The Use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries

Calebe Helpa; Tiago Heinrich; Marcus Botacin; Newton Will; Rafael Obelheiro; Carlos Maziero

doi:10.5220/0012754500003767

The Use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries

Calebe Helpa, Tiago Heinrich, Marcus Botacin, Newton Will, Rafael Obelheiro, Carlos Maziero

2024

Abstract

Debugging formats are well-known means to store information from an application, that help developers to find errors, bugs, or unexpected behavior during the development period. The Debugging With Attributed Record Format (DWARF) is an example of a generic format that can be used for a range of programming languages and formats, such as WebAssembly, a low-level binary format that provides a compilation target for high-level languages. Given the use of debugging formats, their potential for intrusion detection is still unknown. Our study consists of evaluating the use of data extracted with the DWARF format, and their respective potential for an intrusion detection solution. In this context, we present a strategy for identifying Potentially Unwanted Application (PUA) in WebAssembly binaries, through feature extraction and static analysis using the DWARF format as a data source from WebAssembly binary. Our results are promising, with an overall f1score performance above 96% for the algorithms.

Download

Paper Citation

in Harvard Style

Helpa C., Heinrich T., Botacin M., Will N., Obelheiro R. and Maziero C. (2024). The Use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 442-449. DOI: 10.5220/0012754500003767

in Bibtex Style

@conference{secrypt24,
author={Calebe Helpa and Tiago Heinrich and Marcus Botacin and Newton Will and Rafael Obelheiro and Carlos Maziero},
title={The Use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={442-449},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012754500003767},
isbn={978-989-758-709-2},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - The Use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries
SN - 978-989-758-709-2
AU - Helpa C.
AU - Heinrich T.
AU - Botacin M.
AU - Will N.
AU - Obelheiro R.
AU - Maziero C.
PY - 2024
SP - 442
EP - 449
DO - 10.5220/0012754500003767
PB - SciTePress