Abstract
Binary code analysis is a process of analyzing the software or operating system when source code is inaccessible. This scenario occurs when one needs to analyze malware, a compiled software, or a closed-sourced operating system such as Windows, IOS, etc. In these scenarios, the source codes are deliberately made inaccessible by the vendor or programmer for various reasons. Binary analysis contains a wide range of analysis aims, techniques and methodologies. We concluded the methodologies into two categories: data-driven analysis and software-engineering-based analysis. Each category has a similar process in their methodology. We also concluded their limitation and summaries the challenges and future work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aafer, Y., Tao, G., Huang, J., Zhang, X., Li, N.: Precise android API protection mapping derivation and reasoning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS 2018, pp. 1151–1164. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243842
Afianian, A., Niksefat, S., Sadeghiyan, B., Baptiste, D.: Malware dynamic analysis evasion techniques: a survey. ACM Comput. Surv. 52(6) (2019). https://doi.org/10.1145/3365001
Arp, D., Spreitzenbarth, M., Hubner, M., Gascon, H., Rieck, K.: Drebin: effective and explainable detection of android malware in your pocket. In: NDSS. The Internet Society (2014). https://dblp.uni-trier.de/db/conf/ndss/ndss2014.html#ArpSHGR14
Arzt, S., et al.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for android apps. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation. PLDI 2014, pp. 259–269. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2594291.2594299
Baldoni, R., Coppa, E., D’Elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. (CSUR) 51, 1–39 (2018)
Bardin, S., David, R., Marion, J.Y.: Backward-bounded DSE: targeting infeasibility questions on obfuscated codes. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 633–651 (2017)
Bhat, P., Dutta, K.: A survey on various threats and current state of security in android platform. ACM Comput. Surv. 52(1) (2019). https://doi.org/10.1145/3301285
Biondo, A., Conti, M., Lain, D.: Back to the epilogue: evading control flow guard via unaligned targets. In: NDSS (2018)
Blazytko, T., Contag, M., Aschermann, C., Holz, T.: Syntia: synthesizing the semantics of obfuscated code. In: Proceedings of the 26th USENIX Conference on Security Symposium. SEC 2017, pp. 643–659. USENIX Association, USA (2017)
Chandramohan, M., Xue, Y., Xu, Z., Liu, Y., Cho, C.Y., Tan, H.B.K.: Bingo: cross-architecture cross-OS binary search. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, p. 678–689. FSE 2016, Association for Computing Machinery, New York (2016). https://doi.org/10.1145/2950290.2950350
Chapman, J.P.: Sad thug: structural anomaly detection for transmissions of high-value information using graphics. In: Proceedings of the 27th USENIX Conference on Security Symposium. SEC 2018, pp. 1147–1164. USENIX Association, USA (2018)
Chen, K., et al.: Finding unknown malice in 10 seconds: mass vetting for new threats at the google-play scale. In: USENIX Security, pp. 659–674 (2015)
Chen, X., et al.: Android HIV: a study of repackaging malware for evading machine-learning detection. IEEE Trans. Inf. Forensics Secur. 15, 987–1001 (2020)
Chen, Y., et al.: Norax: enabling execute-only memory for cots binaries on aarch64. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 304–319 (2017)
Chen, Y., You, W., Lee, Y., Wang, K.C.X., Zou, W.: Mass discovery of android traffic imprints through instantiated partial execution. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS 2017), pp. 815–828. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3133956.3134009
Cheng, B., et al.: Towards paving the way for large-scale windows malware analysis: generic binary unpacking with orders-of-magnitude performance boost. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018), pp. 395–411. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243771
Chua, L.Z., Wang, Y., Baluta, T., Saxena, P., Liang, Z., Su, P.: One engine to serve ’em all - inferring taint rules without architectural semantics. In: NDSS (2019)
Chua, Z.L., Shen, S., Saxena, P., Liang, Z.: Neural nets can learn function type signatures from binaries. In: Proceedings of the 26th USENIX Conference on Security Symposium. SEC 2017, pp. 99–116. USENIX Association, USA (2017)
Ding, S.H.H., Fung, B.C.M., Charland, P.: ASM2VEC: boosting static representation robustness for binary clone search against code obfuscation and compiler optimization. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 472–489 (2019)
Duan, Y., et al.: Things you may not know about android (un)packers: a systematic study based on whole-system emulation. In: NDSS (2018)
