PDG2Vec: Identify the Binary Function Similarity with Program Dependence Graph

Yuntao Zhang, Yanhao Wang, Yuwei Liu, Zhengyuan Pang, B. Fang
{"title":"PDG2Vec: Identify the Binary Function Similarity with Program Dependence Graph","authors":"Yuntao Zhang, Yanhao Wang, Yuwei Liu, Zhengyuan Pang, B. Fang","doi":"10.1109/QRS57517.2022.00061","DOIUrl":null,"url":null,"abstract":"Binary code similarity identification is an important technique applied to many security applications (e.g., plagiarism detection, bug search). The primary challenge of this research topic is how to extract sufficient information from the binary code for similarity comparison. Although numerous approaches have been proposed to address the challenge, most of them leverage features determined by human experience or extracted using machine learning methods and ignore some critical technique semantic information. Additionally, they assess their approach exclusively in laboratory environments and lack real-world datasets. Both problems lead to the limited effectiveness of these methods in real application scenarios (e.g., vulnerable function search).In this paper, we propose a novel approach PDG2Vec, which extracts the data dependence graph and control dependence graph (i.e., program dependence graph (PDG)) as the features of functions and uses them for identifying function similarity. Meanwhile, we design several strategies to optimize the PDG’s construction and use them in similarity comparison to balance time-consuming and accuracy. We implement the prototype of PDG2Vec, which can perform binary code similarity comparison across architectures of x86, x86_64, MIPS32, ARM32, and ARM64. We evaluate PDG2Vec with two datasets. The experimental results show that PDG2Vec is resilient to cross-architecture and extracts more precise semantics than other approaches. Moreover, PDG2Vec outperforms the state-of-the-art tools in the vulnerable function search scenario and has excellent performance.","PeriodicalId":143812,"journal":{"name":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE 22nd International Conference on Software Quality, Reliability and Security (QRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS57517.2022.00061","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Binary code similarity identification is an important technique applied to many security applications (e.g., plagiarism detection, bug search). The primary challenge of this research topic is how to extract sufficient information from the binary code for similarity comparison. Although numerous approaches have been proposed to address the challenge, most of them leverage features determined by human experience or extracted using machine learning methods and ignore some critical technique semantic information. Additionally, they assess their approach exclusively in laboratory environments and lack real-world datasets. Both problems lead to the limited effectiveness of these methods in real application scenarios (e.g., vulnerable function search).In this paper, we propose a novel approach PDG2Vec, which extracts the data dependence graph and control dependence graph (i.e., program dependence graph (PDG)) as the features of functions and uses them for identifying function similarity. Meanwhile, we design several strategies to optimize the PDG’s construction and use them in similarity comparison to balance time-consuming and accuracy. We implement the prototype of PDG2Vec, which can perform binary code similarity comparison across architectures of x86, x86_64, MIPS32, ARM32, and ARM64. We evaluate PDG2Vec with two datasets. The experimental results show that PDG2Vec is resilient to cross-architecture and extracts more precise semantics than other approaches. Moreover, PDG2Vec outperforms the state-of-the-art tools in the vulnerable function search scenario and has excellent performance.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
PDG2Vec:用程序依赖图识别二值函数相似度
二进制代码相似度识别是应用于许多安全应用(如抄袭检测、错误搜索)的一项重要技术。本课题的主要挑战是如何从二进制码中提取足够的信息进行相似性比较。尽管已经提出了许多方法来解决这一挑战,但大多数方法都利用了由人类经验确定的特征或使用机器学习方法提取的特征,而忽略了一些关键的技术语义信息。此外,他们仅在实验室环境中评估他们的方法,缺乏真实世界的数据集。这两个问题导致这些方法在实际应用场景(如脆弱函数搜索)中的有效性有限。在本文中,我们提出了一种新的方法PDG2Vec,该方法提取数据依赖图和控制依赖图(即程序依赖图(PDG))作为函数的特征,并利用它们来识别函数的相似性。同时,我们设计了几种策略来优化PDG的构建,并将它们用于相似度比较,以平衡耗时和准确性。我们实现了PDG2Vec原型,它可以跨x86、x86_64、MIPS32、ARM32和ARM64架构进行二进制代码相似性比较。我们用两个数据集评估PDG2Vec。实验结果表明,PDG2Vec具有较强的跨架构适应性,提取的语义比其他方法更精确。此外,PDG2Vec在脆弱函数搜索场景中优于最先进的工具,具有优异的性能。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Continuous Usability Requirements Evaluation based on Runtime User Behavior Mining Fine-Tuning Pre-Trained Model to Extract Undesired Behaviors from App Reviews An Empirical Study on Source Code Feature Extraction in Preprocessing of IR-Based Requirements Traceability Predictive Mutation Analysis of Test Case Prioritization for Deep Neural Networks Conceptualizing the Secure Machine Learning Operations (SecMLOps) Paradigm
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1