FALKE-MC: A Neural Network Based Approach to Locate Cryptographic Functions in Machine Code

  • Alexander Aigner (Redner*in)

Aktivität: Gespräch oder VortragVortrag

Beschreibung

Although the localization and classification of cryptographic functions in binary files is a growing challenge in information security, it is still a time consuming and laborious task. In this work, we present FALKE-MC, a novel framework that creates classifiers for arbitrary cryptographic algorithms from sample binaries. Functions are automatically recognized and features as well as constants are extracted. They are used to train a neural network, which can then be applied to classify functions in unknown binary files. The framework is fully automated, from the input of binary files and the creation of a classifier through to the output of classification results. The evaluation shows that our approach offers a high detection rate in combination with a low false positive rate. We are confident that FALKE-MC can simplify and accelerate the localization and classification of cryptographic functions in practice.
Zeitraum16 Okt. 2018
EreignistitelIKT Sicherheitskonferenz 2018
VeranstaltungstypKonferenz
OrtAlpbach, ÖsterreichAuf Karte anzeigen