首页    期刊浏览 2024年12月02日 星期一
登录注册

文章基本信息

  • 标题:Disassemble Byte Sequence Using Graph Attention Network
  • 本地全文:下载
  • 作者:Jing Qiu ; Feng Dong ; Guanglu Sun
  • 期刊名称:Journal of Universal Computer Science
  • 印刷版ISSN:0948-6968
  • 出版年度:2022
  • 卷号:28
  • 期号:7
  • 页码:758-775
  • DOI:10.3897/jucs.76528
  • 语种:English
  • 出版社:Graz University of Technology and Know-Center
  • 摘要:Disassembly is the basis of static analysis of binary code and is used in malicious code detection, vulnerability mining, software optimization, etc. Disassembly of arbitrary suspicious code blocks (e.g., for suspicious traffic packets intercepted by the network) is a difficult task. Traditional disassembly methods require manual specification of the starting address and cannot automate the disassembly of arbitrary code blocks. In this paper, we propose a disassembly method based on code extension selection network by combining traditional linear sweep and recursive traversal methods. First, each byte of a code block is used as the disassembly start address, and all disassembly results (control flow graphs) are combined into a single flow graph. Then a graph attention network is trained to pick the correct subgraph (control flow graph) as the final result. In the experiment, the compiler-generated executable file, as well as the executable file generated by hand-written assembly code, the data file and the byte sequence intercepted by the code segment were tested, and the disassembly accuracy was 93%, which can effectively distinguish the code from the data.
国家哲学社会科学文献中心版权所有