Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned

Binary code similarity analysis (BCSA) is widely used for diverse security applications such as plagiarism detection, software license violation detection, and vulnerability discovery. Despite the surging research interest in BCSA, it is significantly challenging to perform new research in this field for several reasons. First, most existing approaches focus only on the end results, namely, increasing the success rate of BCSA, by adopting uninterpretable machine learning. Moreover, they utilize their own benchmark sharing neither the source code nor the entire dataset. Finally, researchers often use different terminologies or even use the same technique without citing the previous literature properly, which makes it difficult to reproduce or extend previous work. To address these problems, we take a step back from the mainstream and contemplate fundamental research questions for BCSA. Why does a certain technique or a feature show better results than the others? Specifically, we conduct the first systematic study on the basic features used in BCSA by leveraging interpretable feature engineering on a large-scale benchmark. Our study reveals various useful insights on BCSA. For example, we show that a simple interpretable model with a few basic features can achieve a comparable result to that of recent deep learning-based approaches. Furthermore, we show that the way we compile binaries or the correctness of underlying binary analysis tools can significantly affect the performance of BCSA. Lastly, we make all our source code and benchmark public and suggest future directions in this field to help further research.Comment: 22 pages, under revision to Transactions on Software Engineering (July 2021

Unilateral Hydronephrosis and Hydroureter by Foreign Body in Urinary Bladder: A Case Report

Foreign bodies inserted through the urethra are often found in the urinary bladder. We presently report the first case of hydronephrosis and hydroureter due to direct compression in the urinary bladder by silicon, which had been introduced by the patient himself 2 yr prior to presentation with severe right flank pain. Computed tomography indicated a convoluted, high-attenuation mass in the urinary bladder; unilateral hydronephrosis and hydroureter were also present due to direct compression by the mass. The foreign body was removed using a cystoscope. This foreign body was proven to be silicon

Harvey: A Greybox Fuzzer for Smart Contracts

We present Harvey, an industrial greybox fuzzer for smart contracts, which are programs managing accounts on a blockchain. Greybox fuzzing is a lightweight test-generation approach that effectively detects bugs and security vulnerabilities. However, greybox fuzzers randomly mutate program inputs to exercise new paths; this makes it challenging to cover code that is guarded by narrow checks, which are satisfied by no more than a few input values. Moreover, most real-world smart contracts transition through many different states during their lifetime, e.g., for every bid in an auction. To explore these states and thereby detect deep vulnerabilities, a greybox fuzzer would need to generate sequences of contract transactions, e.g., by creating bids from multiple users, while at the same time keeping the search space and test suite tractable. In this experience paper, we explain how Harvey alleviates both challenges with two key fuzzing techniques and distill the main lessons learned. First, Harvey extends standard greybox fuzzing with a method for predicting new inputs that are more likely to cover new paths or reveal vulnerabilities in smart contracts. Second, it fuzzes transaction sequences in a targeted and demand-driven way. We have evaluated our approach on 27 real-world contracts. Our experiments show that the underlying techniques significantly increase Harvey's effectiveness in achieving high coverage and detecting vulnerabilities, in most cases orders-of-magnitude faster; they also reveal new insights about contract code.Comment: arXiv admin note: substantial text overlap with arXiv:1807.0787

KMT-2016-BLG-1107: A New Hollywood-Planet Close/Wide Degeneracy

We show that microlensing event KMT-2016-BLG-1107 displays a new type of degeneracy between wide-binary and close-binary Hollywood events in which a giant-star source envelops the planetary caustic. The planetary anomaly takes the form of a smooth, two-day "bump" far out on the falling wing of the light curve, which can be interpreted either as the source completely enveloping a minor-image caustic due to a close companion with mass ratio $q=0.036$, or partially enveloping a major-image caustic due to a wide companion with $q=0.004$. The best estimates of the companion masses are both in the planetary regime ($3.3^{+3.5}_{-1.8}\,M_{\rm jup}$ and $0.090^{+0.096}_{-0.037}\,M_{\rm jup}$) but differ by an even larger factor than the mass ratios due to different inferred host masses. We show that the two solutions can be distinguished by high-resolution imaging at first light on next-generation ("30m") telescopes. We provide analytic guidance to understand the conditions under which this new type of degeneracy can appear.Comment: 23 pages, 7 figures, accepted for publication in A

