[go: up one dir, main page]

CN107357566A - More framework binary system similar codes detecting systems and method - Google Patents

More framework binary system similar codes detecting systems and method Download PDF

Info

Publication number
CN107357566A
CN107357566A CN201710418775.4A CN201710418775A CN107357566A CN 107357566 A CN107357566 A CN 107357566A CN 201710418775 A CN201710418775 A CN 201710418775A CN 107357566 A CN107357566 A CN 107357566A
Authority
CN
China
Prior art keywords
binary
module
parameter
function
semantic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710418775.4A
Other languages
Chinese (zh)
Inventor
张媛媛
胡易坤
王晴
李卷孺
谷大武
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiao Tong University
Original Assignee
Shanghai Jiao Tong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiao Tong University filed Critical Shanghai Jiao Tong University
Priority to CN201710418775.4A priority Critical patent/CN107357566A/en
Publication of CN107357566A publication Critical patent/CN107357566A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/75Structural analysis for program understanding
    • G06F8/751Code clone detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

一种多架构二进制相似代码检测系统及方法,包括:预处理模块、参数识别模块、Switch间接跳转识别模块、语义生成模块和比较模块,预处理模块接收待处理的二进制代码并输出二进制函数分别至参数识别模块、Switch间接跳转识别模块和语义生成模块,参数识别模块从中提取出排序表并输出至语义生成模块,间接跳转识别模块从中提取出Switch间接跳转语句并输出至语义生成模块,语义生成模块根据参数识别模块生成的参数信息,进行二进制函数的模拟执行,并提取出其中的语义特征序列输出至比较模块,比较模块采用序列对其的方式对收到的语义特征序列进行比较并输出相似度值。本发明通过自动化定位相似的代码,从而将已经分析完成的代码信息同步迁移到不同的平台上,降低额外的人工分析成本,提高分析效率。

A multi-architecture binary similar code detection system and method, including: a preprocessing module, a parameter identification module, a Switch indirect jump identification module, a semantic generation module and a comparison module, the preprocessing module receives binary codes to be processed and outputs binary functions respectively To the parameter recognition module, Switch indirect jump recognition module and semantic generation module, the parameter recognition module extracts the sorting table from it and outputs it to the semantic generation module, and the indirect jump recognition module extracts the Switch indirect jump statement from it and outputs it to the semantic generation module , the semantic generation module simulates and executes the binary function according to the parameter information generated by the parameter identification module, and extracts the semantic feature sequence and outputs it to the comparison module, which compares the received semantic feature sequence by means of sequence alignment And output the similarity value. The present invention automatically locates similar codes, thereby synchronously migrating analyzed code information to different platforms, reducing additional manual analysis costs and improving analysis efficiency.