Feng, Q., Zhou, R., Xu, C., Cheng, Y., Testa, B., Yin, H.: Scalable graph-based bug search for firmware images. In: ACM Conference on Computer and Communications Security (CCS 2016) (2016)
Feng, Y., Anand, S., Dillig, I., Aiken, A.: Apposcopy: semantics-based detection of android malware through static analysis. In: FSE, pp. 576–587 (2014)
Feng, Y., Bastani, O., Martins, R., Dillig, I., Anand, S.: Automated synthesis of semantic malware signatures using maximum satisfiability. In: NDSS. The Internet Society (2017). https://dblp.uni-trier.de/db/conf/ndss/ndss2017.html#FengBMDA17
Fratantonio, Y., Bianchi, A., Robertson, W.K., Kirda, E., Krügel, C., Vigna, G.: TriggerScope: towards detecting logic bombs in android applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 377–396 (2016)
Gasparis, I., Qian, Z., Song, C., Krishnamurthy, S.V.: Detecting android root exploits by learning from root providers. In: Proceedings of the 26th USENIX Conference on Security Symposium. SEC 2017, pp. 1129–1144. USENIX Association, USA (2017)
Ghaffarinia, M., Hamlen, K.W.: Binary control-flow trimming. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. CCS 2019, pp. 1009–1022. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3319535.3345665
Guo, W., Mu, D., Xing, X., Du, M., Song, D.: DeepVSA: facilitating value-set analysis with deep learning for postmortem program analysis. In: Proceedings of the 28th USENIX Conference on Security Symposium. SEC 2019, pp. 1787–1804. USENIX Association, USA (2019)
He, J., Ivanov, P., Tsankov, P., Raychev, V., Vechev, M.: Debin: predicting debug information in stripped binaries. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS 2018, pp. 1667–1680. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243866
Hu, Y., Zhang, Y., Li, J., Gu, D.: Binary code clone detection across architectures and compiling configurations. In: Proceedings of the 25th International Conference on Program Comprehension. ICPC 2017, pp. 88–98. IEEE Press (2017). https://doi.org/10.1109/ICPC.2017.22
Jagielski, M., Oprea, A., Biggio, B., Liu, C., Nita-Rotaru, C., Li, B.: Manipulating machine learning: poisoning attacks and countermeasures for regression learning. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 19–35 (2018)
Kirat, D., Vigna, G.: Malgene: automatic extraction of malware analysis evasion signature. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. CCS 2015, pp. 769–780. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2810103.2813642
Kirat, D., Vigna, G., Kruegel, C.: Barecloud: bare-metal analysis-based evasive malware detection. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 287–301. USENIX Association, San Diego, August 2014. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/kirat
Korczynski, D., Yin, H.: Capturing malware propagations with code injections and code-reuse attacks. In: In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS 2017), pp. 1691–1708. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3133956.3134099
Lee, Y., et al.: Understanding IoS-based crowdturfing through hidden UI analysis. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 765–781. USENIX Association, Santa Clara, August 2019. https://www.usenix.org/conference/usenixsecurity19/presentation/lee
Li, J., Lin, Z., Caballero, J., Zhang, Y., Gu, D.: K-hunt: pinpointing insecure cryptographic keys from execution traces. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018), pp. 412–425. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243783
Li, L., et al.: ICCTA: detecting inter-component privacy leaks in android apps. In: 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering, vol. 1, pp. 280–291 (2015)
Luo, L., Ming, J., Wu, D., Liu, P., Zhu, S.: Semantics-based obfuscation-resilient binary code similarity comparison with applications to software plagiarism detection. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. FSE 2014, pp. 389–400. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2635868.2635900
Maiorca, D., Biggio, B., Giacinto, G.: Towards adversarial malware detection: lessons learned from pdf-based attacks. ACM Comput. Surv. 52(4) (2019). https://doi.org/10.1145/3332184
Mendoza, A., Gu, G.: Mobile application web API reconnaissance: web-to-mobile inconsistencies & vulnerabilities. In: 2018 IEEE Symposium on Security and Privacy (S &P 2018) (2018). https://doi.org/10.1109/SP.2018.00039
Ming, J., Xu, D., Jiang, Y., Wu, D.: Binsim: trace-based semantic binary diffing via system call sliced segment equivalence checking. In: Proceedings of the 26th USENIX Conference on Security Symposium (SEC 2017), pp. 253–270. USENIX Association, USA (2017)
