Binary analyses based on deep neural networks (DNNs), or neural binary analyses (NBAs), have become a hotly researched topic in recent years. DNNs have been wildly successful at pushing the performance and accuracy envelopes in the natural language and image processing domains. Thus, DNNs are highly promising for solving binary analysis problems that are typically hard due to a lack of complete information resulting from the lossy compilation process. Despite this promise, it is unclear that the prevailing strategy of repurposing embeddings and model architectures originally developed for other problem domains is sound given the adversarial contexts under which binary analysis often operates. In this paper, we empirically demonstrate that the current state of the art in neural function boundary detection is vulnerable to both inadvertent and deliberate adversarial attacks. We proceed from the insight that current generation NBAs are built upon embeddings and model architectures intended to solve syntactic problems. We devise a simple, reproducible, and scalable black-box methodology for exploring the space of inadvertent attacks - instruction sequences that could be emitted by common compiler toolchains and configurations - that exploits this syntactic design focus. We then show that these inadvertent misclassifications can be exploited by an attacker, serving as the basis for a highly effective black-box adversarial example generation process. We evaluate this methodology against two state-of-the-art neural function boundary detectors: XDA and DeepDi. We conclude with an analysis of the evaluation data and recommendations for how future research might avoid succumbing to similar attacks.

翻译：基于深度神经网络（DNN）的二进制分析，即神经二进制分析（NBA），近年来已成为研究热点。DNN在自然语言处理与图像处理领域中极大提升了性能与准确率的边界，因此对于因编译过程信息损失而导致典型困难问题的二进制分析而言极具潜力。然而，考虑到二进制分析常在对抗性环境下运行，现有的将原本为其他问题域开发的嵌入表示与模型架构直接套用的主流策略是否合理尚不明确。本文通过实验证明，当前最先进的神经函数边界检测方法容易受到无意识攻击与蓄意对抗攻击的双重威胁。我们基于以下洞察展开研究：当前一代神经二进制分析方法构建于旨在解决句法问题的嵌入表示与模型架构之上。我们设计了一种简单、可复现且可扩展的黑盒方法论，用于探索无意识攻击（即常见编译器工具链与配置可能产生的指令序列）的空间，该方法利用了这种句法设计聚焦特征。进而证明，攻击者可利用这些无意识误分类，将其作为高效黑盒对抗样本生成过程的基础。我们针对两种最先进的神经函数边界检测器XDA与DeepDi评估了该方法。最后，我们对评估数据进行分析，并提出建议以指导未来研究如何避免陷入类似攻击。