Description

More framework binary system similar codes detecting systems and method
Technical field
The present invention relates to a kind of technology of computer realm, specifically a kind of more framework binary system similar codes detections System and method.
Background technology
With the popularization and application of smart machine, increasing program has been migrated to ARM, MIPS from desktop platform Deng in the embedded device for framework, although the binary program analytical technology of desktop platform (such as x86) is more ripe, Because different frameworks in instruction set, code offset and calling convention etc. suffer from huge difference, pass through these technologies point The program information separated out is difficult to move among another framework (such as ARM) from a framework (such as x86).
The content of the invention
The present invention can not match the program code of API semantic informations shortage for prior art and can not realize across framework The defects of matching, a kind of more framework binary system similar codes detecting systems and method are proposed, similar generation is positioned by automating Code, so as to which the code information synchronous migration of completion will have been analyzed to different platforms, extra manual analysis cost is reduced, Improve analysis efficiency.
The present invention is achieved by the following technical solutions:
The present invention relates to a kind of more framework binary system similar codes detecting systems, including:Pretreatment module, parameter identification mould Block, Switch redirect identification module, semantic generation module and comparison module indirectly, wherein:Pretreatment module receives pending Binary code simultaneously exports binary function and redirects identification module and semantic generation indirectly to parameter identification module, Switch respectively Module, parameter identification module therefrom extract sequencing table and exported to semantic generation module, redirect identification module indirectly and therefrom carry Take out the indirect skip instructions of Switch and export to semantic generation module, semantic generation module and generated according to parameter identification module Parameter information, the simulation for carrying out binary function performs, and extracts semantic feature sequence therein and export to comparison module, than The semantic feature sequence that receives is compared by the way of it using sequence pair compared with module and exports Similarity value.
The present invention relates to more framework binary system similar codes detection methods of said system, including:
Step 1) pre-processes to binary code, obtains the assembly code and controlling stream graph of binary function, tool Body step includes:
1.1) dis-assembling:Use IDA Pro dis-assemblings code to be analyzed;
1.2) functional boundary identifies:The interface provided using IDAPython obtains the address of each function of code to be analyzed Section;
1.3) control flow graph obtains:The interface provided using IDAPython obtains each basic block address area of function Between and basic block between points relationship.
Step 2) function parameter identifies:The framework according to where binary function, entered according to corresponding calling convention record two Register where the parameter of function processed or the skew relative to stack pointer, then to register using register number as index order, Stack is offset using bias size as index order, specific steps include:
2.1):Travel through each paths in binary function controlling stream graph;
2.2):For every on the path instruction for including read operation, according to calling convention, if the target variable read is Parameter register or be the variable in stack frame parameter area, and the target variable was not defined before this path, then It is identified as register parameters or stack passes parameter, records the register number of register parameters or stack passes parameter and referred to respect to stack The skew of pin;
2.3):To the register number of record using number size as index order, the relative skew of parameter is passed to the stack of record Using bias size as index order.
The indirect jump target identifications of step 3) Switch:Redirected from the read-only data section identification of binary executable Table, and the indirect skip instruction of correspondence for being mapped to correlation function, specific steps include:
3.1):The read-only data section of binary executable is traveled through, if the numerical value of an address size points to code Section and its address quoted by code segment, then the numerical value is identified as the header element of jump list, afterwards the number of continuous address size As long as the Same Function of value sensing code segment is considered as the element in the jump list;
3.2):Every paths among control flow graph are traveled through, if refer to some jump list in certain path, it First redirects and is identified as the correspondence of the jump list and redirects indirectly indirectly afterwards, then records corresponding relation.
Step 4) binary code is translated:The binary code of different frameworks is shown as unified shape with intermediate language table Formula, i.e., each binary function static conversion is expressed into VEX-IR using the interface that PyVEX is provided.
Step 5) semantic feature generates:Simulation performs the VEX-IR expression of each binary function, and in simulation process In extract semantic feature in a manner of dynamic pitching pile.
Described semantic feature includes:Input and output value, condition compare numerical value, library function call record.
Described simulation performs, and firstly generates random number sequence, the function to compare shares.
Described simulation performs, and used parameter value is random number sequence, is identified according to the parameter obtained in step 2) As a result order carries out assignment.For each function, the assignment all since the first element of random number sequence.
Described simulation performs, and when running into when redirecting indirectly of Switch, chooses constant offset among corresponding jump list As jump target, guarantee continues simulation and performed for address.
Step 6) similarity system design, two for similarity system design are calculated by longest common subsequence (LCS) algorithm The semantic feature similarity of binary function, returns to Similarity value, and specific steps include:
6.1):For the semantic feature sequence of two functions to compare, the longest common subsequence of the two is calculated;
6.2):The Similarity value of two characteristic sequences is calculated using Jaccard coefficients, wherein, two sequences common factor length For previous step longest common subsequence length, union is two sequences length and subtracts longest common subsequence length.
