1. Title of the Publication Evolving Assembly Code in an Adversarial Environment 2. Author Information Irina Maliukov, Department of Computer Science, Ben-Gurion University, Beer-Sheva 8410501, Israel, irinamal@post.bgu.ac.il, +972-54-9472696 Achiya Elyasaf, Department of Software and Information Systems Engineering, Ben-Gurion University, Beer-Sheva 8410501, Israel, achiya@bgu.ac.il, +972-54-4292331 Oded Margalit, Department of Computer Science, Ben-Gurion University, Beer-Sheva 8410501, Israel, odedm@post.bgu.ac.il, +972-50-7362576 Gera Weiss, Department of Computer Science, Ben-Gurion University, Beer-Sheva 8410501, Israel, geraw@bgu.ac.il, +972-54-9797985 3. Corresponding Author Achiya Elyasaf 4. Paper Abstract We evolve survivors for the CodeGuru competition---assembly programs that run the longest in shared memory, by resisting attacks from adversary survivors and finding their weaknesses. For evolving top-notch solvers, we specify a Backus Normal Form (BNF) for the assembly language and synthesize the code from scratch using Genetic Programming (GP). We evaluate the survivors by running CodeGuru games against human-written winning survivors. Our evolved programs found weaknesses in the programs they were trained against and utilized them. This work has important applications for cyber-security, as we utilize evolution to detect weaknesses in survivors. The assembly BNF is domain-independent; thus, by modifying the fitness function, it can detect code weaknesses and help fix them. Finally, the CodeGuru competition offers a novel platform for analyzing GP and code evolution in adversarial environments. To support further research in this direction, we provide a thorough qualitative analysis of the evolved survivors and the weaknesses found. 5. Criteria that the author claims that the work satisfies (B) The result is equal to or better than a result that was accepted as a new scientific result at the time when it was published in a peer-reviewed scientific journal. (D) The result is publishable in its own right as a new scientific result independent of the fact that the result was mechanically created. (E) The result is equal to or better than the most recent human-created solution to a long-standing problem for which there has been a succession of increasingly better human-created solutions. (F) The result is equal to or better than a result that was considered an achievement in its field at the time it was first discovered. (G) The result solves a problem of indisputable difficulty in its field. (H) The result holds its own or wins a regulated competition involving human contestants (in the form of either live human players or human-written computer programs). 6. Statement Why the Results Satisfy the Criteria Why the result satisfies criterion (B) -------------------------------------- We were able to evolve winning survivors for the CodeGuru Xtreme competition. The evolved survivors are complete assembly programs that we created from scratch through evolution, rather than merely genetically enhancing existing survivors. All previous work on assembly code evolution that we are aware of has focused either on constraint assembly evolution or on genetic improvement. Why the result satisfies criteria (D, E, F, G) ----------------------------------------------- The CodeGuru Xtreme competition has been running annually since 2005. Since all past survivors are publicly available and competitors can learn from past survivors, the level rises each year, and more sophisticated survivors are written. Thus, winning is extremely difficult, even for highly qualified competitors. Still, the evolved survivors achieved impressive results by surpassing 78% of past years' winners. Our evolved survivors successfully targeted the human-written survivors, identifying and exploiting their weaknesses. Thus, the result is publishable in its own right. As we evolve our programs from scratch, using a general assembly 8086 grammar, we take a step further from previous works in the field of low-level code generation. This is because previous efforts mainly focused on enhancing existing programs or imposed significant restrictions on the generated code. Generating executable code from scratch is considerably harder, especially in assembly language, where programs are prone to executing illegal operations. Why the result satisfies criterion (H) -------------------------------------- (1) We have developed survivors that overtake 78% of the past human-written winning survivors. (2) Our evolved algorithms outperform human-written opponents while also being significantly shorter. (3) While human competitors can access the code of survivors from previous years and learn from it, our evolved survivors did not have access to this code. 7. Full Citation I. Maliukov, A. Elyasaf, O. Margalit, and G. Weiss. "Evolving Assembly Code in an Adversarial Environment" Genetic and Evolutionary Computation Conference (GECCO 2024), July 2024, Melbourne, VIC, Australia. doi:10.1145/3638530.3654209. arXiv preprint arXiv:2403.19489 8. Prize Money Breakdown Prize money, if any, will be divided equally among those co-authors who wish to receive an equal share. 9. A Statement Indicating Why this Entry Could Be the "Best" Assembly Evolution from Scratch ------------------------------- This is the first time evolution has successfully applied to create complete programs from scratch. All previous attempts focused on constraint assembly language or genetic improvement of existing code. Ingenuitive Survivors --------------------- Our evolved survivors are characterized by smart patterns that are not present in the human-written ones. In addition, they overtake human-written opponents while they are significantly shorter and consist of simpler patterns. For example, instead of the common "jmp start" to create the needed infinite loop, the GP discovered "jmp ax" alternative, which uses the fact that the ax register has the initial loading address. The Implications to Cyber-Security ---------------------------------- The implications of this work extend beyond the CodeGuru Xtreme competition. Utilizing evolution to detect weaknesses in other survivors has applications in cyber-security. Malware developers modify their code so it would not be recognized by its code or behavioral signatures, and yet the functionality of the malware would be preserved, continuing the infinite protector-attacker struggle. Since much malware is written in assembly (and most malware run in assembly even if originally written in a high-level language), our work on evolving CodeGuru survivors in an adversarial environment serves as an interesting platform to analyze the ability of evolution to overcome tools designed especially against it. Furthermore, in the full paper (https://doi.org/10.48550/arXiv.2403.19489), we demonstrate such a utilization of our research, where we emulate a signature-based anti-virus inside the CodeGuru Xtreme environment. 10. Evolutionary Computation Type GP (genetic programming) 11. Publication Date The publication has been accepted as a poster to GECCO 2024, July 14–18, 2024, Melbourne, VIC, Australia.