KMT-2018-BLG-1990Lb: A Nearby Jovian Planet From A Low-Cadence Microlensing Field

We report the discovery and characterization of KMT-2018-BLG-1990Lb, a Jovian planet $(m_p=0.57_{-0.25}^{+0.79}\,M_J)$ orbiting a late M dwarf $(M=0.14_{-0.06}^{+0.20}\,M_\odot)$, at a distance (D_L=1.23_{-0.43}^{+1.06}\,\kpc), and projected at $2.6\pm 0.6$ times the snow line distance, i.e., a_{\rm snow}\equiv 2.7\,\au (M/M_\odot), This is the second Jovian planet discovered by KMTNet in its low cadence ($0.4\,{\rm hr}^{-1}$) fields, demonstrating that this population will be well characterized based on survey-only microlensing data.Comment: 24 pages, 7 figures, 4 table

KMT-2018-BLG-1292: A Super-Jovian Microlens Planet in the Galactic Plane

We report the discovery of KMT-2018-BLG-1292Lb, a super-Jovian $M_{\rm planet} = 4.5\pm 1.3\,M_J$ planet orbiting an F or G dwarf $M_{\rm host} = 1.5\pm 0.4\,M_\odot$, which lies physically within {\cal O}(10\,\pc) of the Galactic plane. The source star is a heavily extincted $A_I\sim 5.2$ luminous giant that has the lowest Galactic latitude, $b=-0.28^\circ$, of any planetary microlensing event. The relatively blue blended light is almost certainly either the host or its binary companion, with the first explanation being substantially more likely. This blend dominates the light at $I$ band and completely dominates at $R$ and $V$ bands. Hence, the lens system can be probed by follow-up observations immediately, i.e., long before the lens system and the source separate due to their relative proper motion. The system is well characterized despite the low cadence $\Gamma=0.15$--$0.20\,{\rm hr^{-1}}$ of observations and short viewing windows near the end of the bulge season. This suggests that optical microlensing planet searches can be extended to the Galactic plane at relatively modest cost.Comment: 35 pages, 3 Tables, 8 figure

Predictive factors of contrast-enhanced ultrasonography for the response to transarterial chemoembolization in hepatocellular carcinoma

Background/AimsThe predictive role of contrast-enhanced ultrasonography (CEUS) before performing transarterial chemoembolization (TACE) has not been determined. We assessed the possible predictive factors of CEUS for the response to TACE.MethodsSeventeen patients with 18 hepatocellular carcinoma (HCC) underwent TACE. All of the tumors were studied with CEUS before TACE using a second-generation ultrasound contrast agent (SonoVue®, Bracco, Milan, Italy). The tumor response to TACE was classified with a score between 1 and 4 according to the remaining enhancing-tumor percentage based on modified response evaluation criteria in solid tumors (mRECIST): 1, enhancing tumor <25%; 2, 25%≤enhancing tumor<50%; 3, 50%≤enhancing tumor<75%; and 4, enhancing tumor≥75%). A score of 1 was defined as a "good response" to TACE. The predictive factors for the response to TACE were evaluated during CEUS based on the maximum tumor diameter, initial arterial enhancing time, arterial enhancing duration, intensity of arterial enhancement, presence of a hypoenhanced pattern, and the feeding artery to the tumor.ResultsThe median tumor size was 3.1 cm. The distribution of tumor response scores after TACE in all tumors was as follows: 1, n=11; 2, n=4; 3, n=2; and 4, n=1. Fifteen tumors showed feeding arteries. The presence of a feeding artery and the tumor size (≤5 cm) were the predictive factors for a good response (P=0.043 and P=0.047, respectively).ConclusionsThe presence of a feeding artery and a tumor size of less than 5 cm were the predictive factors for a good response of HCC to TACE on CEUS