WIP: Understanding Vulnerability Discovery in Expert and Novice Binary Analysts’ Behavior

 

Binary analysis plays a crucial role in uncovering vulnerabilities within software systems, enabling proactive security measures. This empirical study investigates the cognitive processes underlying static binary analysis for vulnerability discovery and explores the differences in approach among different levels of expertise. Novice and expert participants were assigned the task of analyzing binary programs to identify potential vulnerabilities or points of interest (POIs). The analysis of the workflow identified three dynamically interconnected phases: open exploration, guided exploration, and targeted search. Comparison of task performance revealed novices primarily focused on common vulnerabilities, while experts demonstrated a broader investigative scope. Gaze entropy analysis further highlighted differences, with novices exhibiting higher levels of entropy. While these findings enhance our understanding of the cognitive aspects of static binary analysis, further research is recommended to validate and extend these preliminary findings.

Raghav Bhat is a PhD student in the Human Systems Engineering department at Arizona State University. As a member of the Applied Attention Research (AAR) lab, his research is centered on Human Factors in Cybersecurity, with a specific focus on cyber operators. His work involves studying cognitive processes and human-system interactions, aiming to enhance decision-making in cyber operations, reduce human error, and improve the overall effectiveness of cyber defense. Raghav has contributed to the planning and execution of mixed-methods research in multiple government-funded projects for organizations such as the DoD, DARPA, and MIT Lincoln Lab.