In the past years we worked on the development of a decompiler which can reconstruct easy-to-understand source code from binary code with high precision. In the past months, the Code Intelligence Team has developed this technology into a marketable product, combining abstraction reconstructions with a graphical representation of the code. In these graphs, patterns and correlations of vulnerabilities are identified. The team extracted thousands of patterns from published vulnerabilities, such as the collection of Critical Vulnerabilities and Exposures (CVEs), and implemented them in a custom-tailored data base. An artificial intelligence continuously expands the data base and performs an automated pattern detection of the analysed machine code.
Yakdan, Khaled, et al. “No More Gotos: Decompilation Using Pattern-Independent Control-Flow Structuring and Semantic-Preserving Transformations.” NDSS. 2015. Distinguished Paper Award.
Yakdan, Khaled, et al. “Helping Johnny to Analyze Malware: A Usability-Optimized Decompiler and Malware Analysis User Study.” Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 2016.
Perl, Henning, et al. “VCCFinder: Finding potential vulnerabilities in open-source projects to assist code audits.” Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 2015.