Can We Generate Shellcodes via Natural Language? An Empirical Study

8 Feb 2022  ·  Pietro Liguori, Erfan Al-Hossami, Domenico Cotroneo, Roberto Natella, Bojan Cukic, Samira Shaikh ·

Writing software exploits is an important practice for offensive security analysts to investigate and prevent attacks. In particular, shellcodes are especially time-consuming and a technical challenge, as they are written in assembly language. In this work, we address the task of automatically generating shellcodes, starting purely from descriptions in natural language, by proposing an approach based on Neural Machine Translation (NMT). We then present an empirical study using a novel dataset (Shellcode_IA32), which consists of 3,200 assembly code snippets of real Linux/x86 shellcodes from public databases, annotated using natural language. Moreover, we propose novel metrics to evaluate the accuracy of NMT at generating shellcodes. The empirical analysis shows that NMT can generate assembly code snippets from the natural language with high accuracy and that in many cases can generate entire shellcodes with no errors.

PDF Abstract

Results from the Paper
Edit

 Ranked #1 on Code Generation on Shellcode_IA32

     Get a GitHub badge
Task Dataset Model Metric Name Metric Value Global Rank Result Benchmark
Code Generation Shellcode_IA32 CodeBERT BLEU-4 91.70 # 1
Compare
Exact Match Accuracy 89.75 # 1
Compare
Code Generation Shellcode_IA32 Seq2Seq with Attention BLEU-4 90.03 # 2
Compare
Exact Match Accuracy 82.92 # 2
Compare

Methods
Add Remove

No methods listed for this paper. Add relevant methods here
Contact us on: hello@paperswithcode.com . Papers With Code is a free resource with all data licensed under CC-BY-SA.
Terms Data policy Cookies policy