FALKE-MC: A Neural Network Based Approach to Locate Cryptographic Functions in Machine Code

Alexander Aigner (Speaker)

Activity: Talk or presentationOral presentation


Although the localization and classification of cryptographic functions in binary files is a growing challenge in information security, it is still a time consuming and laborious task. In this work, we present FALKE-MC, a novel framework that creates classifiers for arbitrary cryptographic algorithms from sample binaries. Functions are automatically recognized and features as well as constants are extracted. They are used to train a neural network, which can then be applied to classify functions in unknown binary files. The framework is fully automated, from the input of binary files and the creation of a classifier through to the output of classification results. The evaluation shows that our approach offers a high detection rate in combination with a low false positive rate. We are confident that FALKE-MC can simplify and accelerate the localization and classification of cryptographic functions in practice.
Period16 Oct 2018
Event titleIKT Sicherheitskonferenz 2018: null
Event typeConference
LocationAlpbach, Austria