Abstract
We propose Nucleus, a novel function detection algorithm for binaries. In contrast to prior work, Nucleus is compiler-agnostic, and does not require any learning phase or signature information. Instead of scanning for signatures, Nucleus detects functions at the Control Flow Graph-level, making it inherently suitable for difficult cases such as non-contiguous or multi-entry functions. We evaluate Nucleus on a diverse set of 476 C and C ++ binaries, compiled with GCC, clang and Visual Studio for x86 and x64, at optimization levels O0-O3. We achieve consistently good performance, with a mean F-score of 0.95.
Original language | English |
---|---|
Title of host publication | Proceedings - 2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017 |
Publisher | Institute of Electrical and Electronics Engineers, Inc. |
Pages | 177-189 |
Number of pages | 13 |
ISBN (Electronic) | 9781509057610 |
DOIs | |
Publication status | Published - 28 Jun 2017 |
Event | 2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017 - Paris, France Duration: 26 Apr 2017 → 28 Apr 2017 |
Conference
Conference | 2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017 |
---|---|
Country/Territory | France |
City | Paris |
Period | 26/04/17 → 28/04/17 |
Keywords
- Disassembly
- function detection
- reverse engineering
- static analysis