SimCLF: A Simple Contrastive Learning Framework for Function-level Binary Embeddings
This addresses the challenge of detecting bugs and patent infringements in software for cybersecurity applications, representing an incremental improvement over supervised methods.
The paper tackled the problem of function-level binary code similarity detection for cybersecurity by proposing SimCLF, an unsupervised contrastive learning framework that avoids manual annotation and uses augmented data from compiler optimizations and obfuscation, achieving state-of-the-art accuracy and significant advantages in few-shot settings.
Function-level binary code similarity detection is a crucial aspect of cybersecurity. It enables the detection of bugs and patent infringements in released software and plays a pivotal role in preventing supply chain attacks. A practical embedding learning framework relies on the robustness of the assembly code representation and the accuracy of function-pair annotation, which is traditionally accomplished using supervised learning-based frameworks. However, annotating different function pairs with accurate labels poses considerable challenges. These supervised learning methods can be easily overtrained and suffer from representation robustness problems. To address these challenges, we propose SimCLF: A Simple Contrastive Learning Framework for Function-level Binary Embeddings. We take an unsupervised learning approach and formulate binary code similarity detection as instance discrimination. SimCLF directly operates on disassembled binary functions and could be implemented with any encoder. It does not require manually annotated information but only augmented data. Augmented data is generated using compiler optimization options and code obfuscation techniques. The experimental results demonstrate that SimCLF surpasses the state-of-the-art in accuracy and has a significant advantage in few-shot settings.