Enregistré dans:
Détails bibliographiques
Auteurs principaux: McCully, Gary A., Hastings, John D., Xu, Shengjie, Fortier, Adam
Format: Preprint
Publié: 2024
Sujets:
Accès en ligne:https://arxiv.org/abs/2405.20611
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866910744290787328
author McCully, Gary A.
Hastings, John D.
Xu, Shengjie
Fortier, Adam
author_facet McCully, Gary A.
Hastings, John D.
Xu, Shengjie
Fortier, Adam
contents Detecting vulnerabilities within compiled binaries is challenging due to lost high-level code structures and other factors such as architectural dependencies, compilers, and optimization options. To address these obstacles, this research explores vulnerability detection using natural language processing (NLP) embedding techniques with word2vec, BERT, and RoBERTa to learn semantics from intermediate representation (LLVM IR) code. Long short-term memory (LSTM) neural networks were trained on embeddings from encoders created using approximately 48k LLVM functions from the Juliet dataset. This study is pioneering in its comparison of word2vec models with multiple bidirectional transformers (BERT, RoBERTa) embeddings built using LLVM code to train neural networks to detect vulnerabilities in compiled binaries. Word2vec Skip-Gram models achieved 92% validation accuracy in detecting vulnerabilities, outperforming word2vec Continuous Bag of Words (CBOW), BERT, and RoBERTa. This suggests that complex contextual embeddings may not provide advantages over simpler word2vec models for this task when a limited number (e.g. 48K) of data samples are used to train the bidirectional transformer-based models. The comparative results provide novel insights into selecting optimal embeddings for learning compiler-independent semantic code representations to advance machine learning detection of vulnerabilities in compiled binaries.
format Preprint
id arxiv_https___arxiv_org_abs_2405_20611
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Bi-Directional Transformers vs. word2vec: Discovering Vulnerabilities in Lifted Compiled Code
McCully, Gary A.
Hastings, John D.
Xu, Shengjie
Fortier, Adam
Cryptography and Security
Computation and Language
Machine Learning
Software Engineering
D.4.6; I.2.6; I.5.1
Detecting vulnerabilities within compiled binaries is challenging due to lost high-level code structures and other factors such as architectural dependencies, compilers, and optimization options. To address these obstacles, this research explores vulnerability detection using natural language processing (NLP) embedding techniques with word2vec, BERT, and RoBERTa to learn semantics from intermediate representation (LLVM IR) code. Long short-term memory (LSTM) neural networks were trained on embeddings from encoders created using approximately 48k LLVM functions from the Juliet dataset. This study is pioneering in its comparison of word2vec models with multiple bidirectional transformers (BERT, RoBERTa) embeddings built using LLVM code to train neural networks to detect vulnerabilities in compiled binaries. Word2vec Skip-Gram models achieved 92% validation accuracy in detecting vulnerabilities, outperforming word2vec Continuous Bag of Words (CBOW), BERT, and RoBERTa. This suggests that complex contextual embeddings may not provide advantages over simpler word2vec models for this task when a limited number (e.g. 48K) of data samples are used to train the bidirectional transformer-based models. The comparative results provide novel insights into selecting optimal embeddings for learning compiler-independent semantic code representations to advance machine learning detection of vulnerabilities in compiled binaries.
title Bi-Directional Transformers vs. word2vec: Discovering Vulnerabilities in Lifted Compiled Code
topic Cryptography and Security
Computation and Language
Machine Learning
Software Engineering
D.4.6; I.2.6; I.5.1
url https://arxiv.org/abs/2405.20611