* update 2024-11-14 06:20:40

arXiv_db/Malware/2024.md

@@ -3490,3 +3490,27 @@
 
 </details>
 
+<details>
+
+<summary>2024-11-11 21:40:16 - Know Your Neighborhood: General and Zero-Shot Capable Binary Function Search Powered by Call Graphlets</summary>
+
+- *Joshua Collyer, Tim Watson, Iain Phillips*
+
+- `2406.02606v2` - [abs](http://arxiv.org/abs/2406.02606v2) - [pdf](http://arxiv.org/pdf/2406.02606v2)
+
+> Binary code similarity detection is an important problem with applications in areas such as malware analysis, vulnerability research and license violation detection. This paper proposes a novel graph neural network architecture combined with a novel graph data representation called call graphlets. A call graphlet encodes the neighborhood around each function in a binary executable, capturing the local and global context through a series of statistical features. A specialized graph neural network model operates on this graph representation, learning to map it to a feature vector that encodes semantic binary code similarities using deep-metric learning. The proposed approach is evaluated across five distinct datasets covering different architectures, compiler tool chains, and optimization levels. Experimental results show that the combination of call graphlets and the novel graph neural network architecture achieves comparable or state-of-the-art performance compared to baseline techniques across cross-architecture, mono-architecture and zero shot tasks. In addition, our proposed approach also performs well when evaluated against an out-of-domain function inlining task. The work provides a general and effective graph neural network-based solution for conducting binary code similarity detection.
+
+</details>
+
+<details>
+
+<summary>2024-11-12 03:32:30 - LLM App Squatting and Cloning</summary>
+
+- *Yinglin Xie, Xinyi Hou, Yanjie Zhao, Kai Chen, Haoyu Wang*
+
+- `2411.07518v1` - [abs](http://arxiv.org/abs/2411.07518v1) - [pdf](http://arxiv.org/pdf/2411.07518v1)
+
+> Impersonation tactics, such as app squatting and app cloning, have posed longstanding challenges in mobile app stores, where malicious actors exploit the names and reputations of popular apps to deceive users. With the rapid growth of Large Language Model (LLM) stores like GPT Store and FlowGPT, these issues have similarly surfaced, threatening the integrity of the LLM app ecosystem. In this study, we present the first large-scale analysis of LLM app squatting and cloning using our custom-built tool, LLMappCrazy. LLMappCrazy covers 14 squatting generation techniques and integrates Levenshtein distance and BERT-based semantic analysis to detect cloning by analyzing app functional similarities. Using this tool, we generated variations of the top 1000 app names and found over 5,000 squatting apps in the dataset. Additionally, we observed 3,509 squatting apps and 9,575 cloning cases across six major platforms. After sampling, we find that 18.7% of the squatting apps and 4.9% of the cloning apps exhibited malicious behavior, including phishing, malware distribution, fake content dissemination, and aggressive ad injection.
+
+</details>
+