摘要
当前二进制文件比对技术主流是以BinDiff为代表的结构化比对方法,存在结构相似导致的误匹配、分析耗时较高的问题。针对该问题提出一种基于节点层次化、价值化的匹配方法。通过提取函数节点在函数调用图中的层次与函数在调用网络中的价值,对层次模糊的节点提供了节点层次估算算法,最后递归匹配节点。实验表明,该方法避免了结构相似导致的误匹配,其时耗低于结构化比对工具Bindiff的1/2,节点匹配数量减少在15%以内。该方法可有效提高嵌入式设备固件的跨版本相似性分析效率。
The existing methods of binary files comparison is mainly achieved by the comparison of structural directed graph, such as BinDiff, it has problems such as mismatch caused by structure similar and high time-consumption of analysis.A matching method based on node hierarchy and node value is proposed to solve this problem. By extracting the hierarchical and value information of the function node which in the function call graph, providing a node level estimation algorithm for nodes which hierarchical information is unclearly, it has matched nodes recursively in the end. Experiments show that this method avoids the mismatch caused by structural similarity, the time consumption is less than 1/2 of the time consumed by the structured matching tool BinDiff, and the reduction of matching nodes’ number less than 15%. This method can effectively improve the cross-version similarity analysis efficiency of the embedded device firmware.
出处
《计算机工程与应用》
CSCD
北大核心
2017年第21期144-150,共7页
Computer Engineering and Applications
基金
国家自然科学基金(No.61271252)
国家重点研发计划(No.2016YFB0801505
No.2016YFB0801601)
关键词
二进制文件比对
层次分析
节点价值
结构化图形
binary files comparison
hierarchical analysis
node value analysis
structural graphics
