A Tool for Reverse Analysis and Classification of Executables (T.R.A.C.E) Family of Algorithms
Description
National security faces increasing risks due to the evolving capabilities of enemy drones. In reverse engineering, analyzing executable files remains a challenge, as minor code modifications can bypass traditional signature based detection methods. Dynamic analysis, while effective, is often time consuming. Many static analysis approaches require expert interpretation, limiting their accessibility. Existing static methods, such as variable name prediction and sequence-based techniques, suffer from low accuracy due to compiler variations. Reverse engineering tools also fail to provide meaningful variable names for analysis, further complicating the process. Graph Neural Networks (GNNs) offer a promising solution for executable code analysis without requiring extensive expertise or external domain knowledge. While GNNs have shown success in static analysis using control flow graphs (CFGs) and function call graphs, limited research has explored their application in data flow graphs (DFGs) for algorithm identification. Current research primarily focuses on detecting malicious behavior, but there is a gap in classifying executable files based on their algorithmic families. This study aims to develop a system capable of analyzing Windows executable files and predicting their algorithm classification with confidence levels ranging from 0% to 100%. By leveraging data flow graphs and GNNs, this approach seeks to enhance executable file analysis, improving accuracy and efficiency.