Can Neural Decompilation Assist Vulnerability Prediction on Binary Code?
This addresses the problem of identifying security vulnerabilities in software for security analysts, especially when source code is unavailable, though it appears incremental as it builds on existing neural decompilation and deep learning methods.
The paper tackles vulnerability prediction in binary code without source access by using neural decompilation to convert binaries to source code and applying deep learning for analysis, achieving state-of-the-art results in both decompilation and prediction tasks for bi-class and multi-class vulnerability identification.
Vulnerability prediction is valuable in identifying security issues efficiently, even though it requires the source code of the target software system, which is a restrictive hypothesis. This paper presents an experimental study to predict vulnerabilities in binary code without source code or complex representations of the binary, leveraging the pivotal idea of decompiling the binary file through neural decompilation and predicting vulnerabilities through deep learning on the decompiled source code. The results outperform the state-of-the-art in both neural decompilation and vulnerability prediction, showing that it is possible to identify vulnerable programs with this approach concerning bi-class (vulnerable/non-vulnerable) and multi-class (type of vulnerability) analysis.