Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Zhang, Haotian, Liu, Kun, Garces, Cristian, Luo, Chenke, Lei, Yu, Ming, Jiang
Format: Preprint
Veröffentlicht: 2025
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2507.18801
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866915605437743104
author Zhang, Haotian
Liu, Kun
Garces, Cristian
Luo, Chenke
Lei, Yu
Ming, Jiang
author_facet Zhang, Haotian
Liu, Kun
Garces, Cristian
Luo, Chenke
Lei, Yu
Ming, Jiang
contents Binary code analysis is essential in scenarios where source code is unavailable, with extensive applications across various security domains. However, accurately resolving indirect call targets remains a longstanding challenge in maintaining the integrity of static analysis in binary code. This difficulty arises because the operand of a call instruction (e.g., call rax) remains unknown until runtime, resulting in an incomplete inter-procedural control flow graph (CFG). Previous approaches have struggled with low accuracy and limited scalability. To address these limitations, recent work has increasingly turned to machine learning (ML) to enhance analysis. However, this ML-driven approach faces two significant obstacles: low-quality callsite-callee training pairs and inadequate binary code representation, both of which undermine the accuracy of ML models. In this paper, we introduce CupidCall, a novel approach for resolving indirect calls using graph neural networks. Existing ML models in this area often overlook key elements such as data and code cross-references, which are essential for understanding a program's control flow. In contrast, CupidCall augments CFGs with cross-references, preserving rich semantic information. Additionally, we leverage advanced compiler-level type analysis to generate high-quality callsite-callee training pairs, enhancing model precision and reliability. We further design a graph neural model that leverages augmented CFGs and relational graph convolutions for accurate target prediction. Evaluated against real-world binaries from GitHub and the Arch User Repository on x86_64 architecture, CupidCall achieves an F1 score of 95.2%, outperforming state-of-the-art ML-based approaches. These results highlight CupidCall's effectiveness in building precise inter-procedural CFGs and its potential to advance downstream binary analysis and security applications.
format Preprint
id arxiv_https___arxiv_org_abs_2507_18801
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Resolving Indirect Calls in Binary Code via Cross-Reference Augmented Graph Neural Networks
Zhang, Haotian
Liu, Kun
Garces, Cristian
Luo, Chenke
Lei, Yu
Ming, Jiang
Cryptography and Security
Binary code analysis is essential in scenarios where source code is unavailable, with extensive applications across various security domains. However, accurately resolving indirect call targets remains a longstanding challenge in maintaining the integrity of static analysis in binary code. This difficulty arises because the operand of a call instruction (e.g., call rax) remains unknown until runtime, resulting in an incomplete inter-procedural control flow graph (CFG). Previous approaches have struggled with low accuracy and limited scalability. To address these limitations, recent work has increasingly turned to machine learning (ML) to enhance analysis. However, this ML-driven approach faces two significant obstacles: low-quality callsite-callee training pairs and inadequate binary code representation, both of which undermine the accuracy of ML models. In this paper, we introduce CupidCall, a novel approach for resolving indirect calls using graph neural networks. Existing ML models in this area often overlook key elements such as data and code cross-references, which are essential for understanding a program's control flow. In contrast, CupidCall augments CFGs with cross-references, preserving rich semantic information. Additionally, we leverage advanced compiler-level type analysis to generate high-quality callsite-callee training pairs, enhancing model precision and reliability. We further design a graph neural model that leverages augmented CFGs and relational graph convolutions for accurate target prediction. Evaluated against real-world binaries from GitHub and the Arch User Repository on x86_64 architecture, CupidCall achieves an F1 score of 95.2%, outperforming state-of-the-art ML-based approaches. These results highlight CupidCall's effectiveness in building precise inter-procedural CFGs and its potential to advance downstream binary analysis and security applications.
title Resolving Indirect Calls in Binary Code via Cross-Reference Augmented Graph Neural Networks
topic Cryptography and Security
url https://arxiv.org/abs/2507.18801