Asm2Seq: Explainable Assembly Code Functional Summary Generation for Reverse Engineering and Vulnerability Analysis

Reverse engineering is the process of understanding the inner working of a software system without having the source code. It is critical for firmware security validation, software vulnerability research, and malware analysis. However, it often requires a significant amount of manual effort. Recentl...

Full description

Saved in:
Bibliographic Details
Published in:Digital threats (Print) 2024-03, Vol.5 (1), p.1-25, Article 6
Main Authors: Taviss, Scarlett, Ding, Steven H. H., Zulkernine, Mohammad, Charland, Philippe, Acharya, Sudipta
Format: Article
Language:English
Subjects:
Malware and its mitigation
Security and privacy
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-a277t-bf666cef1d34ff2f7b1dea0fd1ff13db7f2f61873ff78a1107ab0a40ac2aa2683
cites cdi_FETCH-LOGICAL-a277t-bf666cef1d34ff2f7b1dea0fd1ff13db7f2f61873ff78a1107ab0a40ac2aa2683
container_end_page 25
container_issue 1
container_start_page 1
container_title Digital threats (Print)
container_volume 5
creator Taviss, Scarlett
Ding, Steven H. H.
Zulkernine, Mohammad
Charland, Philippe
Acharya, Sudipta
description Reverse engineering is the process of understanding the inner working of a software system without having the source code. It is critical for firmware security validation, software vulnerability research, and malware analysis. However, it often requires a significant amount of manual effort. Recently, data-driven solutions were proposed to reduce manual effort by identifying the code clones on the assembly or the source level. However, security analysts still have to understand the matched assembly or source code to develop an understanding of the functionality, and it is assumed that such a matched candidate always exists. This research bridges the gap by introducing the problem of assembly code summarization. Given the assembly code as input, we propose a machine-learning-based system that can produce human-readable summarizations of the functionalities in the context of code vulnerability analysis. We generate the first assembly code to function summary dataset and propose to leverage the encoder-decoder architecture. With the attention mechanism, it is possible to understand what aspects of the assembly code had the largest impact on generating the summary. Our experiment shows that the proposed solution achieves high accuracy and the Bilingual Evaluation Understudy (BLEU) score. Finally, we have performed case studies on real-life CVE vulnerability cases to better understand the proposed method’s performance and practical implications.
doi_str_mv 10.1145/3592623
format article
fullrecord <record><control><sourceid>acm_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1145_3592623</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3592623</sourcerecordid><originalsourceid>FETCH-LOGICAL-a277t-bf666cef1d34ff2f7b1dea0fd1ff13db7f2f61873ff78a1107ab0a40ac2aa2683</originalsourceid><addsrcrecordid>eNo9kM1Lw0AUxBdRsNTi3dPePEX3I9lNvYXSVqEgWPUaXpK3ZWWzqbutmP_eBKunecz7MQxDyDVnd5yn2b3M5kIJeUYmItMqyaTU58Ot5iLhSqhLMovxgzEmJE_zbD4hsYit2OLnA11-7x1YD5VDWsSIbeV6uugapKujrw-28-Do9ti2EHq6Ro8BRpOaLtAX_MIQkS79znrEYP2Ogm_o-9GNXGWdPfS0GBL6aOMVuTDgIs5OOiVvq-Xr4jHZPK-fFsUmAaH1IamMUqpGwxuZGiOMrniDwEzDjeGyqfTgKZ5raYzOgXOmoWKQMqgFgFC5nJLb39w6dDEGNOU-2LF-yVk5zlWe5hrIm18S6vYf-nv-ANkSZy4</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Asm2Seq: Explainable Assembly Code Functional Summary Generation for Reverse Engineering and Vulnerability Analysis</title><source>ACM Digital Library</source><creator>Taviss, Scarlett ; Ding, Steven H. H. ; Zulkernine, Mohammad ; Charland, Philippe ; Acharya, Sudipta</creator><creatorcontrib>Taviss, Scarlett ; Ding, Steven H. H. ; Zulkernine, Mohammad ; Charland, Philippe ; Acharya, Sudipta</creatorcontrib><description>Reverse engineering is the process of understanding the inner working of a software system without having the source code. It is critical for firmware security validation, software vulnerability research, and malware analysis. However, it often requires a significant amount of manual effort. Recently, data-driven solutions were proposed to reduce manual effort by identifying the code clones on the assembly or the source level. However, security analysts still have to understand the matched assembly or source code to develop an understanding of the functionality, and it is assumed that such a matched candidate always exists. This research bridges the gap by introducing the problem of assembly code summarization. Given the assembly code as input, we propose a machine-learning-based system that can produce human-readable summarizations of the functionalities in the context of code vulnerability analysis. We generate the first assembly code to function summary dataset and propose to leverage the encoder-decoder architecture. With the attention mechanism, it is possible to understand what aspects of the assembly code had the largest impact on generating the summary. Our experiment shows that the proposed solution achieves high accuracy and the Bilingual Evaluation Understudy (BLEU) score. Finally, we have performed case studies on real-life CVE vulnerability cases to better understand the proposed method’s performance and practical implications.