1/8/2023 0 Comments Autotap software keysHowever, current practice to extract a tap point for an OS kernel is through either analyzing kernel source code or manually reverse engineering of kernel binary. We also show that the type information our proposed system learns is capable of helping detect malware.Īutomatic uncovering of tap points (i.e., places to deploy active monitoring) in an OS kernel is useful in many security applications such as virtual machine introspection, kernel malware detection, and kernel rootkit profiling. The results demonstrate that our approach is more precise, both in terms of correct types and compatible types, than the commercial tool Hex-Rays, the open source tool Snowman, and a recent tool EKLAVYA using machine learning. Finally, several experiments are conducted to evaluate our approach. The classifier is then used to learn types for new and unseen binaries. We first use machine learning to train a classifier with basic types as its levels from binaries with debugging information. Motivated by “duck typing,” our approach learn types for recovered variables from their features and properties (e.g., related representative instructions). In this paper, we propose a new approach to learning types for binary code. Most existing research work resorts to program analysis techniques, which can be either too heavyweight to be viable in practice or too conservative to be able to infer types with high accuracy. Binary type inference is a challenging problem due partly to the fact that during the compilation much type-related information has been lost.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |