Automating Reverse Engineering with Machine Learning, Binary Analysis, and Natural Language Processing

Reverse engineering (RE) applications (e.g., malware detection, firmware/vulnerability analysis, and software bill of material [SBOM] generation) have historically been a manual and time-intensive process performed by skilled practitioners. In this course, we will introduce, discuss, and demonstrate (via labs) how Binary Analysis, Natural Language Processing (NLP), and Machine Learning (ML) techniques can be leveraged to address automation and scaling challenges with respect to reverse engineering. We will show how NLP and Binary Analysis can provide a vehicle to capture relevant features and represent the features in a form that can be ingested into ML algorithms. We will then demonstrate how these features can be leveraged to automate RE applications that include malware detection, vulnerability analysis, and SBOM. We will conclude the course with a brief introduction to neural networks (NN) and the Keras/TensorFlow framework. We will discuss and demonstrate applications that include function name prediction for stripped binaries.