🤖 AI Summary
This work addresses the significant degradation in assembly comprehension and instruction-following capabilities of large language models when handling commercial-grade code obfuscation. To mitigate this, we propose OASIF, a framework featuring a token-efficient assembly encoder and a lightweight projection module that effectively injects long obfuscated sequences within limited context windows. OASIF further introduces a confusion-aware self-evolving instruction-following mechanism, which integrates feature-space alignment, supervised fine-tuning, and online reinforcement learning with hybrid rewards to continuously adapt to emerging obfuscation techniques with minimal human validation. Experiments on VMISA-Bench demonstrate substantial performance gains for open-source models: Qwen2.5-Coder-Instruct-14B achieves absolute success rate improvements of 15.9, 5.8, and 16.9 percentage points against three mainstream commercial obfuscators, while maintaining consistent gains on standard binary understanding and general programming benchmarks.
📝 Abstract
Large Language Models (LLMs) have recently shown promise in automated binary analysis, yet they remain brittle under commercial-grade obfuscation. We present OASIF, an Obfuscation-Aware Self-evolving Instruction-Following framework for obfuscated assembly comprehension. OASIF couples a token-efficient assembly encoder with a lightweight projector to expose long obfuscated code to a pretrained code LLM under a bounded context budget and follows a three-phase training: (i) feature-space alignment, (ii) supervised instruction fine-tuning, and (iii) online self-evolving reinforcement learning with hybrid rewards, enabling continual adaptation with minimal manual verification. On VMISA-Bench, a challenging out-of-distribution suite featuring three commercial VM-based obfuscators, OASIF consistently improves open-source backbones; Qwen2.5-Coder-Instruct-14B attains Success Rate gains of +15.9, +5.8, and +16.9 percentage points (pp) on Code Virtualizer, Themida (v3.0.7), and VMProtect (v3.5), respectively, and improves the OASIF-Bench average by +9.8. OASIF further delivers stable gains across seven standard BCSD benchmarks while preserving general and domain-relevant capabilities on HumanEval, VulBench, and HumanEval-Decompile.