Abstract
We propose Nucleus, a novel function detection algorithm for binaries. In contrast to prior work, Nucleus is compiler-agnostic, and does not require any learning phase or signature information. Instead of scanning for signatures, Nucleus detects functions at the Control Flow Graph-level, making it inherently suitable for difficult cases such as non-contiguous or multi-entry functions. We evaluate Nucleus on a diverse set of 476 C and C ++ binaries, compiled with GCC, clang and Visual Studio for x86 and x64, at optimization levels O0-O3. We achieve consistently good performance, with a mean F-score of 0.95.
Original language | English |
---|---|
Title of host publication | 2017 IEEE European Symposium on Security and Privacy (EuroS&P) |
Subtitle of host publication | [Proceedings] |
Publisher | Institute of Electrical and Electronics Engineers, Inc. |
Pages | 177-189 |
Number of pages | 13 |
ISBN (Electronic) | 9781509057627 |
ISBN (Print) | 9781509057634 |
DOIs | |
Publication status | Published - 2017 |
Event | 2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017 - Paris, France Duration: 26 Apr 2017 → 28 Apr 2017 |
Conference
Conference | 2nd IEEE European Symposium on Security and Privacy, EuroS and P 2017 |
---|---|
Country/Territory | France |
City | Paris |
Period | 26/04/17 → 28/04/17 |
Keywords
- Disassembly
- function detection
- reverse engineering
- static analysis