The increasing number of cybersecurity regulations highlights the growing importance of scrutinizing firmware in smart devices to ensure compliance and security. However, such scrutiny often involves reverse engineer- ing—a process that is time-consuming, costly, and reliant on highly specialized skills that are in short supply. Consequently, there is a rising demand from the industrial sector for innovative tools and solutions to streamline and accelerate firmware analysis, making it more efficient and accessible. In this paper, we introduce BinSAFE, an integrated system for comparing binaries within a firmware against a knowledge base. BinSAFE supports adding new firmware, extracting its binaries, and matching them against the knowledge base for comparison. The core of BinSAFE is a graph-matching algorithm that leverages embedding-based solutions to identify similar functions across binaries and compute binary-level similarity. This consists of a greedy strategy to match the call graphs of two binaries, considering both library and user-defined functions. We evaluated BinSAFE on a multi-architecture dataset comprising binaries compiled with different compilers and optimization levels. The results demonstrate that BinSAFE outperforms a simple baseline, highlighting that combining intra-procedural information from functions with inter-procedural one from call graphs enhances the understanding of binaries’ semantics.
BinSAFE: Extending Functions Embeddings to Entire Binaries / Capozzi, Gianluca; Laurenzi, Giordano; Mormando, Marco; Gianni, Carmine; Marcilli, Gianluca; Querzoni, Leonardo; Di Luna, Giuseppe Antonio. - 3962:(2025). ( Joint National Conference on Cybersecurity (ITASEC & SERICS 2025) Bologna; Italy ).
BinSAFE: Extending Functions Embeddings to Entire Binaries
Gianluca Capozzi;Giordano Laurenzi;Marco Mormando;Carmine Gianni;Leonardo Querzoni;Giuseppe Di Luna
2025
Abstract
The increasing number of cybersecurity regulations highlights the growing importance of scrutinizing firmware in smart devices to ensure compliance and security. However, such scrutiny often involves reverse engineer- ing—a process that is time-consuming, costly, and reliant on highly specialized skills that are in short supply. Consequently, there is a rising demand from the industrial sector for innovative tools and solutions to streamline and accelerate firmware analysis, making it more efficient and accessible. In this paper, we introduce BinSAFE, an integrated system for comparing binaries within a firmware against a knowledge base. BinSAFE supports adding new firmware, extracting its binaries, and matching them against the knowledge base for comparison. The core of BinSAFE is a graph-matching algorithm that leverages embedding-based solutions to identify similar functions across binaries and compute binary-level similarity. This consists of a greedy strategy to match the call graphs of two binaries, considering both library and user-defined functions. We evaluated BinSAFE on a multi-architecture dataset comprising binaries compiled with different compilers and optimization levels. The results demonstrate that BinSAFE outperforms a simple baseline, highlighting that combining intra-procedural information from functions with inter-procedural one from call graphs enhances the understanding of binaries’ semantics.| File | Dimensione | Formato | |
|---|---|---|---|
|
Capozzi_BinSAFE_2025.pdf
accesso aperto
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Creative commons
Dimensione
1.72 MB
Formato
Adobe PDF
|
1.72 MB | Adobe PDF |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