Technique effect
Compared with prior art, the present invention is completely dependent on semantic feature, and has carefully considered the distribution of function parameter, subtracted Few negative effect redirected indirectly to static analysis, so other relative more framework similar codes detection schemes can ensure to imitate On the premise of rate, more accurately detect, orient the binary code of similar semantic.The present invention is in across framework binary code Clone context of detection worked relatively accuracy rate raising, more compiling options compiling binary codes clone context of detection it is relative The accuracy rate that worked improves, and is 10 seconds in average a pair of binary function match time orders of magnitude.
Brief description of the drawings
Fig. 1 is present system structural representation;
Fig. 2 is IA-32vsARM effect diagrams in embodiment;
Fig. 3 is IA-32vsMIPS effect diagrams in embodiment;
Fig. 4 is ARMvsMIPS effect diagrams in embodiment;
Fig. 5 is gccvsclang (IA-32) effect diagram in embodiment;
Fig. 6 is-O3vs-O0 (IA-32gcc) effect diagram in embodiment.
Embodiment
As shown in figure 1, the present embodiment includes:Pretreatment module, parameter identification module, identification module, semanteme are redirected indirectly Generation module and comparison module, wherein:Pretreatment module receives pending binary code and exports binary function difference To parameter identification module, indirectly identification module and semantic generation module are redirected, parameter identification module therefrom extracts sequencing table simultaneously Output redirects identification module and therefrom extracts indirect skip instruction and export to semanteme generation mould indirectly to semantic generation module Block, the simulation that semantic generation module carries out binary function by dynamic pitching pile performs, and it is defeated to extract semantic feature therein Go out to comparison module, comparison module and the semantic feature received is compared by the way of longest common subsequence algorithm alignment And Similarity value is exported by Jaccard coefficients.
The present embodiment is related to the detection method of said system, comprises the following steps:
1) assembly code of binary file to be detected is obtained using IDA Pro (disassemblers);
2) parameter information of each function of above binary code is obtained using IDAPython plug-in unit combinations automatized script And Switch structure jump list information.Wherein, function parameter recognizer is as follows:
3) for every instruction on the every paths of function:
3.1) when parameter on stack is read in the instruction, then recording address is offset relative to stack pointer;
3.2) when the instruction uses parameter register value, and the parameter register is not local register, then record should Register;
3.3) then it is local register by the register tagging when instruction rewriting parameter register value.
4) Switch jump targets identify:
4.1) the read-only data section of linear search binary executable, when one section of continuous address size numerical value is in generation In code address section, then it is assumed that this one piece of data is jump list, records first numerical value of the table as jump list first address;
4.2) using distance read each jump list first address instruct the indirect jump instruction of beeline be used as it is corresponding between Connect and redirect;
5) random number streams are generated, numerical value among random number streams is provided in order according to the parameter information of each function and simulation is held OK, when going to when redirecting indirectly of Switch structures, the jump target of particular offset is chosen.In implementation procedure is simulated, note The semantic feature of each function is recorded, including:Input and output value, condition compare numerical value and library function call record;
Similarity value and the output for participating in comparing binary function semantic feature are calculated using LCS algorithms.
Specific implementation sample includes:busybox v1.25.1,convert v6.9.2,curl v7.39,lua V5.2.3, mutt v1.5.24, openssl v1.0.1p, puttygen v0.64, siege v3.0.1 and wget v1.15.
Specific implementation environment is described as follows:
1) this is embodied on three main flow frameworks and realized:IA-32, ARM and MIPS, three frameworks are 32;
2) IA-32 binary files compile in the virtual machine of Ubuntu 12.04 (i386) position system, ARM and MIPS Binary file compiles in Debian 7.0 for the QEMU simulators of system;
3) in three above framework, each sample program uses two compilers of gcc v4.7.3 and clang v3.0 respectively With three compiling optimization option compilings of-O3 ,-O2 and-O0;
4) hardware configuration of analysis environments is:Intel Core i5-2320@3GHz (CPU), 8G DDR3-RAM (RAM)
Experimental data is as follows:
1) across framework binary code clone detection:Concrete outcome such as Fig. 2-Fig. 4, wherein Average Accuracy are 80.1%;
2) compile option compiling binary code clone's detection more:Concrete outcome such as Fig. 5-Fig. 6, wherein Fig. 5 average standard The Average Accuracy that true rate is 78.2%, Fig. 6 is 82.6%;
3) the matching used time of above empirical average each pair binary function is 5.2 seconds, parameter detecting and Switch brief introductions Jump target identification average 55.2 seconds used times.
Compared with the prior art:
1) compared with Multi-MH:According to document Jannik Pewny, Behrad Garmany, Robert Gawlik, Christian Rossow,and Thorsten Holz.2015.Cross-Architecture Bug Search in Binary Executables.In Proceedings of the 2015IEEE Symposium on Security and Method in Privacy (SP'15) .IEEE Computer Society, Washington, DC, USA, 709-724., In busybox (ARM vsIA-32) experiment, Multi-MH accuracy rate is 32.4%, and the present invention is 83.4%; In openssl (ARM vs MIPS) experiment, Multi-MH accuracy rate is 32.1%, and the present invention is 87.8%.
2) compared with BinGo:According to document Mahinthan Chandramohan, Yinxing Xue, Zhengzi Xu, Yang Liu,Chia Yuan Cho,and Hee Beng Kuan Tan.2016.BinGo:cross-architecture cross-OS binary search.In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering(FSE 2016).ACM, Method in New York, NY, USA, 678-689., in busybox (IA-32vs ARM) experiment, BinGo accuracy rate Less than 40%, and the accuracy rate of the present invention is 79.2%.
Above-mentioned specific implementation can by those skilled in the art on the premise of without departing substantially from the principle of the invention and objective with difference Mode local directed complete set is carried out to it, protection scope of the present invention is defined by claims and not by above-mentioned specific implementation institute Limit, each implementation in the range of it is by the constraint of the present invention.

