Skip to main content
SpringerLink
Log in

Automated Binary Analysis: A Survey

  • Conference paper
  • First Online:
Algorithms and Architectures for Parallel Processing (ICA3PP 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13777))

Abstract

Binary code analysis is a process of analyzing the software or operating system when source code is inaccessible. This scenario occurs when one needs to analyze malware, a compiled software, or a closed-sourced operating system such as Windows, IOS, etc. In these scenarios, the source codes are deliberately made inaccessible by the vendor or programmer for various reasons. Binary analysis contains a wide range of analysis aims, techniques and methodologies. We concluded the methodologies into two categories: data-driven analysis and software-engineering-based analysis. Each category has a similar process in their methodology. We also concluded their limitation and summaries the challenges and future work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aafer, Y., Tao, G., Huang, J., Zhang, X., Li, N.: Precise android API protection mapping derivation and reasoning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS 2018, pp. 1151–1164. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243842

  2. Afianian, A., Niksefat, S., Sadeghiyan, B., Baptiste, D.: Malware dynamic analysis evasion techniques: a survey. ACM Comput. Surv. 52(6) (2019). https://doi.org/10.1145/3365001

  3. Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS. The Internet Society (2014). https://dblp.uni-trier.de/db/conf/ndss/ndss2014.html#ArpSHGR14

  4. Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation. PLDI 2014, pp. 259–269. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2594291.2594299

  5. Baldoni, R., Coppa, E., D’Elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. (CSUR) 51, 1–39 (2018)

    Article  Google Scholar 

  6. Bardin, S., David, R., Marion, J.Y.: Backward-bounded DSE: targeting infeasibility questions on obfuscated codes. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 633–651 (2017)

    Google Scholar 

  7. Bhat, P., Dutta, K.: A survey on various threats and current state of security in android platform. ACM Comput. Surv. 52(1) (2019). https://doi.org/10.1145/3301285

  8. Biondo, A., Conti, M., Lain, D.: Back to the epilogue: evading control flow guard via unaligned targets. In: NDSS (2018)

    Google Scholar 

  9. Blazytko, T., Contag, M., Aschermann, C., Holz, T.: Syntia: synthesizing the semantics of obfuscated code. In: Proceedings of the 26th USENIX Conference on Security Symposium. SEC 2017, pp. 643–659. USENIX Association, USA (2017)

    Google Scholar 

  10. Chandramohan, M., Xue, Y., Xu, Z., Liu, Y., Cho, C.Y., Tan, H.B.K.: Bingo: cross-architecture cross-OS binary search. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, p. 678–689. FSE 2016, Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2950290.2950350

  11. Chapman, J.P.: Sad thug: structural anomaly detection for transmissions of high-value information using graphics. In: Proceedings of the 27th USENIX Conference on Security Symposium. SEC 2018, pp. 1147–1164. USENIX Association, USA (2018)

    Google Scholar 

  12. Chen, K., et al.: Finding unknown malice in 10 seconds: mass vetting for new threats at the google-play scale. In: USENIX Security, pp. 659–674 (2015)

    Google Scholar 

  13. Chen, X., et al.: Android HIV: a study of repackaging malware for evading machine-learning detection. IEEE Trans. Inf. Forensics Secur. 15, 987–1001 (2020)

    Article  Google Scholar 

  14. Chen, Y., et al.: Norax: enabling execute-only memory for cots binaries on aarch64. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 304–319 (2017)

    Google Scholar 

  15. Chen, Y., You, W., Lee, Y., Wang, K.C.X., Zou, W.: Mass discovery of android traffic imprints through instantiated partial execution. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS 2017), pp. 815–828. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3133956.3134009

  16. Cheng, B., et al.: Towards paving the way for large-scale windows malware analysis: generic binary unpacking with orders-of-magnitude performance boost. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018), pp. 395–411. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243771

  17. Chua, L.Z., Wang, Y., Baluta, T., Saxena, P., Liang, Z., Su, P.: One engine to serve ’em all - inferring taint rules without architectural semantics. In: NDSS (2019)

    Google Scholar 

  18. Chua, Z.L., Shen, S., Saxena, P., Liang, Z.: Neural nets can learn function type signatures from binaries. In: Proceedings of the 26th USENIX Conference on Security Symposium. SEC 2017, pp. 99–116. USENIX Association, USA (2017)

    Google Scholar 

  19. Ding, S.H.H., Fung, B.C.M., Charland, P.: ASM2VEC: boosting static representation robustness for binary clone search against code obfuscation and compiler optimization. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 472–489 (2019)

    Google Scholar 

  20. Duan, Y., et al.: Things you may not know about android (un)packers: a systematic study based on whole-system emulation. In: NDSS (2018)

    Google Scholar 

  21. Feng, Q., Zhou, R., Xu, C., Cheng, Y., Testa, B., Yin, H.: Scalable graph-based bug search for firmware images. In: ACM Conference on Computer and Communications Security (CCS 2016) (2016)

