FALKE-MC: A Neural Network Based Approach to Locate Cryptographic Functions in Machine Code

Alexander Aigner

Research output: Chapter in Book/Report/Conference proceedingsConference contributionpeer-review

1 Citation (Scopus)

Abstract

The localization and classification of cryptographic functions in binary files is a growing challenge in information security, not least because of the increasing use of such functions in malware. Never- theless, it is still a time consuming and laborious task. Some of the most commonly used techniques are based on dynamic methods, signatures or manual reverse engineering. In this paper we present FALKE-MC, a novel framework that creates classifiers for arbitrary cryptographic algorithms from sample binaries. It processes mul- tiple file formats and architectures and is easily expandable due to its modular design. Functions are automatically detected and features as well as constants are extracted. They are used to train a neural network, which can then be applied to classify functions in unknown binary files. The framework is fully automated, from the input of binary files and the creation of a classifier through to the output of classification results. In addition to that, it can deal with classimbalancebetweencryptographicandnon-cryptographicsam- ples during training. Our evaluation shows that this approach offers a high detection rate in combination with a low false positive rate. We are confident that FALKE-MC can accelerate the localization and classification of cryptographic functions in practice.
Original languageEnglish
Title of host publicationARES 2018 - 13th International Conference on Availability, Reliability and Security
PublisherACM Press
Number of pages8
ISBN (Electronic)9781450364485
DOIs
Publication statusPublished - 27 Aug 2018
Event13th International Conference on Availability, Reliability and Security - Hamburg, Germany
Duration: 27 Aug 201830 Aug 2018
https://www.ares-conference.eu/

Publication series

NameACM International Conference Proceeding Series

Conference

Conference13th International Conference on Availability, Reliability and Security
CountryGermany
CityHamburg
Period27.08.201830.08.2018
Internet address

Keywords

  • Cryptography
  • Function Detection
  • Binary Analysis
  • Feature Ex- traction
  • Neural Networks.
  • Function detection
  • Neural networks
  • Feature extraction
  • Binary analysis

Fingerprint Dive into the research topics of 'FALKE-MC: A Neural Network Based Approach to Locate Cryptographic Functions in Machine Code'. Together they form a unique fingerprint.

Cite this