What problem does this paper attempt to address?

The problem that this paper attempts to solve is to evaluate the effectiveness of large - language models (LLMs), especially GPT - 4, in binary reverse engineering (RE). Specifically, the research aims to explore the following questions: 1. **Code - interpretation ability**: Can LLMs effectively interpret and understand human - written code and decompiled code? This includes the interpretation of simple code and complex malware code. 2. **Malware analysis**: How do LLMs perform when processing and analyzing malware? This includes identifying the functions of malware, network behavior, potential security vulnerabilities, etc. 3. **Technical limitations and improvement directions**: What are the current limitations of LLMs in binary reverse engineering? How can their performance be improved by improving the model or method? ### Research background and motivation With the development of large - language models (LLMs), their performance in natural - language - processing (NLP) tasks has become increasingly excellent, especially in understanding and generating context - related texts. However, the application potential of these models in the field of computer science, especially in binary reverse engineering, has not been fully explored. Binary reverse engineering is a complex and time - consuming task, involving decoding the underlying code and design logic of binary files. Therefore, researchers have a strong interest in the performance of LLMs in this field, hoping to simplify and accelerate the reverse - engineering process through these models. ### Research objectives To answer the above questions, the research has set two main objectives: 1. **Explore the performance of LLMs in basic code interpretation**: Through a series of experiments, evaluate the ability of LLMs to interpret simple C - program code and decompiled code. 2. **Evaluate the performance of LLMs in malware analysis**: Through more complex experiments, test the effectiveness of LLMs in interpreting and analyzing real - world malware code. ### Experimental design The research is carried out in two stages: 1. **First stage: Basic code interpretation** - **Scenario 1**: Interpret the original code (with comments) - **Scenario 2**: Interpret the code without comments - **Scenario 3**: Interpret the decompiled code 2. **Second stage: Malware analysis** - **Scenario 1 & 2**: Rename the decompiled functions and variables - **Scenario 3**: Evaluate code properties through binary questions - **Scenario 4**: Conduct a comprehensive analysis from three perspectives: function overview, key observations, and security analysis - **Scenario 5**: Conduct in - depth analysis of code structure and function through questionnaires ### Key findings 1. **LLMs show certain abilities in basic code interpretation**, but have limitations in decompiled - code interpretation. 2. **In malware analysis**, LLMs can identify some basic code structures and functions, but perform poorly in detecting covert techniques and certain malicious activities. 3. **The research reveals the potential and limitations of LLMs in reverse engineering**, providing valuable directions for future research and improvement. Through these experiments, researchers hope to provide theoretical basis and technical support for applying LLMs to binary reverse engineering, and lay the foundation for further research and development.