“软件智能分析”学术沙龙第六次活动将于2018年6月27日(星期三上午)9点在中国科学院软件研究所5号楼四层第一会议室举行。本次活动由中科院软件所软件智能分析协同创新团队和InForSec论坛共同举办,邀请到了新加坡国立大学的梁振凯教授,Chua Zheng Leong博士,两位学者将分别带来AI在二进制程序分析工作中应用的最新研究成果。敬请关注。
主办:中国科学院软件研究所软件智能分析协同创新团队
InForSec网安国际学术论坛
时间:2018年6月27日(周三)上午9:00-11:30
地点:中国科学院软件研究所5号楼四层第一会议室
会议议程
| 事项 | 主讲嘉宾 | 主题 | |
| 9:00 – 11:30 | 主持人:苏璞睿 中科院软件所研究员 | ||
| 9:00 – 10:00 | 专家报告 | 梁振凯 | Scaling up Binary Analysis through Knowledge-oriented Techniques |
| 10:10 – 11:10 | 专家报告 | Chua Zheng Leong | Neural Nets Can Learn Function Type Signatures From Binaries |
演讲嘉宾
题目:Scaling up Binary Analysis through Knowledge-oriented Techniques
讲者:梁振凯 副教授
摘要:Binary analysis is a fundamental technique in software and system security. It has a wide range of applications, such as vulnerability discovery, attack response, malware analysis, and software testing and debugging. Due to the lack of high-level semantics and complex program behaviors, it is challenging for binary analysis solutions to scale up to large real-world binaries in practice. Existing solutions are often task-driven and bounded by a practical time limit, which hinders comprehensively understanding of binaries. Furthermore, it is difficult to integrate the knowledge generated from different solutions. In this talk, we discuss our solutions, reflections, and ongoing efforts in scaling up binary analysis in a knowledge-oriented manner. We believe knowledge accumulation is the key to scale up binary analysis, where binary analysis solutions generate understandings that can be shared and reused in other solution. Our investigation includes techniques for knowledge extraction, tools for knowledge integration, and platforms for knowledge accumulations and sharing. The accumulated knowledge not only allows broader and deeper analysis into binaries, it also enables emerging data-driven and learning techniques to be effectively adopted in binary analysis tasks.
个人介绍:梁振凯,新加坡国立大学计算学院副教授。主要研究领域为系统安全与Web安全,目前研究主要集中于基于浏览器的Web应用安全检测与防护、远程攻击的响应和分析、以及软件调试,相关工作发表于ACM CCS, IEEE Security & Privacy, ACM SIGSOFT FSE, Usenix Security Symposium, NDSS等顶级国际会议和IEEE Transactions on Dependable and Secure
Computing (TDSC)、ACM Transactions on Software Engineering and Methodology (TOSEM)、 ACM Transactions on Information and System Security (TISSEC)等顶级国际期刊。梁振凯博士曾获得多个研究和教学奖项,其中包括:2014年ICECCS最佳论文奖,2014年W2SP最佳论文奖,2009年ACM SIGSOFT ESEC/FSE 杰出论文奖、2007年USENIX Security Symposium 最佳论文奖、2003年Annual Computer Security Applications Conference (ACSAC) 杰出论文奖,2008年新加坡国立大学的青年研究人员奖,2014年和2015年新加坡国立大学年度杰出教学奖。梁振凯博士2006年自纽约州立大学石溪分校(Stony Brook University)获得博士学位,1999年于北京大学获得计算机学士学位和经济学学士学位。
题目:Neural Nets Can Learn Function Type Signatures From Binaries
讲者:Chua Zheng Leong 博士
摘要:Function type signatures are important for binary analysis, but they are not available in COTS binaries. In this paper, we present a new system called EKLAVYA which trains a recurrent neural network to recover function type signatures from disassembled binary code. EKLAVYA assumes no knowledge of the target instruction set semantics to make such inference. More importantly, EKLAVYA results are “explicable”: we find by analyzing its model that it auto-learns relationships between instructions, compiler conventions, stack frame setup instructions, use-before-write patterns, and operations relevant to identifying types directly from binaries. In our evaluation on Linux binaries compiled with clang and gcc, for two different architectures (x86 and x64), EKLAVYA exhibits accuracy of around 84% and 81% for function argument count and type recovery tasks respectively. EKLAVYA generalizes well across the compilers tested on two different instruction sets with various optimization levels, without any specialized prior knowledge of the instruction set, compiler or optimization level.
个人介绍:Chua Zheng Leong, 博士,新加坡国立大学助理研究员。主要研究领域为系统安全,二进制分析技术与机器学习,相关工作发表于 Usenix Security Symposium,ACM CCS, IEEE Security & Privacy, NDSS等顶级国际会议,做为核心成员创建了新加坡国立大学Greyhats团队。
