Binary code similarity detection method and system based on graph matching network

Abstract

The invention discloses a binary code similarity detection method and system based on a graph matching network, and the method comprises the steps: obtaining a to-be-detected program pair, disassembling the to-be-detected program pair, and obtaining an inter-process control flow graph (ICFG) and an instruction thereof; acquiring initial feature embedding of a basic block for an inter-process control flow graph ICFG of the to-be-detected program; obtaining final embedding hG1 and hG2 of an inter-process control flow graph ICFG of the to-be-detected program pair through a graph matching neural network; and calculating the similarity between the final embedded hG1 and hG2 of the inter-process control flow graph ICFG of the to-be-detected program pair in the vector space, and taking the similarity as a similarity detection result of the to-be-detected program pair. The final embedding of the ICFG of the to-be-detected program pair is obtained through the graph matching neural network, so that rich semantic representation can be obtained, the detection accuracy can be effectively improved, and the invention has an important basic effect on code security analysis based on binary systems.

Description

technical field [0001] The invention belongs to the security field of the Internet of Things, and in particular relates to a binary code similarity detection method and system based on a graph matching network. Background technique [0002] Binary code similarity detection has important applications in many computer system security aspects related to national economy and people's livelihood, such as: vulnerability detection, software plagiarism detection, malware detection, code reconstruction, etc. With the rapid application of the Internet of Things in the field of intelligent manufacturing, the stable operation of modern military equipment, large-scale scientific research equipment, civil power, transportation, petrochemical, manufacturing and other industries is increasingly dependent on information-based control systems. Issues such as codes and vulnerabilities have become important challenges to information system security. Especially a single bug at the source code l...

AI Technical Summary

Problems solved by technology

[0004] Although binary code similarity detection based on graph representation learning has many advantages, there are three main limitations: 1) Lexical representation problem

Existing instruction-level embeddings, whether using artificial feature extraction or pre-training methods based on natural language processing, usually treat the entire instruction or part of the instruction (opcode, operand) as a word for processing, ignoring the lack of vocabulary (OOV ) problem, which leads to instruction-level data embedding very close to the origin and lack of data flow confusion robustness; 2) scalability problem; 3) existing methods cannot meet the large-grained program-level comparison requirements

Images