</description><identifier>ISSN: 2692-1626</identifier><identifier>EISSN: 2576-5337</identifier><identifier>DOI: 10.1145/3592623</identifier><language>eng</language><publisher>New York, NY: ACM</publisher><subject>Malware and its mitigation ; Security and privacy</subject><ispartof>Digital threats (Print), 2024-03, Vol.5 (1), p.1-25, Article 6</ispartof><rights>Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the owner/author(s).</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-a277t-bf666cef1d34ff2f7b1dea0fd1ff13db7f2f61873ff78a1107ab0a40ac2aa2683</citedby><cites>FETCH-LOGICAL-a277t-bf666cef1d34ff2f7b1dea0fd1ff13db7f2f61873ff78a1107ab0a40ac2aa2683</cites><orcidid>0000-0003-4513-200X ; 0000-0001-7907-2426 ; 0000-0002-3014-0907 ; 0000-0003-0913-3638 ; 0000-0003-4051-9942</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://dl.acm.org/doi/pdf/10.1145/3592623$$EPDF$$P50$$Gacm$$Hfree_for_read</linktopdf><link.rule.ids>314,780,784,2282,27924,27925,40196,76228</link.rule.ids></links><search><creatorcontrib>Taviss, Scarlett</creatorcontrib><creatorcontrib>Ding, Steven H. H.</creatorcontrib><creatorcontrib>Zulkernine, Mohammad</creatorcontrib><creatorcontrib>Charland, Philippe</creatorcontrib><creatorcontrib>Acharya, Sudipta</creatorcontrib><title>Asm2Seq: Explainable Assembly Code Functional Summary Generation for Reverse Engineering and Vulnerability Analysis</title><title>Digital threats (Print)</title><addtitle>ACM DTRAP</addtitle><description>Reverse engineering is the process of understanding the inner working of a software system without having the source code. It is critical for firmware security validation, software vulnerability research, and malware analysis. However, it often requires a significant amount of manual effort. Recently, data-driven solutions were proposed to reduce manual effort by identifying the code clones on the assembly or the source level. However, security analysts still have to understand the matched assembly or source code to develop an understanding of the functionality, and it is assumed that such a matched candidate always exists. This research bridges the gap by introducing the problem of assembly code summarization. Given the assembly code as input, we propose a machine-learning-based system that can produce human-readable summarizations of the functionalities in the context of code vulnerability analysis. We generate the first assembly code to function summary dataset and propose to leverage the encoder-decoder architecture. With the attention mechanism, it is possible to understand what aspects of the assembly code had the largest impact on generating the summary. Our experiment shows that the proposed solution achieves high accuracy and the Bilingual Evaluation Understudy (BLEU) score. Finally, we have performed case studies on real-life CVE vulnerability cases to better understand the proposed method’s performance and practical implications.</description><subject>Malware and its mitigation</subject><subject>Security and privacy</subject><issn>2692-1626</issn><issn>2576-5337</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNo9kM1Lw0AUxBdRsNTi3dPePEX3I9lNvYXSVqEgWPUaXpK3ZWWzqbutmP_eBKunecz7MQxDyDVnd5yn2b3M5kIJeUYmItMqyaTU58Ot5iLhSqhLMovxgzEmJE_zbD4hsYit2OLnA11-7x1YD5VDWsSIbeV6uugapKujrw-28-Do9ti2EHq6Ro8BRpOaLtAX_MIQkS79znrEYP2Ogm_o-9GNXGWdPfS0GBL6aOMVuTDgIs5OOiVvq-Xr4jHZPK-fFsUmAaH1IamMUqpGwxuZGiOMrniDwEzDjeGyqfTgKZ5raYzOgXOmoWKQMqgFgFC5nJLb39w6dDEGNOU-2LF-yVk5zlWe5hrIm18S6vYf-nv-ANkSZy4</recordid><startdate>20240321</startdate><enddate>20240321</enddate><creator>Taviss, Scarlett</creator><creator>Ding, Steven H. H.</creator><creator>Zulkernine, Mohammad</creator><creator>Charland, Philippe</creator><creator>Acharya, Sudipta</creator><general>ACM</general><scope>AAYXX</scope><scope>CITATION</scope><orcidid>https://orcid.org/0000-0003-4513-200X</orcidid><orcidid>https://orcid.org/0000-0001-7907-2426</orcidid><orcidid>https://orcid.org/0000-0002-3014-0907</orcidid><orcidid>https://orcid.org/0000-0003-0913-3638</orcidid><orcidid>https://orcid.org/0000-0003-4051-9942</orcidid></search><sort><creationdate>20240321</creationdate><title>Asm2Seq: Explainable Assembly Code Functional Summary Generation for Reverse Engineering and Vulnerability Analysis</title><author>Taviss, Scarlett ; Ding, Steven H. H. ; Zulkernine, Mohammad ; Charland, Philippe ; Acharya, Sudipta</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a277t-bf666cef1d34ff2f7b1dea0fd1ff13db7f2f61873ff78a1107ab0a40ac2aa2683</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Malware and its mitigation</topic><topic>Security and privacy</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Taviss, Scarlett</creatorcontrib><creatorcontrib>Ding, Steven H. H.</creatorcontrib><creatorcontrib>Zulkernine, Mohammad</creatorcontrib><creatorcontrib>Charland, Philippe</creatorcontrib><creatorcontrib>Acharya, Sudipta</creatorcontrib><collection>CrossRef</collection><jtitle>Digital threats (Print)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Taviss, Scarlett</au><au>Ding, Steven H. H.</au><au>Zulkernine, Mohammad</au><au>Charland, Philippe</au><au>Acharya, Sudipta</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Asm2Seq: Explainable Assembly Code Functional Summary Generation for Reverse Engineering and Vulnerability Analysis</atitle><jtitle>Digital threats (Print)</jtitle><stitle>ACM DTRAP</stitle><date>2024-03-21</date><risdate>2024</risdate><volume>5</volume><issue>1</issue><spage>1</spage><epage>25</epage><pages>1-25</pages><artnum>6</artnum><issn>2692-1626</issn><eissn>2576-5337</eissn><abstract>Reverse engineering is the process of understanding the inner working of a software system without having the source code. It is critical for firmware security validation, software vulnerability research, and malware analysis. However, it often requires a significant amount of manual effort. Recently, data-driven solutions were proposed to reduce manual effort by identifying the code clones on the assembly or the source level. However, security analysts still have to understand the matched assembly or source code to develop an understanding of the functionality, and it is assumed that such a matched candidate always exists. This research bridges the gap by introducing the problem of assembly code summarization. Given the assembly code as input, we propose a machine-learning-based system that can produce human-readable summarizations of the functionalities in the context of code vulnerability analysis. We generate the first assembly code to function summary dataset and propose to leverage the encoder-decoder architecture. With the attention mechanism, it is possible to understand what aspects of the assembly code had the largest impact on generating the summary. Our experiment shows that the proposed solution achieves high accuracy and the Bilingual Evaluation Understudy (BLEU) score. Finally, we have performed case studies on real-life CVE vulnerability cases to better understand the proposed method’s performance and practical implications.</abstract><cop>New York, NY</cop><pub>ACM</pub><doi>10.1145/3592623</doi><tpages>25</tpages><orcidid>https://orcid.org/0000-0003-4513-200X</orcidid><orcidid>https://orcid.org/0000-0001-7907-2426</orcidid><orcidid>https://orcid.org/0000-0002-3014-0907</orcidid><orcidid>https://orcid.org/0000-0003-0913-3638</orcidid><orcidid>https://orcid.org/0000-0003-4051-9942</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 2692-1626
ispartof Digital threats (Print), 2024-03, Vol.5 (1), p.1-25, Article 6
issn 2692-1626
2576-5337
language eng
recordid cdi_crossref_primary_10_1145_3592623
source ACM Digital Library
subjects Malware and its mitigation
Security and privacy
title Asm2Seq: Explainable Assembly Code Functional Summary Generation for Reverse Engineering and Vulnerability Analysis
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-29T20%3A08%3A56IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-acm_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Asm2Seq:%20Explainable%20Assembly%20Code%20Functional%20Summary%20Generation%20for%20Reverse%20Engineering%20and%20Vulnerability%20Analysis&rft.jtitle=Digital%20threats%20(Print)&rft.au=Taviss,%20Scarlett&rft.date=2024-03-21&rft.volume=5&rft.issue=1&rft.spage=1&rft.epage=25&rft.pages=1-25&rft.artnum=6&rft.issn=2692-1626&rft.eissn=2576-5337&rft_id=info:doi/10.1145/3592623&rft_dat=%3Cacm_cross%3E3592623%3C/acm_cross%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-a277t-bf666cef1d34ff2f7b1dea0fd1ff13db7f2f61873ff78a1107ab0a40ac2aa2683%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true