Claims (10)

  1. A kind of 1. more framework binary system similar codes detecting systems, it is characterised in that including:Pretreatment module, parameter identification mould Block, Switch redirect identification module, semantic generation module and comparison module indirectly, wherein:Pretreatment module receives pending Binary code simultaneously exports binary function and redirects identification module and semantic generation indirectly to parameter identification module, Switch respectively Module, parameter identification module therefrom extract sequencing table and exported to semantic generation module, redirect identification module indirectly and therefrom carry Take out the indirect skip instructions of Switch and export to semantic generation module, semantic generation module and generated according to parameter identification module Parameter information, the simulation for carrying out binary function performs, and extracts semantic feature sequence therein and export to comparison module, than The semantic feature sequence that receives is compared by the way of it using sequence pair compared with module and exports Similarity value.
  2. A kind of 2. more framework binary system similar codes detection methods of system according to claim 1, it is characterised in that bag Include:
    Step 1) pre-processes to binary code, obtains the assembly code and controlling stream graph of binary function;
    Step 2) function parameter identifies:The framework according to where binary function, binary system letter is recorded according to corresponding calling convention Register where several parameters or the skew relative to stack pointer, then to register using register number as index order, to stack Skew is using bias size as index order;
    The indirect jump target identifications of step 3) Switch:Jump list is identified from the read-only data section of binary executable, and It is mapped to the indirect skip instruction of correspondence of correlation function;
    Step 4) binary code is translated:The binary code of different frameworks is shown as unified form with intermediate language table;
    Step 5) semantic feature generates:Simulation perform each binary function VEX-IR expression, and in simulation process with The mode of dynamic pitching pile extracts semantic feature;
    Step 6) similarity system design, two binary functions for similarity system design are calculated by longest common subsequence algorithm Semantic feature similarity, return Similarity value.
  3. 3. according to the method for claim 2, it is characterized in that, described step 1, specifically include:
    1.1) dis-assembling:Use IDA Pro dis-assemblings code to be analyzed;
    1.2) functional boundary identifies:The interface provided using IDAPython obtains the address section of each function of code to be analyzed;
    1.3) control flow graph obtains:The interface provided using IDAPython obtain each basic block address section of function with And points relationship between basic block.
  4. 4. according to the method for claim 2, it is characterized in that, described step 2, specifically include:
    2.1) each paths in binary function controlling stream graph are traveled through;
    2.2) for every on the path instruction for including read operation, according to calling convention, if the target variable read is parameter Register or be the variable in stack frame parameter area, and the target variable was not defined before this path, then was known Not Wei register parameters or stack pass parameter, record the register number of register parameters or stack pass parameter with respect to stack pointer Skew;
    2.3) to the register number of record using number size as index order, the relative skew of parameter is passed to the stack of record to offset Size is index order.
  5. 5. according to the method for claim 2, it is characterized in that, described step 3, specifically include:
    3.1) travel through the read-only data section of binary executable, if the numerical value of address size point to code segment and Its address is quoted by code segment, then the numerical value is identified as the header element of jump list, afterwards the numerical value of continuous address size The Same Function for pointing to code segment is considered as element in the jump list;
    3.2) every paths among control flow graph are traveled through, if refer to some jump list in certain path, afterwards the One redirects and is identified as the correspondence of the jump list and redirects indirectly indirectly, then records corresponding relation.
  6. 6. according to the method for claim 2, it is characterized in that, described step 4, in particular to:Connect using what PyVEX was provided Mouth expresses each binary function static conversion into VEX-IR.
  7. 7. method according to claim 1 or 2, it is characterized in that, described semantic feature includes:Input and output value, condition Compare numerical value, library function call record.
  8. 8. method according to claim 1 or 2, it is characterized in that, described simulation performs, and firstly generates random number sequence, Function to compare shares.
  9. 9. according to the method for claim 8, it is characterized in that, described simulation performs, and used parameter value is random number Sequence, assignment is carried out according to the parameter recognition result order obtained in step 2).For each function, all from random number sequence First element starts assignment;
    When running into when redirecting indirectly of Switch, the address of constant offset among corresponding jump list is chosen as jump target, is protected Card continues simulation and performed.
  10. 10. according to the method for claim 2, it is characterized in that, described step 6, specifically include:
    6.1) for the semantic feature sequence of two functions to compare, the longest common subsequence of the two is calculated;
    6.2) Similarity value of two characteristic sequences is calculated using Jaccard coefficients, wherein, two sequences common factor length is upper one Longest common subsequence length is walked, union is two sequences length and subtracts longest common subsequence length.
CN201710418775.4A 2017-06-06 2017-06-06 More framework binary system similar codes detecting systems and method Pending CN107357566A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710418775.4A CN107357566A (en) 2017-06-06 2017-06-06 More framework binary system similar codes detecting systems and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710418775.4A CN107357566A (en) 2017-06-06 2017-06-06 More framework binary system similar codes detecting systems and method

