Deep Learning-based Binary Analysis for Vulnerability Detection in x86-64 Machine Code
Mitchell Petingola
TL;DR
This work tackles vulnerability detection directly from raw x86-64 machine code, comparing two deep learning pipelines—a sequential token-based model and a graph-based model that leverages control-flow information. It shows that graph-based architectures consistently surpass sequential ones, illustrating the crucial role of CFG-based relationships in identifying memory-corruption vulnerabilities. Using FormAI-v2, the study demonstrates that machine code alone yields competitive accuracy (on par with assembly-based approaches) and outlines practical training strategies, dataset preparation, and architectural choices. The findings point to practical, efficient binary analysis tools and motivate future work on data-flow integration, interpretability, and cross-architecture applicability.
Abstract
While much of the current research in deep learning-based vulnerability detection relies on disassembled binaries, this paper explores the feasibility of extracting features directly from raw x86-64 machine code. Although assembly language is more interpretable for humans, it requires more complex models to capture token-level context. In contrast, machine code may enable more efficient, lightweight models and preserve all information that might be lost in disassembly. This paper approaches the task of vulnerability detection through an exploratory study on two specific deep learning model architectures and aims to systematically evaluate their performance across three vulnerability types. The results demonstrate that graph-based models consistently outperform sequential models, emphasizing the importance of control flow relationships, and that machine code contains sufficient information for effective vulnerability discovery.
