University of Hamburg - to research, to teach, to educate and form, to homepage
Computer Networks

Photo: UHH/Denstorf

Paper accepted at ASIA CCS'25

2 July 2025, by Mathias Fischer

asia ccs

Photo: ACM ASIA CCS

Our paper, ”Enhancing Binary Code Similarity Analysis for Software Updates: A Contextual Diffing Framework” was accepted for publication at ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2025).

We will present our results at the workshop in Hanoi/Vietnam and seek an exchange with international researchers.

Paper Abstract:

Software analysis and reverse engineering are essential for identifying vulnerabilities, analyzing malware, and modifying software. Rediscovering function locations across versions is critical in security applications such as vulnerability tracking, malware analysis, and maintaining instrumentations. Software updates disrupt these workflows by changing function layouts, requiring re-identification in updated binaries. Binary Code Similarity Analysis (BCSA) can help, but most existing approaches are designed and evaluated for cross-optimization (XO), cross-compiler (XC), cross-architecture (XA), or cross-binary (XB) scenarios, not the cross-version (XV) setting. XV enables assumptions such as the stability of a function’s role and surrounding call graph, which are often invalidated by transformations like inlining or splitting in other settings. We explore BCSA for function rediscovery across software updates (XV). Our method incorporates version-specific call graphs and recursive neighborhood matching to improve accuracy. While neighborhood-based strategies are common, we generalize them through recursive application and contextual integration. Applied as a meta-algorithm, our approach refines both structural and embedding-based techniques. We also introduce an evaluation framework tailored to rediscovery, measuring effectiveness beyond accuracy or recall@1. Our metrics capture differences across function properties like size, call graph complexity, and uniqueness. The approach improves the accuracy of existing BCSA tools (e.g., Asm2Vec, SAFE) by up to 38.66% in XV settings, reaching 90.02% overall. Significant gains are seen for functions with limited call graph context (up to 78%) and for uniquely identifiable functions (up to 352%).

Latest articles

Screenshot of the ARES 2025 website

Photo: https://2025.ares-conference.eu/

07.05.2025|NET
Paper accepted at ARES'25

We are thrilled to announce that our paper, "C2 Beaconing Detection via AI-based Time-Series Analysis", has been accepted for publication at the 20th International Conference on Availability, Reliability and Security (ARES'25), to be held in Ghent, Belgium, from August 11-14, 2025.

In this paper, we...

Screenshot of the DSN 2025 Website

Photo: https://dsn2025.github.io/

21.03.2025|NET
Paper accepted at DSN'25

We are happy to announce that our paper, "QUIC-Aware Load Balancing: Attacks and Mitigations", was accepted for publication at the 55th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '25).

In this paper, we have presented attacks against insecure encoding schemes...