Instruction2vec: Efficient Preprocessor of Assembly Code to Detect Software Weakness with CNN

Potential software weakness, which can lead to exploitable security vulnerabilities, continues to pose a risk to computer systems. According to Common Vulnerability and Exposures, 14,714 vulnerabilities were reported in 2017, more than twice the number reported in 2016. Automated vulnerability detection was recommended to efficiently detect vulnerabilities. Among detection techniques, static binary analysis detects software weakness based on existing patterns. In addition, it is based on existing patterns or rules, making it difficult to add and patch new rules whenever an unknown vulnerability is encountered. To overcome this limitation, we propose a new method&#8212;<i>Instruction2vec</i>&#8212;an improved static binary analysis technique using machine. Our framework consists of two steps: (1) it models assembly code efficiently using <i>Instruction2vec</i>, based on <i>Word2vec</i>; and (2) it learns the features of software weakness code using the feature extraction of Text-CNN without creating patterns or rules and detects new software weakness. We compared the preprocessing performance of three frameworks&#8212;<i>Instruction2vec</i>, <i>Word2vec</i>, and <i>Binary2img</i>&#8212;to assess the efficiency of <i>Instruction2vec</i>. We used the <i>Juliet Test Suite</i>, particularly the part related to Common Weakness Enumeration(CWE)-121, for training and Securely Taking On New Executable Software of Uncertain Provenance (STONESOUP) for testing. Experimental results show that the proposed scheme can detect software vulnerabilities with an accuracy of 91% of the assembly code.