Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Software similarity measurement method and device

A similarity measurement and similarity technology, applied in the field of computer security, can solve the problems of indistinguishability, high false positive rate of similarity measurement methods, inability to effectively distinguish vulnerability functions and patch functions, etc., to achieve good application prospects and improve accuracy. Effect

Active Publication Date: 2020-04-10
PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
View PDF10 Cites 6 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, even for the same source software, different binary codes will be generated under different system architectures, compilers and optimization options, and there will inevitably be corresponding errors in the feature statistics of the software decompiled code directly; secondly, when using the similarity method for vulnerability mining , there is a situation where it is impossible to effectively distinguish between vulnerable functions and patched functions, because some vulnerable functions only perform dangerous function replacement or modify constraints to avoid the triggering conditions of the vulnerability when patching, which makes it difficult to identify them using ordinary similarity measurement methods. effective distinction
Due to the above reasons, the current similarity measurement methods generally have a high false positive rate.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Software similarity measurement method and device
  • Software similarity measurement method and device
  • Software similarity measurement method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to make the purpose, technical solution and advantages of the present invention more clear and understandable, the present invention will be further described in detail below in conjunction with the accompanying drawings and technical solutions.

[0033] In view of the fact that there is a relatively high false positive rate in the current field of software vulnerability mining, the embodiments of the present invention, see figure 1 As shown, a software similarity measurement method is provided, which includes the following content:

[0034] S101) For the binary program, the intermediate code is obtained through disassembly, and the intermediate code is normalized and standardized;

[0035] S102) Statistical function semantic features, filtering out the top M similar functions through coarse-grained similarity calculation, and adding them to the candidate function set;

[0036] S103) For the functions in the candidate function set, use the data flow dependency...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a software similarity measurement method and device. The method comprises the following steps: acquiring an intermediate code through disassembly for a binary program, and carrying out the normalization and standardization on the intermediate code; counting semantic features of functions, screening first M similarity functions through coarse-grained similarity calculation,and adding the first M similarity functions to a candidate function set; conducting backward slicing on the functions in the candidate function set through data flow dependence and program control flow, and acquiring a constraint derivation formula set used for representing key semantics of the functions; acquiring a final similarity score of the target function and the comparison function by comparing the constraint derivation formula set; and according to the similarity score, selecting the first N functions as expert verification analysis contents. According to the method, differences of programs under different system architectures, operating systems, compilers and optimization options are reduced by preprocessing codes, patch upgrading functions similar to vulnerability function semantics are screened out through extraction and comparison of a function constraint derivation formula, and accuracy is improved.

Description

technical field [0001] The invention belongs to the technical field of computer security, in particular to a method and device for measuring software similarity. Background technique [0002] Software similarity analysis is generally given an unknown software to determine whether its functions or code fragments have homology with known software or function libraries, which can be used for software vulnerability mining, software infringement, malicious code family analysis, etc. In the field of software vulnerability mining, usually given a known vulnerability, similarity measurement method is used to find dangerous functions similar to or associated with it in large-scale software, and the risk of software being attacked can be effectively reduced by analyzing it. Software similarity analysis is divided into static analysis and dynamic analysis. Static analysis usually refers to establishing a similarity matching model by analyzing the syntax and semantics of the target pro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F8/77G06F8/53
CPCG06F8/53G06F8/77
Inventor 庞建民周鑫郑建云单征李明亮岳峰刘福东李男刘晓楠
Owner PLA STRATEGIC SUPPORT FORCE INFORMATION ENG UNIV PLA SSF IEU
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com