摘要
二进制函数相似性检测是检测软件中已知安全漏洞的一种重要手段,随着物联网设备急剧增长,越来越多的软件被编译到不同指令集架构的平台上运行,因此基于二进制的跨平台相似性检测方法更具通用性。针对目前基于深度神经网络的跨平台相似性检测方法只能在基本块粒度进行相似性比对的不足,基于神经机器翻译的思想,提出一个通用的跨指令集架构的二进制函数相似性检测框架BFS,在函数粒度上通过无监督学习的方法自动捕获二进制函数的语义信息,生成二进制函数的嵌入向量。实验结果表明,BFS的P@10评价指标在88.0%以上,相较于现有方法提升了10.6百分点,并且能够有效检测出路由器固件中的已知真实漏洞。充分说明BFS检测框架在对二进制函数进行嵌入时,不仅能够保留较多原始语义信息,同时能够消除不同指令集架构以及编译优化选项的影响。
Binary function similarity detection is an important method for detecting known security vulnerabilities in software.With the rapid growth of IoT devices,more and more software run on platforms with different instruction set architectures.Thus,cross-platform binary code similarity detection is more versatile.The current cross-platform similarity detection methods based on deep neural networks can only perform similarity comparison at the basic block granularity.Inspired by neural machine translation,a universal cross-platform binary function similarity detection framework BFS is proposed,which automatically captures the semantic information of the binary function through unsupervised learning at the function granularity,and generates the embedding of the binary function.The experimental results show that the P@10 evaluation metric of BFS is above 88.0%,which is 10.6 percentage point higher than the existing method,and it can effectively detect the real known vulnerabilities in the router firmware.It fully shows that the BFS detection framework can not only retain more original semantic information when generating the embedding of binary function,but also eliminate the influence of different instruction set architectures and compilation optimization options.
作者
陈斌
刘胜利
胡安祥
杨启超
CHEN Bin;LIU Shengli;HU Anxiang;YANG Qichao(State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China)
出处
《信息工程大学学报》
2021年第6期675-682,共8页
Journal of Information Engineering University
基金
国家重点研发计划资助项目(2019QY1300)
科技委基础加强资助项目(2019-JCJQ-ZD-113)。
关键词
二进制代码
相似性检测
跨平台
漏洞搜索
神经机器翻译
binary code
similarity detection
cross-platform
bug search
neural machine translation