Publications (1)

Publication Number Publication Date
CN107357566A true CN107357566A (en) 2017-11-17

Family

ID=60271767

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710418775.4A Pending CN107357566A (en) 2017-06-06 2017-06-06 More framework binary system similar codes detecting systems and method

Country Status (1)

Country Link
CN (1) CN107357566A (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107967152A (en) * 2017-12-12 2018-04-27 西安交通大学 Software based on minimum individual path function birthmark locally plagiarizes evidence generation method
CN110990058A (en) * 2019-11-28 2020-04-10 中国人民解放军战略支援部队信息工程大学 Software similarity measurement method and device
CN111177733A (en) * 2019-12-30 2020-05-19 北京航空航天大学 A software patch detection method and device based on data flow analysis
CN111444506A (en) * 2020-05-22 2020-07-24 南京大学 Fine-grained classification and identification method for homologous malicious codes
CN112257068A (en) * 2020-11-17 2021-01-22 南方电网科学研究院有限责任公司 Program similarity detection method and device, electronic equipment and storage medium
CN113010209A (en) * 2020-10-19 2021-06-22 四川大学 Binary code similarity comparison technology for resisting compiling difference
CN113449856A (en) * 2020-03-27 2021-09-28 华为技术有限公司 Control flow graph processing method and related equipment
CN113703773A (en) * 2021-08-26 2021-11-26 北京计算机技术及应用研究所 NLP-based binary code similarity comparison method
CN113721928A (en) * 2021-11-02 2021-11-30 成都无糖信息技术有限公司 Binary analysis-based dynamic library clipping method
CN114035843A (en) * 2021-10-09 2022-02-11 北京天融信网络安全技术有限公司 Code clone detection method and detection device based on Seq2Seq model
CN114968324A (en) * 2022-04-15 2022-08-30 中国人民解放军战略支援部队信息工程大学 Comparison function identification system and identification method based on data stream characteristics
CN115113877A (en) * 2022-07-06 2022-09-27 上海交通大学 Cross-architecture binary code similarity detection method and system
CN115129320A (en) * 2022-06-17 2022-09-30 南京邮电大学 Indirect jump target address identification method and device based on loop invariance
CN115758164A (en) * 2022-10-12 2023-03-07 清华大学 Binary code similarity detection method, model training method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6282698B1 (en) * 1998-02-09 2001-08-28 Lucent Technologies Inc. Detecting similarities in Java sources from bytecodes
CN101315599A (en) * 2007-05-29 2008-12-03 北京航空航天大学 Source program similarity detection method and device
CN103064668A (en) * 2012-12-17 2013-04-24 山东中创软件商用中间件股份有限公司 File processing method and device
CN105868108A (en) * 2016-03-28 2016-08-17 中国科学院信息工程研究所 Instruction-set-irrelevant binary code similarity detection method based on neural network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6282698B1 (en) * 1998-02-09 2001-08-28 Lucent Technologies Inc. Detecting similarities in Java sources from bytecodes
CN101315599A (en) * 2007-05-29 2008-12-03 北京航空航天大学 Source program similarity detection method and device
CN103064668A (en) * 2012-12-17 2013-04-24 山东中创软件商用中间件股份有限公司 File processing method and device
CN105868108A (en) * 2016-03-28 2016-08-17 中国科学院信息工程研究所 Instruction-set-irrelevant binary code similarity detection method based on neural network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YIKUN HU, YUANYUAN ZHANG: ""Binary Code Clone Detection across Architectures and Compiling Configurations", 《ACM》 *

