• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.21 no.4
• /
• pp.25-29
• /
• 2021

The strip binary is a binary from which debug symbol information has been deleted, and therefore it is difficult to analyze the binary through techniques such as reverse engineering. Traditional binary analysis tools rely on debug symbolic information to analyze binaries, making it difficult to detect or analyze malicious code with features of these strip binaries. In order to solve this problem, the need for a technology capable of effectively extracting the information of the strip binary has emerged. In this paper, focusing on the fact that the byte code of the binary file is generated very differently depending on compiler version, optimazer level, etc. For effective compiler version extraction, the entire byte code is read and imaged as the target of the stripped binaries and this is applied to the convolution neural network. Finally, we achieve an accuracy of 93.5%, and we provide an opportunity to analyze stripped binary more effectively than before.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2021.11a
• /
• pp.270-272
• /
• 2021

최근 익명성이 보장되는 네트워크와 인터넷이 생기며 이를 이용한 악성코드가 증가하고 있다. 이를 막기 위한 방안 중 하나로 코드의 저자를 밝혀내는 연구인 코드 저자 식별이 있다. 이에 관해 최근 연구들은 소스 코드와 바이너리에서 높은 정확도로 저자를 식별해낼 수 있다는 것을 밝혀냈다. 하지만 스트립 바이너리와 관련해서는 연구가 많이 이루어지지 않았다. 이에 본 연구에서는 최근 연구에 사용되는 방법을 스트립 바이너리에 적용하여 실험을 진행하여 그 결과가 좋지 않음을 보였다. 그리고 이를 바탕으로 스트립 바이너리에서 저자 식별이 어려운 이유를 분석하였다.

• Journal of Software Assessment and Valuation
• /
• v.17 no.2
• /
• pp.39-46
• /
• 2021

To analyze and defend malware codes, reverse engineering is used as identify function location information. However, the stripped binary is not easy to find information such as function location because function symbol information is removed. To solve this problem, there are various binary analysis tools such as BAP and BitBlaze IDA Pro, but they are based on heuristics method, so they do not perform well in general. In this paper, we propose a technique to extract function information using LSTM-based models by applying algorithms of N-byte method that is extracted binaries corresponding to reverse assembling instruments in a recursive descent method. Through experiments, the proposed techniques were superior to the existing techniques in terms of time and accuracy.