Synopsys technology. 2023. 2023 Open Source Security and Risk Analysis Report. https://www.synopsys.com/software-integrity/resources/analyst-reports/open-source-security-risk-analysis.html.
  41. Identifying Linux bug fixing patches. In 2012 34th International Conference on Software Engineering (ICSE). IEEE, Zurich, Switzerland, 386–396. https://doi.org/10.1109/ICSE.2012.6227176
  42. Cora: Decomposing and describing tangled code changes for reviewer. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, San Diego, CA, USA, 1050–1061.
  43. GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics. In 2023 2023 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, Los Alamitos, CA, USA, 604–621. https://doi.org/10.1109/SP46215.2023.00035
  44. Check it again: Detecting lacking-recheck bugs in os kernels. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS’18). Association for Computing Machinery, New York, NY, USA, 1899–1913.
  45. Detecting” 0-Day” Vulnerability: An Empirical Study of Secret Security Patch in OSS. In 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, IEEE, Portland, OR, USA, 485–492.
  46. PatchDB: A Large-Scale Security Patch Dataset. In 2021 51st Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, Taipei, Taiwan, China, 149–160. https://doi.org/10.1109/DSN48987.2021.00030
  47. Patchrnn: A deep learning-based system for security patch identification. In MILCOM 2021-2021 IEEE Military Communications Conference (MILCOM). IEEE, IEEE, San Francisco, CA, USA, 595–600.
  48. A machine learning approach to classify security patches into vulnerability types. In 2020 IEEE Conference on Communications and Network Security (CNS). IEEE, IEEE, Avignon, France, 1–9.
  49. Enhancing security patch identification by capturing structures in commits. IEEE Transactions on Dependable and Secure Computing 20, 6 (2022), 15 pages.
  50. Precisely characterizing security impact in a flood of patches via symbolic rule comparison. In Network and Distributed System Security Symposium (NDSS). Internet Society, USA, 1–18.
  51. SPAIN: Security Patch Analysis for Binaries towards Understanding the Pain and Pills. In 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE). IEEE, Buenos Aires, Argentina, 462–472. https://doi.org/10.1109/ICSE.2017.49
  52. Automatic Hot Patch Generation for Android Kernels. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, New Yord, NY, USA, 2397–2414. https://www.usenix.org/conference/usenixsecurity20/presentation/xu
  53. Modeling and Discovering Vulnerabilities with Code Property Graphs. In 2014 IEEE Symposium on Security and Privacy (SP). IEEE, Berkeley, CA, USA, 590–604. https://doi.org/10.1109/SP.2014.44
  54. Hang Zhang and Zhiyun Qian. 2018. Precise and Accurate Patch Presence Test for Binaries. In 27th USENIX Security Symposium (USENIX Security). USENIX Association, Baltimore, MD, 887–902. https://www.usenix.org/conference/usenixsecurity18/presentation/zhang-hang
  55. Learning to Represent Programs with Heterogeneous Graphs. In Proceedings of the 30th IEEE/ACM International Conference on Program Comprehension (ICPC ’22). Association for Computing Machinery, New York, NY, USA, 378–389. https://doi.org/10.1145/3524610.3527905
  56. An Investigation of the Android Kernel Patch Ecosystem. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, New York, NY, USA, 3649–3666. https://www.usenix.org/conference/usenixsecurity21/presentation/zhang-zheng
  57. SPI: Automated identification of security patches via commits. ACM Transactions on Software Engineering and Methodology (TOSEM) 31, 1 (2021), 1–27.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (7)
  1. Xu He (66 papers)
  2. Shu Wang (176 papers)
  3. Pengbin Feng (7 papers)
  4. Xinda Wang (9 papers)
  5. Shiyu Sun (4 papers)
  6. Qi Li (354 papers)
  7. Kun Sun (51 papers)

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now