The Use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries
Calebe Helpa, Tiago Heinrich, Marcus Botacin, Newton Will, Rafael Obelheiro, Carlos Maziero
2024
Abstract
Debugging formats are well-known means to store information from an application, that help developers to find errors, bugs, or unexpected behavior during the development period. The Debugging With Attributed Record Format (DWARF) is an example of a generic format that can be used for a range of programming languages and formats, such as WebAssembly, a low-level binary format that provides a compilation target for high-level languages. Given the use of debugging formats, their potential for intrusion detection is still unknown. Our study consists of evaluating the use of data extracted with the DWARF format, and their respective potential for an intrusion detection solution. In this context, we present a strategy for identifying Potentially Unwanted Application (PUA) in WebAssembly binaries, through feature extraction and static analysis using the DWARF format as a data source from WebAssembly binary. Our results are promising, with an overall f1score performance above 96% for the algorithms.
DownloadPaper Citation
in Harvard Style
Helpa C., Heinrich T., Botacin M., Will N., Obelheiro R. and Maziero C. (2024). The Use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 442-449. DOI: 10.5220/0012754500003767
in Bibtex Style
@conference{secrypt24,
author={Calebe Helpa and Tiago Heinrich and Marcus Botacin and Newton Will and Rafael Obelheiro and Carlos Maziero},
title={The Use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={442-449},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012754500003767},
isbn={978-989-758-709-2},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - The Use of the DWARF Debugging Format for the Identification of Potentially Unwanted Applications (PUAs) in WebAssembly Binaries
SN - 978-989-758-709-2
AU - Helpa C.
AU - Heinrich T.
AU - Botacin M.
AU - Will N.
AU - Obelheiro R.
AU - Maziero C.
PY - 2024
SP - 442
EP - 449
DO - 10.5220/0012754500003767
PB - SciTePress