    Google Scholar 

  22. Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. In: FSE, pp. 576–587 (2014)

    Google Scholar 

  23. Feng, Y., Bastani, O., Martins, R., Dillig, I., Anand, S.: Automated synthesis of semantic malware signatures using maximum satisfiability. In: NDSS. The Internet Society (2017). https://dblp.uni-trier.de/db/conf/ndss/ndss2017.html#FengBMDA17

  24. Fratantonio, Y., Bianchi, A., Robertson, W.K., Kirda, E., Krügel, C., Vigna, G.: TriggerScope: towards detecting logic bombs in android applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 377–396 (2016)

    Google Scholar 

  25. Gasparis, I., Qian, Z., Song, C., Krishnamurthy, S.V.: Detecting android root exploits by learning from root providers. In: Proceedings of the 26th USENIX Conference on Security Symposium. SEC 2017, pp. 1129–1144. USENIX Association, USA (2017)

    Google Scholar 

  26. Ghaffarinia, M., Hamlen, K.W.: Binary control-flow trimming. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. CCS 2019, pp. 1009–1022. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3319535.3345665

  27. Guo, W., Mu, D., Xing, X., Du, M., Song, D.: DeepVSA: facilitating value-set analysis with deep learning for postmortem program analysis. In: Proceedings of the 28th USENIX Conference on Security Symposium. SEC 2019, pp. 1787–1804. USENIX Association, USA (2019)

    Google Scholar 

  28. He, J., Ivanov, P., Tsankov, P., Raychev, V., Vechev, M.: Debin: predicting debug information in stripped binaries. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS 2018, pp. 1667–1680. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243866

  29. Hu, Y., Zhang, Y., Li, J., Gu, D.: Binary code clone detection across architectures and compiling configurations. In: Proceedings of the 25th International Conference on Program Comprehension. ICPC 2017, pp. 88–98. IEEE Press (2017). https://doi.org/10.1109/ICPC.2017.22

  30. Jagielski, M., Oprea, A., Biggio, B., Liu, C., Nita-Rotaru, C., Li, B.: Manipulating machine learning: poisoning attacks and countermeasures for regression learning. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 19–35 (2018)

    Google Scholar 

  31. Kirat, D., Vigna, G.: Malgene: automatic extraction of malware analysis evasion signature. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS 2015, pp. 769–780. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2810103.2813642

  32. Kirat, D., Vigna, G., Kruegel, C.: Barecloud: bare-metal analysis-based evasive malware detection. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 287–301. USENIX Association, San Diego, August 2014. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/kirat

  33. Korczynski, D., Yin, H.: Capturing malware propagations with code injections and code-reuse attacks. In: In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS 2017), pp. 1691–1708. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3133956.3134099

  34. Lee, Y., et al.: Understanding IoS-based crowdturfing through hidden UI analysis. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 765–781. USENIX Association, Santa Clara, August 2019. https://www.usenix.org/conference/usenixsecurity19/presentation/lee

  35. Li, J., Lin, Z., Caballero, J., Zhang, Y., Gu, D.: K-hunt: pinpointing insecure cryptographic keys from execution traces. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018), pp. 412–425. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243783

  36. Li, L., et al.: ICCTA: detecting inter-component privacy leaks in android apps. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 1, pp. 280–291 (2015)

    Google Scholar 

  37. Luo, L., Ming, J., Wu, D., Liu, P., Zhu, S.: Semantics-based obfuscation-resilient binary code similarity comparison with applications to software plagiarism detection. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. FSE 2014, pp. 389–400. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2635868.2635900

  38. Maiorca, D., Biggio, B., Giacinto, G.: Towards adversarial malware detection: lessons learned from pdf-based attacks. ACM Comput. Surv. 52(4) (2019). https://doi.org/10.1145/3332184

  39. Mendoza, A., Gu, G.: Mobile application web API reconnaissance: web-to-mobile inconsistencies & vulnerabilities. In: 2018 IEEE Symposium on Security and Privacy (S &P 2018) (2018). https://doi.org/10.1109/SP.2018.00039

  40. Ming, J., Xu, D., Jiang, Y., Wu, D.: Binsim: trace-based semantic binary diffing via system call sliced segment equivalence checking. In: Proceedings of the 26th USENIX Conference on Security Symposium (SEC 2017), pp. 253–270. USENIX Association, USA (2017)

    Google Scholar 

  41. Onwuzurike, L., Mariconti, E., Andriotis, P., Cristofaro, E.D., Ross, G., Stringhini, G.: Mamadroid: detecting android malware by building Markov chains of behavioral models (extended version). ACM Trans. Priv. Secur. 22(2) (2019). https://doi.org/10.1145/3313391

