Investigating the Cost of Anonymity on Dynamic Networks

In this paper we study the difficulty of counting nodes in a synchronous dynamic network where nodes share the same identifier, they communicate by using a broadcast with unlimited bandwidth and, at each synchronous round, network topology may change. To count in such setting, it has been shown that the presence of a leader is necessary. We focus on a particularly interesting subset of dynamic networks, namely \textit{Persistent Distance} - ${\cal G}($PD$)_{h}$, in which each node has a fixed distance from the leader across rounds and such distance is at most $h$. In these networks the dynamic diameter $D$ is at most $2h$. We prove the number of rounds for counting in ${\cal G}($PD$)_{2}$ is at least logarithmic with respect to the network size $|V|$. Thanks to this result, we show that counting on any dynamic anonymous network with $D$ constant w.r.t. $|V|$ takes at least $D+ \Omega(\text{log}\, |V| )$ rounds where $\Omega(\text{log}\, |V|)$ represents the additional cost to be payed for handling anonymity. At the best of our knowledge this is the fist non trivial, i.e. different from $\Omega(D)$, lower bounds on counting in anonymous interval connected networks with broadcast and unlimited bandwith

On deterministic counting in anonymous dynamic networks

Nella tesi di dottorato si analizza il problema del counting in reti anonime dinamiche ed interval connesse. Vengono dimostrati lower bound non triviali sul tempo di conteggio in reti a diametro costante. Inoltre vengono sviluppati nuovi algoritmi di conteggio.Counting is a fundamental problem of every distributed system as it represents a basic building block to implement high level abstractions [2,4,6]. We focus on deterministic counting algorithms, that is we assume that no source of randomness is available to processes. We consider a dynamic system where processes do not leave the compu- tation while there is an adversary that continuously changes the communication graph connecting such processes. The adversary is only constrained to maintain at each round a connected topology, i.e. 1-interval connectivity G(1-IC) [3]. In such environment, it has been shown, [5], that counting cannot be solved without a leader. Therefore, we assume that all processes are anonymous but the distinguished leader. In the thesis we will discuss bounds and algorithms for counting in the aforementioned framework. Our bounds are obtained investigating networks where the distance between the leader and an anonymous process is persistent across rounds and is at most h, we denote such networks as G(PD)h [1]. Interestingly we will show that counting in G(PD)2 requires Ω(log |V |) rounds even when the bandwidth is unlimited. This implies that counting in networks with constant dynamic diameter requires a number of rounds that is function of the network size. We will discuss other results concerning the accuracy of counting algorithms. For the possibility side we will show an optimal counting algorithm for G(PD)h networks and a counting algorithm for G(1-IC) networks

SAFE: Self-Attentive Function Embeddings for Binary Similarity

The binary similarity problem consists in determining if two functions are similar by only considering their compiled form. Advanced techniques for binary similarity recently gained momentum as they can be applied in several fields, such as copyright disputes, malware analysis, vulnerability detection, etc., and thus have an immediate practical impact. Current solutions compare functions by first transforming their binary code in multi-dimensional vector representations (embeddings), and then comparing vectors through simple and efficient geometric operations. However, embeddings are usually derived from binary code using manual feature extraction, that may fail in considering important function characteristics, or may consider features that are not important for the binary similarity problem. In this paper we propose SAFE, a novel architecture for the embedding of functions based on a self-attentive neural network. SAFE works directly on disassembled binary functions, does not require manual feature extraction, is computationally more efficient than existing solutions (i.e., it does not incur in the computational overhead of building or manipulating control flow graphs), and is more general as it works on stripped binaries and on multiple architectures. We report the results from a quantitative and qualitative analysis that show how SAFE provides a noticeable performance improvement with respect to previous solutions. Furthermore, we show how clusters of our embedding vectors are closely related to the semantic of the implemented algorithms, paving the way for further interesting applications (e.g. semantic-based binary function search).Comment: Published in International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) 201

Adversarial Attacks against Binary Similarity Systems

In recent years, binary analysis gained traction as a fundamental approach to inspect software and guarantee its security. Due to the exponential increase of devices running software, much research is now moving towards new autonomous solutions based on deep learning models, as they have been showing state-of-the-art performances in solving binary analysis problems. One of the hot topics in this context is binary similarity, which consists in determining if two functions in assembly code are compiled from the same source code. However, it is unclear how deep learning models for binary similarity behave in an adversarial context. In this paper, we study the resilience of binary similarity models against adversarial examples, showing that they are susceptible to both targeted and untargeted attacks (w.r.t. similarity goals) performed by black-box and white-box attackers. In more detail, we extensively test three current state-of-the-art solutions for binary similarity against two black-box greedy attacks, including a new technique that we call Spatial Greedy, and one white-box attack in which we repurpose a gradient-guided strategy used in attacks to image classifiers

Function Representations for Binary Similarity

The binary similarity problem consists in determining if two functions are similar considering only their compiled form. Advanced techniques for binary similarity recently gained momentum as they can be applied in several fields, such as copyright disputes, malware analysis, vulnerability detection, etc. In this paper we describe SAFE, a novel architecture for function representation based on a self-attentive neural network. SAFE works directly on disassembled binary functions, does not require manual feature extraction, is computationally more efficient than existing solutions, and is more general as it works on stripped binaries and on multiple architectures. Results from our experimental evaluation show how SAFE provides a performance improvement with respect to previoussolutions. Furthermore, we show how SAFE can be used in widely different use cases, thus providing a general solution for several application scenarios

Debugging Debug Information With Neural Networks

n/