The Binary Vulnerability Analysis tool stands out as an AI-driven scanner meticulously crafted to uncover vulnerabilities within binary files. Users simply upload their binary file to the tool, initiating a thorough analysis process against an extensive database comprising over 20,000 historical vulnerabilities.
The duration of the analysis depends on the file’s size, typically taking a few minutes to complete. The tool employs a systematic approach, starting with the decompilation of the executable file using Ghidra, a renowned reverse engineering software.
Subsequent steps involve content filtering, code cleansing, formatting, and the inference of Windows symbols and inline function calls. Next, the tool employs a CodeT5+Embedding model, fine-tuned on the Big Clone Bench and CodeSearchNet datasets, to generate function-wise embeddings, enhancing code comprehension and representation.
To pinpoint potential vulnerabilities, the tool cross-references code snippets against the DiverseVul dataset, a repository of known vulnerabilities. Furthermore, it harnesses SemGrep, an intelligent rule-based tool, to conduct additional vulnerability assessments.
Overall, the Binary Vulnerability Analysis tool offers a holistic approach to vulnerability detection in binary files. By integrating advanced AI algorithms and tapping into a vast repository of vulnerabilities, it equips users with a robust and efficient means to evaluate the security posture of their binaries.
