[연구] 구형준 교수 연구실, ACSAC 2022 논문 2편 게재 승인
- 소프트웨어융합대학
- 조회수1102
- 2022-09-16
SecAI 연구실 (지도교수: 구형준)의 논문 2편이 컴퓨터 보안 분야의 우수 학술대회인 ACSAC (Annual Computer Security Applications Conference)에 게재 승인되었습니다!
[논문 #1] Practical Binary Code Similarity Detection with BERT-based Transferable Similarity Learning: BERT와 Siamese neural network 기반으로 Few shot learning의 장점을 활용한 바이너리 유사도 논문으로 주어진 코드 snippet을 비교할 때 distance 함수의 scalar 값이 아니라 distance 자체를 학습을 통해 vector로 학습해 유사성을 판정합니다.
Abstract.
Binary code similarity detection serves as a basis for a wide spectrum of applications, including software plagiarism, malware classification, and known vulnerability discovery. However, the inference of contextual meanings of a binary is challenging due to the absence of semantic information available in source codes. Recent advances leverage the benefits of a deep learning architecture into a better understanding of underlying code semantics and the advantages of the Siamese architecture into better code similarity detection. In this paper, we propose BinShot, a BERT-based similarity learning architecture that is highly transferable for effective binary code similarity detection. We tackle the problem of detecting code similarity with one-shot learning (a special case of few-shot learning). To this end, we adopt a weighted distance vector with a binary cross entropy as a loss function on top of BERT. With the prototype implementation of BinShot, our experimental results demonstrate the effectiveness, transferability, and practicality of BinShot, which is robust to detecting the similarity of previously unseen functions.We show that BinShot outperforms the previous state-of-the-art approaches for binary code similarity detection.
[논문 #2] DeView: Confining Progressive Web Applications by Debloating Web API - 2020년 CCS에 발표한 Chromium debloating 논문(Slimium)의 후속작으로 Chromium 기반의 PWA (Progressive Web Application) debloating 연구입니다. 사용자 행위 등 동적 테스트를 통해 기록한 후 이를 재생하는 방식으로(record-and-replay) PWA에 사용하는 Web API를 프로파일링한 후, Web API 진입점만 제거해 가볍게 적용할 수 있도록 구현한 논문입니다.
Abstract.
A progressive web application (PWA) becomes an attractive option for building universal applications based on feature-rich web application programming interfaces (Web APIs). While flexible, such vast APIs inevitably bring a significant increase in an API attack surface, which commonly corresponds to a functionality that is neither needed nor wanted by the application. A promising approach to reduce the API attack surface is software debloating, a technique wherein an unused functionality is programmatically removed from an application or API. Unfortunately, debloating PWAs is challenging given the monolithic design and non-deterministic execution of a modern web browser. In this paper, we present DeView, a practical approach that reduces the attack surface of a PWA by blocking unnecessary but accessible web APIs. DeView tackles the challenges of PWA debloating by i) record-and-replay web API profiling that identifies needed web APIs on an app-by-app basis by replaying (recorded) browser interactions and ii) compiler-assisted browser debloating that eliminates the entry functions of corresponding web APIs from the mapping between web API and its entry point at a binary level. Our evaluation shows the effectiveness and practicality of DeView. DeView successfully eliminates 91.8% of accessible web APIs while i) maintaining original functionalities and ii) preventing 76.3% of known exploits on average.