31 research outputs found
Revisiting Binary Code Similarity Analysis using Interpretable Feature Engineering and Lessons Learned
Binary code similarity analysis (BCSA) is widely used for diverse security
applications such as plagiarism detection, software license violation
detection, and vulnerability discovery. Despite the surging research interest
in BCSA, it is significantly challenging to perform new research in this field
for several reasons. First, most existing approaches focus only on the end
results, namely, increasing the success rate of BCSA, by adopting
uninterpretable machine learning. Moreover, they utilize their own benchmark
sharing neither the source code nor the entire dataset. Finally, researchers
often use different terminologies or even use the same technique without citing
the previous literature properly, which makes it difficult to reproduce or
extend previous work. To address these problems, we take a step back from the
mainstream and contemplate fundamental research questions for BCSA. Why does a
certain technique or a feature show better results than the others?
Specifically, we conduct the first systematic study on the basic features used
in BCSA by leveraging interpretable feature engineering on a large-scale
benchmark. Our study reveals various useful insights on BCSA. For example, we
show that a simple interpretable model with a few basic features can achieve a
comparable result to that of recent deep learning-based approaches.
Furthermore, we show that the way we compile binaries or the correctness of
underlying binary analysis tools can significantly affect the performance of
BCSA. Lastly, we make all our source code and benchmark public and suggest
future directions in this field to help further research.Comment: 22 pages, under revision to Transactions on Software Engineering
(July 2021
Models and Benchmarks for Representation Learning of Partially Observed Subgraphs
Subgraphs are rich substructures in graphs, and their nodes and edges can be
partially observed in real-world tasks. Under partial observation, existing
node- or subgraph-level message-passing produces suboptimal representations. In
this paper, we formulate a novel task of learning representations of partially
observed subgraphs. To solve this problem, we propose Partial Subgraph InfoMax
(PSI) framework and generalize existing InfoMax models, including DGI,
InfoGraph, MVGRL, and GraphCL, into our framework. These models maximize the
mutual information between the partial subgraph's summary and various
substructures from nodes to full subgraphs. In addition, we suggest a novel
two-stage model with -hop PSI, which reconstructs the representation of the
full subgraph and improves its expressiveness from different local-global
structures. Under training and evaluation protocols designed for this problem,
we conduct experiments on three real-world datasets and demonstrate that PSI
models outperform baselines.Comment: CIKM 2022 Short Paper (Camera-ready + Appendix