BinVuGAL: Binary vulnerability detection method based on graph neural network combined with assembly language model

Binary vulnerability detection is an important research direction in the field of cyber security. In recent years, there have been studies applying deep learning to binary vulnerability detection to implement automated detection systems. However, these studies are often based on similarity analysis or treat binary codes as text, limiting the effectiveness of the analysis. There is still a lot of room for improvement in vulnerability detection levels. In this paper, we propose a Binary vulnerability detection method based on Graph neural network combined with Assembly Language model (BinVuGAL). It uses code generated from disassembly of binary files as a dataset to extract enhanced Program Dependency Graph (ePDG); nodes are embedded by pre-trained assembly language models and fed into a graph neural network model for classification. The experiments demonstrate that BinVuGAL can effectively function in the detection task of the 6 most exploitable vulnerability types. It benefits from ePDG-based pre-trained language models and graph neural networks, and outperforming other binary vulnerability detection method in terms of accuracy and F1 scores.