| 基于基本块签名和跳转关系的二进制文件比对技术 |
| |
| 引用本文: | 崔宝江,马丁,郝永乐,王建新.基于基本块签名和跳转关系的二进制文件比对技术[J].清华大学学报(自然科学版),2011(10):1351-1356. |
| |
| 作者姓名: | 崔宝江 马丁 郝永乐 王建新 |
| |
| 作者单位: | 北京邮电大学计算机学院;中国信息安全测评中心;北京林业大学信息学院; |
| |
| 基金项目: | 国家自然科学基金资助项目(6117026890818021) |
| |
| 摘 要: | 基于基本块签名和跳转关系的二进制文件结构化比对技术,对已有的二进制结构化比对算法进一步改进,提出一种基于基本块签名和基本块之间跳转关系的函数控制流图比对算法。即首先提取二进制文件反汇编后的函数控制流图信息,然后对图中的基本块进行签名匹配,在签名匹配的基础上再进一步利用邻接矩阵进行边匹配,最后利用匹配的基本块计算函数相似度和文件相似度,并开发出比对工具BinCompae。研究结果表明:相对于源码比对工具和几个常用的二进制补丁比对工具,针对常见的代码抄袭方式,BinCompae均能检测出99%以上的相似度;此外,BinCompare还能检测出语义不变,代码形式改变的抄袭方式。因此,基于基本块签名和跳转关系的结构化比对算法针对二进制文件比对具有很高的准确性和实用性。
|
| 关 键 词: | 二进制文件同源性检测 基本块签名 基本块跳转关系 函数控制流图 |
Comparison of executable objects based on block signatures and jump relations |
| |
| CUI Baojiang,MA Ding,HAO Yongle,WANG Jianxin.Comparison of executable objects based on block signatures and jump relations[J].Journal of Tsinghua University(Science and Technology),2011(10):1351-1356. |
| |
| Authors: | CUI Baojiang MA Ding HAO Yongle WANG Jianxin |
| |
| Institution: | CUI Baojiang1,2,MA Ding1,HAO Yongle2,WANG Jianxin3(1.School of Computer Science and Technology,Beijing University of Posts and Telecommunications,Beijing 100876,China,2.China Information Technology Security Evaluation Center,Beijing 100085,3.School of Information Science and Technology,Beijing Forestry University,Beijing 100083,China) |
| |
| Abstract: | The paper describes graph-based comparison of executable objects based on block signatures and jump relations.This paper describes an algorithm combining basic block signatures and basic block jump relations.The algorithm develops the function control flow graph after disassembly,then matches the block signatures and further matches the blocks using an adjacency matrix.The algorithm finally calculates the function and file similarity using a comparison tool.Tests demonstrate that the algorithm can detect mo... |
| |
| Keywords: | executable objects homology comparison block signature block jump relation function control flow graph |
| 本文献已被 CNKI 等数据库收录! |
|
