Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Cross-architecture binary function similarity detection method and system based on neural network

A neural network and detection method technology, applied in the field of cross-architecture binary function similarity detection, can solve the problems of loss of similarity features, inability to guarantee, high overhead, etc., and achieve high accuracy, reduced difficulty, and fast speed

Active Publication Date: 2021-02-02
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF7 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Code high-level intermediate representation analysis and comparison are difficult and inefficient
The comparison and matching algorithm directly to the CFG structure has a problem of huge overhead, and over-optimization of the vertices and structures of the CFG may improve the detection efficiency, but may lose important similarity features
The similarity model may introduce human bias. Existing research mostly uses artificially defined code features to construct intermediate representations, especially the method of constructing feature vectors based on code attribute statistics. They usually default that different attributes are not related to each other, and the similarity Contributions are the same, while the actual situation does not guarantee both

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cross-architecture binary function similarity detection method and system based on neural network
  • Cross-architecture binary function similarity detection method and system based on neural network
  • Cross-architecture binary function similarity detection method and system based on neural network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029]In order to make the objectives, technical solutions and advantages of the present invention clearer and more comprehensible, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions.

[0030]For embodiments of the present invention, seefigure 1 As shown, a cross-architecture binary function similarity detection method based on neural network is provided, seefigure 1 As shown, it contains the following:

[0031]S101. For different types of binary files, traverse the binary file function list, construct and optimize the function control flow graph;

[0032]S102. For the optimized function control flow graph, translate the program basic block bytecode to obtain an intermediate representation, and generate a semantic embedding vector of the basic block code;

[0033]S103: Extract the optimized function control flow graph node using the breadth-first graph traversal algorithm, and obtain the function embedding vector...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of network security, and particularly relates to a cross-architecture binary function similarity detection method and system based on a neural network, andthe method comprises the steps: traversing a binary file function list for different types of binary files, constructing and optimizing a function control flow graph, translating the program basic block byte code to obtain an intermediate representation, generating a semantic embedding vector of the basic block code, extracting function control flow graph nodes by using a breadth-first graph traversal algorithm, obtaining function embedding vectors according to semantic embedding vectors and control flow information of the nodes, and calculating the cosine distance between the function embedding vectors to measure the function similarity. The method is more beneficial to code intermediate representation, eliminates the difference between different instruction architectures, reduces the cross-architecture code similarity detection difficulty, and reduces the expansion workload and difficulty, based on a function embedding process of a PVDM model and a graph neural network, introductionof human prejudice is avoided, the improved graph neural network is faster in convergence speed and higher in overall efficiency and accuracy of the system.

Description

Technical field[0001]The invention belongs to the technical field of network security, and particularly relates to a method and system for detecting the similarity of cross-architecture binary functions based on neural networks.Background technique[0002]The same source code is compiled with different compilers and optimized configurations. For different hardware platforms, the compiled binary codes are not the same. Therefore, the binary code similarity detection will encounter its unique problems, namely, cross-compiler, cross-compilation optimized configuration and cross-compiler. Instruction structure detection problem. The main idea of ​​traditional binary code similarity detection technology is to first abstract intermediate representations for binary code fragments that are not related to the compiler, compilation optimization configuration, and instruction architecture, such as identifier sequences, abstract syntax trees, or control flow graphs. ,CFG), and then measure the si...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06N3/04G06N3/08G06F8/41
CPCG06N3/049G06N3/084G06F8/436G06N3/044G06N3/045Y02D10/00
Inventor 魏强武泽慧黄辉辉方磊王红敏王允超
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com