Binary Code Similarity Detection through LSTM and Siamese Neural Network

Authors

DOI:

https://doi.org/10.4108/eai.14-9-2021.170956

Keywords:

Malware detection, binary analysis, LSTM, Siamese Neural Network, similarity detection

Abstract

Given the fact that many software projects are closed-source, analyzing security-related vulnerabilities at the binary level is quintessential to protect computer systems from attacks of malware. Binary code similarity detection is a potential solution for detecting malware from the binaries generated by the processor. In this paper, we proposed a malware detection mechanism based on the binaries using machine learning techniques. Through utilizing the Recurrent Neural Network (RNN), more specifically Long Short-Term Memory (LSTM) network, we generate the uniformed feature embedding of each binary file and further take advantage of the Siamese Neural Network to compute the similarity measure of the extracted features. Therefore, the security risks of the software projects can be evaluated through the similarity measure of the corresponding binaries with existing trained malware. Our real-world experimental results demonstrate a convincing performance in distinguishing out the outliers, and achieved slightly better performance compared with existing state-of-the-art methods.

Downloads

Published

14-09-2021

How to Cite

Luo, Z. ., Hou, T. ., Zhou, X. ., Zeng, H. ., & Lu, Z. . (2021). Binary Code Similarity Detection through LSTM and Siamese Neural Network. EAI Endorsed Transactions on Security and Safety, 8(29), e1. https://doi.org/10.4108/eai.14-9-2021.170956

Funding data