Binary code similarity detection method and system based on graph matching network

Abstract

The invention discloses a binary code similarity detection method and system based on a graph matching network. The method of the invention includes obtaining a pair of programs to be tested, and disassembling the program to be tested to obtain an inter-process control flow graph ICFG and its instructions; Obtain the initial feature embedding of the basic blocks in the inter-procedural control flow graph ICFG of the program to be tested; obtain the final embedding of the inter-procedural control flow graph ICFG of the program pair under test through the graph matching neural network h G1 and h G2 ; Compute the final embedding of the interprocedural control flow graph ICFG of the program pair under test in the vector space h G1 and h G2 The similarity between them is taken as the similarity detection result of the program pair to be tested. The present invention obtains the final embedding of the inter-procedural control flow graph ICFG of the program pair to be tested through the graph matching neural network, which can obtain rich semantic representations, thereby effectively improving the detection accuracy rate, and has an important foundation for binary-based code security analysis effect.

Description

Technical field [0001] The present invention belongs to the field of Internet security, and specifically, the present invention relates to a binary code similarity detection method and system based on the map matching network. Background technique [0002] Similarity of binary code detection has important applications in many computer system safety of people's livelihood, such as vulnerability, software plagiarism, malware detection, code reconstruction, etc. With the rapid application of the Internet of Things, modern military equipment equipment, large scientific research equipment, civilian power, transportation, petrochemical, manufacturing industries have more and more dependent on information control system, the malware Problems such as code and vulnerabilities have become an important challenge for information system security. In particular, a single error of the source code level may spread on the device of hundreds or more different hardware architecture and software pla...

AI Technical Summary

Problems solved by technology

[0004] Although binary code similarity detection based on graph representation learning has many advantages, there are three main limitations: 1) Lexical representation problem

Existing instruction-level embeddings, whether using artificial feature extraction or pre-training methods based on natural language processing, usually treat the entire instruction or part of the instruction (opcode, operand) as a word for processing, ignoring the lack of vocabulary (OOV ) problem, which leads to instruction-level data embedding very close to the origin and lack of data flow confusion robustness; 2) scalability problem; 3) existing methods cannot meet the large-grained program-level comparison requirements

Images