Onwuzurike, L., Mariconti, E., Andriotis, P., Cristofaro, E.D., Ross, G., Stringhini, G.: Mamadroid: detecting android malware by building Markov chains of behavioral models (extended version). ACM Trans. Priv. Secur. 22(2) (2019). https://doi.org/10.1145/3313391
Pan, X., et al.: Flowcog: context-aware semantics extraction and analysis of information flow leaks in android apps. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 1669–1685. USENIX Association, Baltimore, August 2018. https://www.usenix.org/conference/usenixsecurity18/presentation/pan
Pan, X., Wang, X., Duan, Y., Wang, X., Yin, H.: Dark hazard: learning-based, large-scale discovery of hidden sensitive operations in android apps. In: 24th Annual Network and Distributed System Security Symposium, NDSS 2017, San Diego, California, USA, 26 February–1 March 2017. The Internet Society (2017). https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/dark-hazard-learning-based-large-scale-discovery-hidden-sensitive-operations-android-apps/
Qian, C., Hu, H., Alharthi, M., Chung, P.H., Kim, T., Lee, W.: Razor: a framework for post-deployment software debloating. In: Proceedings of the 28th USENIX Conference on Security Symposium (SEC 2019), pp. 1733–1750. USENIX Association (2019)
Schwartz, E.J., Cohen, C.F., Duggan, M., Gennari, J., Havrilla, J.S., Hines, C.: Using logic programming to recover C++ classes and methods from compiled executables. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018), pp. 426–441. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243793
Shoshitaishvili, Y., et al.: Sok: (state of) the art of war: offensive techniques in binary analysis. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 138–157 (2016)
Wang, R., et al.: Ramblr: making reassembly great again, January 2017. https://doi.org/10.14722/ndss.2017.23225
Wang, S., Wang, P., Wu, D.: Reassembleable disassembling. In: Proceedings of the 24th USENIX Conference on Security Symposium. SEC 2015, pp. 627–642. USENIX Association, USA (2015)
Wang, X., Sun, Y., Nanda, S., Wang, X.: Looking from the mirror: evaluating IoT device security through mobile companion apps. In: 28th USENIX Security Symposium (USENIX Security 2019), pp. 1151–1167. USENIX Association, Santa Clara, August 2019. https://www.usenix.org/conference/usenixsecurity19/presentation/wang-xueqiang
Wenzl, M., Merzdovnik, G., Ullrich, J., Weippl, E.: From hack to elaborate technique - a survey on binary rewriting. ACM Comput. Surv. 52(3) (2019). https://doi.org/10.1145/3316415
Wong, M.Y., Lie, D.: Intellidroid: a targeted input generator for the dynamic analysis of android malware. In: NDSS (2016)
Wong, M.Y., Lie, D.: Tackling runtime-based obfuscation in android with tiro. In: Proceedings of the 27th USENIX Conference on Security Symposium (SEC 2018), pp. 1247–1262. USENIX Association, USA (2018)
Wu, W., Chen, Y., Xing, X., Zou, W.: Kepler: facilitating control-flow hijacking primitive evaluation for Linux kernel vulnerabilities. In: Proceedings of the 28th USENIX Conference on Security Symposium (SEC 2019), pp. 1187–1204. USENIX Association, USA (2019)
Xu, D., Ming, J., Fu, Y., Wu, D.: VMHunt: a verifiable approach to partially-virtualized binary code simplification. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS 2018), pp. 442–458. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243827
Xu, X., Liu, C., Feng, Q., Yin, H., Song, L., Song, D.X.: Neural network-based graph embedding for cross-platform binary code similarity detection. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017)
Xue, L., Zhou, Y., Chen, T., Luo, X., Gu, G.: Malton: towards on-device non-invasive mobile malware analysis for ART. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 289–306. USENIX Association, Vancouver, August 2017. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/xue
Zhang, X., et al.: An empirical study of web resource manipulation in real-world mobile applications. In: 27th USENIX Security Symposium (USENIX Security 2018), pp. 1183–1198. USENIX Association, Baltimore, August 2018. https://www.usenix.org/conference/usenixsecurity18/presentation/zhang-xiaohan
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 Springer Nature Switzerland AG
About this paper
Cite this paper
Liu, Z., Chen, C., Ejaz, A., Liu, D., Zhang, J. (2023). Automated Binary Analysis: A Survey. In: Meng, W., Lu, R., Min, G., Vaidya, J. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2022. Lecture Notes in Computer Science, vol 13777. Springer, Cham. https://doi.org/10.1007/978-3-031-22677-9_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-22677-9_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22676-2
Online ISBN: 978-3-031-22677-9
eBook Packages: Computer ScienceComputer Science (R0)