Binary executable file homology analysis method, computer device and storage medium

A technology for executing files and analysis methods, applied in computing, semantic analysis, energy-saving computing, etc., can solve the problems of result impact, difficulty in fully capturing the semantics of binary code fragments, limited range of binary features, etc., and achieve strong robustness

What is AI technical title?
AI technical title is built by PatSnap AI team. It summarizes the technical point description of the patent document.
A technology for executing files and analysis methods, applied in computing, semantic analysis, energy-saving computing, etc., can solve the problems of result impact, difficulty in fully capturing the semantics of binary code fragments, limited range of binary features, etc., and achieve strong robustness

CN114528015BActive Publication Date: 2022-07-29湖南泛联新安信息科技有限公司

2 Cites 0 Cited by

Image

Smart Image Click on the blue labels to locate them in the text.

Viewing Examples

Smart Image

Examples

Experimental program

Comparison scheme

Effect test

Embodiment Construction

[0024] In order to be able to understand the above objects, features and advantages of the present invention more clearly, the present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments. It should be noted that the embodiments of the present application and the features in the embodiments may be combined with each other in the case of no conflict.

[0025] like figure 1 shown, figure 1 The specific flow of the binary executable homology analysis method is shown.

[0026] In one of the embodiments, a binary executable homology analysis method, the method includes the following steps:

[0027] S1, utilize a disassembly tool to convert the binary executable file into assembly code, and generate a function control flow graph (Control Flow Graph, CFG) corresponding to the binary executable file based on the assembly code, wherein the disassembly tool is an IDA Pro anti-disassembly tool. Assembler (Interactive ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine

Login to View More

PUM

Login to View More

Abstract

The invention specifically discloses a binary executable file homology analysis method, computer equipment and storage medium. The method includes: generating a function control flow graph corresponding to the binary executable file; generating a corresponding instruction vector in a high-dimensional vector space and basic block vector; obtain the function vector matrix of the same dimension based on the preset neural network model; multiply the function vector matrix by matrix and sort them from large to small, and then obtain similar function pairs, and use similar function pairs to find that is matching results are available. The invention applies the bidirectional multi-layer conversion encoder of natural language processing to the semantic generation of assembly code language, generates corresponding instruction vector and basic block vector in the high-dimensional vector space of the same dimension, and compares the function control flow graph with the The basic block vector is combined to obtain the corresponding function semantic vector, and the homology analysis is realized based on the similarity function search, which has the characteristics of strong robustness, fast running speed and good test effect.

Description

technical field [0001] The present invention relates to the technical field of computer software, and in particular, to a binary executable file homology analysis method, computer equipment and storage medium. Background technique [0002] Binary code homology detection is an important technology in the field of software engineering and program security. It is used to detect whether two given binary fragments are similar. It has been widely used in vulnerability search, malicious code identification, patch analysis and plagiarism detection. and other software security analysis tasks. At present, the technology mainly includes the following methods: [0003] 1. Represented by a commercial disassembly tool (BinDiff), using function raw byte hashes, function call graphs, control flow graph structures, and strings as features, and using a variety of heuristic algorithms for matching; these methods are mainly for control. Flow or data flow graph isomorphism or graph decompositi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine

Login to View More

Application Information

Patent Timeline

29 Jul 2022

Publication

CN114528015B

IPC: G06F8/75; G06F8/53; G06F40/194; G06F40/30; G06N3/08

CPC: G06F8/75; G06F8/751; G06F8/53; G06F40/194; G06F40/30; G06N3/08; Y02D10/00

Inventors: 吴潇; 杨智霖