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107967152B (en) * 2017-12-12 2020-06-19 西安交通大学 Software local plagiarism evidence generation method based on minimum branch path function birthmarks
CN107967152A (en) * 2017-12-12 2018-04-27 西安交通大学 Software based on minimum individual path function birthmark locally plagiarizes evidence generation method
CN110990058A (en) * 2019-11-28 2020-04-10 中国人民解放军战略支援部队信息工程大学 Software similarity measurement method and device
CN111177733A (en) * 2019-12-30 2020-05-19 北京航空航天大学 A software patch detection method and device based on data flow analysis
CN111177733B (en) * 2019-12-30 2022-06-21 北京航空航天大学 Software patch detection method and device based on data flow analysis
CN113449856A (en) * 2020-03-27 2021-09-28 华为技术有限公司 Control flow graph processing method and related equipment
CN111444506A (en) * 2020-05-22 2020-07-24 南京大学 Fine-grained classification and identification method for homologous malicious codes
CN111444506B (en) * 2020-05-22 2023-08-18 南京大学 A fine-grained classification and identification method for homologous malicious code
CN113010209A (en) * 2020-10-19 2021-06-22 四川大学 Binary code similarity comparison technology for resisting compiling difference
CN112257068A (en) * 2020-11-17 2021-01-22 南方电网科学研究院有限责任公司 Program similarity detection method and device, electronic equipment and storage medium
CN113703773A (en) * 2021-08-26 2021-11-26 北京计算机技术及应用研究所 NLP-based binary code similarity comparison method
CN114035843A (en) * 2021-10-09 2022-02-11 北京天融信网络安全技术有限公司 Code clone detection method and detection device based on Seq2Seq model
CN113721928A (en) * 2021-11-02 2021-11-30 成都无糖信息技术有限公司 Binary analysis-based dynamic library clipping method
CN113721928B (en) * 2021-11-02 2022-01-18 成都无糖信息技术有限公司 Binary analysis-based dynamic library clipping method
CN114968324A (en) * 2022-04-15 2022-08-30 中国人民解放军战略支援部队信息工程大学 Comparison function identification system and identification method based on data stream characteristics
CN115129320A (en) * 2022-06-17 2022-09-30 南京邮电大学 Indirect jump target address identification method and device based on loop invariance
CN115129320B (en) * 2022-06-17 2024-05-24 南京邮电大学 A method and device for identifying indirect jump target address based on loop invariant
CN115113877A (en) * 2022-07-06 2022-09-27 上海交通大学 Cross-architecture binary code similarity detection method and system
CN115758164A (en) * 2022-10-12 2023-03-07 清华大学 Binary code similarity detection method, model training method and device

Similar Documents

Publication Publication Date Title
CN107357566A (en) More framework binary system similar codes detecting systems and method
Peng et al. Chained-tracker: Chaining paired attentive regression results for end-to-end joint multiple-object detection and tracking
Pei et al. Trex: Learning execution semantics from micro-traces for binary similarity
CN112733137B (en) Binary code similarity analysis method for vulnerability detection
Bao et al. {BYTEWEIGHT}: Learning to recognize functions in binary code
Carrara et al. LSTM-based real-time action detection and prediction in human motion streams
CN108334781B (en) Virus detection method, device, computer readable storage medium and computer equipment
CN103914657B (en) A kind of malware detection methods based on Function feature
CN111639344A (en) Vulnerability detection method and device based on neural network
CN110008703A (en) A system and method for static detection of malware in a container
CN109684803B (en) Human-machine verification method based on gesture sliding
CN111125716A (en) A method and device for detecting vulnerabilities in Ethereum smart contracts
CN106503558A (en) A kind of Android malicious code detecting methods that is analyzed based on community structure
CN110287702A (en) A binary vulnerability clone detection method and device
CN106227671A (en) Program analysis of running performance method and device
CN105184160A (en) API object calling relation graph based method for detecting malicious behavior of application program in Android mobile phone platform
Katz et al. Estimating types in binaries using predictive modeling
Oka et al. Marker-less piano fingering recognition using sequential depth images
Li et al. A consistently-executing graph-based approach for malware packer identification
CN115758164A (en) Binary code similarity detection method, model training method and device
Yang et al. Understand code style: Efficient cnn-based compiler optimization recognition system
CN115100739B (en) Man-machine behavior detection method, system, terminal device and storage medium
CN116401670A (en) Vulnerability patch existence detection method and system in passive code scene
CN110532776B (en) Android malicious software efficient detection method, system and medium based on runtime data analysis
CN117574375A (en) Source code vulnerability detection method based on composite program representation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171117