A Lightweight Cross-Version Binary Code Similarity Detection Based on Similarity and Correlation Coefficient Features

Guo, Hui; Huang, Shuguang; Huang, Cheng; Zhang, Min; Pan, Zhengqiang; Shi, Fan; Huang, Hui; Hu, Donghui; Wang, Xiaoping

doi:10.1109/access.2020.3004813

Cited by 10 publications

(7 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We particularly focus on features and datasets used in those studies, which lead us to four underexplored research questions that we will discuss in §2.3; our goal is to investigating these research questions by conducting a series of rigorous experiments. Because of the space limit, we excluded papers [43], [44], [45], [46], [47], [48], [49], [50], [51], [52], [53] that were published before 2014 and those not regarding top-tier venues, or binary diffing tools [54], [55], [56] used in the industry. Additionally, we excluded papers that aimed to address a specific research problem such as malware detection, library function identification, or patch identification.…”

Section: Scopementioning

confidence: 99%

See 1 more Smart Citation

Revisiting Binary Code Similarity Analysis Using Interpretable Feature Engineering and Lessons Learned

Kim

Kil

et al. 2023

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Binary code similarity analysis (BCSA) is widely used for diverse security applications, including plagiarism detection, software license violation detection, and vulnerability discovery. Despite the surging research interest in BCSA, it is significantly challenging to perform new research in this field for several reasons. First, most existing approaches focus only on the end results, namely, increasing the success rate of BCSA, by adopting uninterpretable machine learning. Moreover, they utilize their own benchmark, sharing neither the source code nor the entire dataset. Finally, researchers often use different terminologies or even use the same technique without citing the previous literature properly, which makes it difficult to reproduce or extend previous work. To address these problems, we take a step back from the mainstream and contemplate fundamental research questions for BCSA. Why does a certain technique or a certain feature show better results than the others? Specifically, we conduct the first systematic study on the basic features used in BCSA by leveraging interpretable feature engineering on a large-scale benchmark. Our study reveals various useful insights on BCSA. For example, we show that a simple interpretable model with a few basic features can achieve a comparable result to that of recent deep learning-based approaches. Furthermore, we show that the way we compile binaries or the correctness of underlying binary analysis tools can significantly affect the performance of BCSA. Lastly, we make all our source code and benchmark public and suggest future directions in this field to help further research.

show abstract

Section: Scopementioning

confidence: 99%

“…Program properties can also be directly used as a feature. The most straightforward approach involves directly comparing the raw bytes of binaries [6], [53], [75]. However, people tend to not consider this approach because byte-level matching is not as robust compared to simple code modifications.…”

Section: Presemantic Featuresmentioning

confidence: 99%

Revisiting Binary Code Similarity Analysis Using Interpretable Feature Engineering and Lessons Learned

Kim

Kil

et al. 2023

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

“…Recently, Gu et al. established a Malware detection method using transformer‐based binary code embedding to calculate code similarity and detect malicious code [32].…”

Section: Related Workmentioning

confidence: 99%

Robust Malware identification via deep temporal convolutional network with symmetric cross entropy learning

et al. 2023

View full text Add to dashboard Cite

Recent developments in the field of Internet of things (IoT) have aroused growing attention to the security of smart devices. Specifically, there is an increasing number of malicious software (Malware) on IoT systems. Nowadays, researchers have made many efforts concerning supervised machine learning methods to identify malicious attacks. High-quality labels are of great importance for supervised machine learning, but noises widely exist due to the non-deterministic production environment. Therefore, learning from noisy labels is significant for machine learning-enabled Malware identification. In this study, motivated by the symmetric cross entropy with satisfactory noise robustness, the authors propose a robust Malware identification method using temporal convolutional network (TCN). Moreover, word embedding techniques are generally utilised to understand the contextual relationship between the input operation code (opcode) and application programming interface function names. Here, considering the numerous unlabelled samples in real-world intelligent environments, the authors pre-train the TCN model on an unlabelled set using a word embedding method, that is, Word2Vec. In the experiments, the proposed method is compared with several traditional statistical methods and more recent neural networks on a synthetic Malware dataset and a realworld dataset. The performance comparisons demonstrate the better performance and noise robustness of their proposed method, especially that the proposed method can yield the best identification accuracy of 98.75% in real-world scenarios.

show abstract

“…While it can be extracted efficiently, the original binary bytes produced by the same source code may vary significantly after undergoing different compilation processes, resulting in poor robustness. ACCESS2020 [40] employs a direct approach to extract the raw binary bytes and transforms them into vectors and signals for similarity analysis.…”

Section: Feature Typementioning

confidence: 99%

A Review of Deep Learning-Based Binary Code Similarity Analysis

Du,

Wei,

Wang

et al. 2023

Electronics

View full text Add to dashboard Cite

Against the backdrop of highly developed software engineering, code reuse has been widely recognized as an effective strategy to significantly alleviate the burden of development and enhance productivity. However, improper code citation could lead to security risks and license issues. With the source codes of many pieces of software being difficult to obtain, binary code similarity analysis (BCSA) has been extensively implemented in fields such as bug search, code clone detection, and patch analysis. This research selects 39 papers on BCSA from top-tier and emerging conferences within artificial intelligence, network security, and software engineering from 2016 to 2022 for deep analysis. The central focus lies on methods utilizing deep learning technologies, detailing a thorough summary and the arrangement of the application and implementation specifics of various deep learning technologies. Furthermore, this study summarizes the research patterns and development trends in this field, thereby proposing potential directions for future research.

show abstract

A Lightweight Cross-Version Binary Code Similarity Detection Based on Similarity and Correlation Coefficient Features

Cited by 10 publications

References 26 publications

Revisiting Binary Code Similarity Analysis Using Interpretable Feature Engineering and Lessons Learned

Revisiting Binary Code Similarity Analysis Using Interpretable Feature Engineering and Lessons Learned

Robust Malware identification via deep temporal convolutional network with symmetric cross entropy learning

A Review of Deep Learning-Based Binary Code Similarity Analysis

Contact Info

Product

Resources

About