AGNOMIN -- Architecture Agnostic Multi-Label Function Name Prediction

Abstract

Function name prediction is crucial for understanding stripped binaries in software reverse engineering, a key step for enabling subsequent vulnerability analysis and patching. However, existing approaches often struggle with architecture-specific limitations, data scarcity, and diverse naming conventions. We present AGNOMIN, a novel architecture-agnostic approach for multi-label function name prediction in stripped binaries. AGNOMIN builds Feature-Enriched Hierarchical Graphs (FEHGs), combining Control Flow Graphs, Function Call Graphs, and dynamically learned PCode features. A hierarchical graph neural network processes this enriched structure to generate consistent function representations across architectures, vital for scalable security assessments. For function name prediction, AGNOMIN employs a Ren\'ee-inspired decoder, enhanced with an attention-based head layer and algorithmic improvements. We evaluate AGNOMIN on a comprehensive dataset of 9,000 ELF executable binaries across three architectures, demonstrating its superior performance compared to state-of-the-art approaches, with improvements of up to 27.17\% in precision and 55.86\% in recall across the testing dataset. Moreover, AGNOMIN generalizes well to unseen architectures, achieving 5.89\% higher recall than the closest baseline. AGNOMIN's practical utility has been validated through security hackathons, where it successfully aided reverse engineers in analyzing and patching vulnerable binaries across different architectures.