Can We Generate Shellcodes via Natural Language? An Empirical Study
This addresses the time-consuming and technical challenge of writing shellcodes for offensive security analysts, though it is incremental as it applies existing NMT methods to a new domain.
The paper tackles the problem of automatically generating shellcode (assembly code for exploits) from natural language descriptions, using Neural Machine Translation (NMT) on a dataset of 3,200 real shellcodes, and shows that NMT can generate assembly snippets with high accuracy and often entire shellcodes without errors.
Writing software exploits is an important practice for offensive security analysts to investigate and prevent attacks. In particular, shellcodes are especially time-consuming and a technical challenge, as they are written in assembly language. In this work, we address the task of automatically generating shellcodes, starting purely from descriptions in natural language, by proposing an approach based on Neural Machine Translation (NMT). We then present an empirical study using a novel dataset (Shellcode_IA32), which consists of 3,200 assembly code snippets of real Linux/x86 shellcodes from public databases, annotated using natural language. Moreover, we propose novel metrics to evaluate the accuracy of NMT at generating shellcodes. The empirical analysis shows that NMT can generate assembly code snippets from the natural language with high accuracy and that in many cases can generate entire shellcodes with no errors.