Search papers, labs, and topics across Lattice.
This paper introduces OASIF, a novel framework designed to enhance the performance of large language models (LLMs) in understanding and following instructions for obfuscated assembly code. By integrating a token-efficient assembly encoder with a lightweight projector and employing a three-phase training process, OASIF enables LLMs to adapt to obfuscated code with minimal manual intervention. The results demonstrate significant improvements in success rates across various obfuscation techniques, with notable gains of up to 16.9 percentage points on specific benchmarks, showcasing its robustness against commercial-grade obfuscation methods.
OASIF achieves up to 16.9 percentage points improvement in instruction-following success rates for LLMs facing commercial-grade obfuscation, redefining the limits of automated binary analysis.
Large Language Models (LLMs) have recently shown promise in automated binary analysis, yet they remain brittle under commercial-grade obfuscation. We present OASIF, an Obfuscation-Aware Self-evolving Instruction-Following framework for obfuscated assembly comprehension. OASIF couples a token-efficient assembly encoder with a lightweight projector to expose long obfuscated code to a pretrained code LLM under a bounded context budget and follows a three-phase training: (i) feature-space alignment, (ii) supervised instruction fine-tuning, and (iii) online self-evolving reinforcement learning with hybrid rewards, enabling continual adaptation with minimal manual verification. On VMISA-Bench, a challenging out-of-distribution suite featuring three commercial VM-based obfuscators, OASIF consistently improves open-source backbones; Qwen2.5-Coder-Instruct-14B attains Success Rate gains of +15.9, +5.8, and +16.9 percentage points (pp) on Code Virtualizer, Themida (v3.0.7), and VMProtect (v3.5), respectively, and improves the OASIF-Bench average by +9.8. OASIF further delivers stable gains across seven standard BCSD benchmarks while preserving general and domain-relevant capabilities on HumanEval, VulBench, and HumanEval-Decompile.