Retrieving binary code via natural language queries is a pivotal capability for downstream tasks in the software security domain, such as vulnerability detection and malware analysis. However, it is challenging to identify binary functions semantically relevant to the user query from thousands of candidates, as the absence of symbolic information distinguishes this task from source code retrieval. In this paper, we introduce, BinSeek, a two-stage cross-modal retrieval framework for stripped binary code analysis. It consists of two models: BinSeek-Embedding is trained on large-scale dataset to learn the semantic relevance of the binary code and the natural language description, furthermore, BinSeek-Reranker learns to carefully judge the relevance of the candidate code to the description with context augmentation. To this end, we built an LLM-based data synthesis pipeline to automate training construction, also deriving a domain benchmark for future research. Our evaluation results show that BinSeek achieved the state-of-the-art performance, surpassing the the same scale models by 31.42% in Rec@3 and 27.17% in MRR@3, as well as leading the advanced general-purpose models that have 16 times larger parameters.

翻译：通过自然语言查询检索二进制代码是软件安全领域下游任务（如漏洞检测和恶意软件分析）的关键能力。然而，从数千个候选项中识别与用户查询语义相关的二进制函数具有挑战性，因为符号信息的缺失使得该任务区别于源代码检索。本文提出BinSeek，一个用于剥离二进制代码分析的两阶段跨模态检索框架。它包含两个模型：BinSeek-Embedding在大规模数据集上训练，以学习二进制代码与自然语言描述之间的语义相关性；此外，BinSeek-Reranker通过上下文增强学习精细判断候选代码与描述的相关性。为此，我们构建了一个基于LLM的数据合成流水线来自动化训练数据构建，同时为未来研究创建了一个领域基准。评估结果表明，BinSeek实现了最先进的性能，在Rec@3和MRR@3指标上分别超越同等规模模型31.42%和27.17%，同时领先于参数量大16倍的先进通用模型。