  42. Pan, X., et al.: Flowcog: context-aware semantics extraction and analysis of information flow leaks in android apps. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 1669–1685. USENIX Association, Baltimore, August 2018. https://www.usenix.org/conference/usenixsecurity18/presentation/pan

  43. Pan, X., Wang, X., Duan, Y., Wang, X., Yin, H.: Dark hazard: learning-based, large-scale discovery of hidden sensitive operations in android apps. In: 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, 26 February–1 March 2017. The Internet Society (2017). https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/dark-hazard-learning-based-large-scale-discovery-hidden-sensitive-operations-android-apps/

  44. Qian, C., Hu, H., Alharthi, M., Chung, P.H., Kim, T., Lee, W.: Razor: a framework for post-deployment software debloating. In: Proceedings of the 28th USENIX Conference on Security Symposium (SEC 2019), pp. 1733–1750. USENIX Association (2019)

    Google Scholar 

  45. Schwartz, E.J., Cohen, C.F., Duggan, M., Gennari, J., Havrilla, J.S., Hines, C.: Using logic programming to recover C++ classes and methods from compiled executables. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018), pp. 426–441. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243793

  46. Shoshitaishvili, Y., et al.: Sok: (state of) the art of war: offensive techniques in binary analysis. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 138–157 (2016)

    Google Scholar 

  47. Wang, R., et al.: Ramblr: making reassembly great again, January 2017. https://doi.org/10.14722/ndss.2017.23225

  48. Wang, S., Wang, P., Wu, D.: Reassembleable disassembling. In: Proceedings of the 24th USENIX Conference on Security Symposium. SEC 2015, pp. 627–642. USENIX Association, USA (2015)

    Google Scholar 

  49. Wang, X., Sun, Y., Nanda, S., Wang, X.: Looking from the mirror: evaluating IoT device security through mobile companion apps. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1151–1167. USENIX Association, Santa Clara, August 2019. https://www.usenix.org/conference/usenixsecurity19/presentation/wang-xueqiang

  50. Wenzl, M., Merzdovnik, G., Ullrich, J., Weippl, E.: From hack to elaborate technique - a survey on binary rewriting. ACM Comput. Surv. 52(3) (2019). https://doi.org/10.1145/3316415

  51. Wong, M.Y., Lie, D.: Intellidroid: a targeted input generator for the dynamic analysis of android malware. In: NDSS (2016)

    Google Scholar 

  52. Wong, M.Y., Lie, D.: Tackling runtime-based obfuscation in android with tiro. In: Proceedings of the 27th USENIX Conference on Security Symposium (SEC 2018), pp. 1247–1262. USENIX Association, USA (2018)

    Google Scholar 

  53. Wu, W., Chen, Y., Xing, X., Zou, W.: Kepler: facilitating control-flow hijacking primitive evaluation for Linux kernel vulnerabilities. In: Proceedings of the 28th USENIX Conference on Security Symposium (SEC 2019), pp. 1187–1204. USENIX Association, USA (2019)

    Google Scholar 

  54. Xu, D., Ming, J., Fu, Y., Wu, D.: VMHunt: a verifiable approach to partially-virtualized binary code simplification. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018), pp. 442–458. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243827

  55. Xu, X., Liu, C., Feng, Q., Yin, H., Song, L., Song, D.X.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017)

    Google Scholar 

  56. Xue, L., Zhou, Y., Chen, T., Luo, X., Gu, G.: Malton: towards on-device non-invasive mobile malware analysis for ART. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 289–306. USENIX Association, Vancouver, August 2017. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/xue

  57. Zhang, X., et al.: An empirical study of web resource manipulation in real-world mobile applications. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 1183–1198. USENIX Association, Baltimore, August 2018. https://www.usenix.org/conference/usenixsecurity18/presentation/zhang-xiaohan

Download references

Author information

Authors and Affiliations

  1. Swinburne University of Technology, Melbourne, Australia

    Zian Liu & Jun Zhang

  2. Data6 61, CSIRO, Clayton, Australia

    Zian Liu, Ahmed Ejaz & Dongxi Liu

  3. Royal Melbourne Institute of Technology, Melbourne, Australia

    Chao Chen

Authors
  1. Zian Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chao Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ahmed Ejaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dongxi Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jun Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zian Liu .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  2. University of New Brunswick, Fredericton, NB, Canada

    Rongxing Lu

  3. University of Exeter, Exeter, UK

    Geyong Min

  4. Rutgers University, Newark, NJ, USA

    Jaideep Vaidya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, Z., Chen, C., Ejaz, A., Liu, D., Zhang, J. (2023). Automated Binary Analysis: A Survey. In: Meng, W., Lu, R., Min, G., Vaidya, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2022. Lecture Notes in Computer Science, vol 13777. Springer, Cham. https://doi.org/10.1007/978-3-031-22677-9_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22677-9_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22676-2

  • Online ISBN: 978-3-031-22677-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation