Binary Code Clone Detection across Architectures and Compiling Configurations

Hu, Yikun; Zhang, Yuanyuan; Li, Juanru; Gu, Dawu

doi:10.1109/icpc.2017.22

Cited by 65 publications

(36 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…use the control flow graph and hashed signatures of its basic blocks, as created by statically analyzing their input/output behavior, to find buggy or vulnerable code clones in binary code across architectures [24]. Similarly, semantic signatures are extracted for functions by emulating their execution in [25], to detect cloned functions in binary code. Instrumentation is used in [26] to create dynamic instruction graphs, which are searched for isomorphic subgraphs to find function clones.…”

Section: ) Semantic Methods: Instead Of Comparing Syntacticalmentioning

confidence: 99%

Detection of Similar Functions Through the Use of Dominator Information

Schafer

Amme

Heinze

2020

2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)

View full text Add to dashboard Cite

The detection of code clones is an important technique for finding malware and malicious code. Many existing methods work on source code to detect code clones. Recent work in this area has started to focus on the analysis of compiled code to find malicious code. We introduce a new method to detect code clones using Java bytecode and control flow information from dominator trees. A prototype implementation was developed and compared with the state-of-the-art clone detector NiCad to evaluate the basic functionality of the method. First experiments have shown that the method can reliably find Type 1 and Type 2 clones and even find additional clones.

show abstract

Section: ) Semantic Methods: Instead Of Comparing Syntacticalmentioning

confidence: 99%

Detection of Similar Functions Through the Use of Dominator Information

Schafer

Amme

Heinze

2020

2020 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)

View full text Add to dashboard Cite

show abstract

“…The accuracy of CACompare thus affects the performance of BINPATCH. CACompare cannot locate the inlined functions, which is still an issue for the topic [9], [17], [27], [55]. As a result, BINPATCH is unable to patch the binary functions which are inlined into their callers.…”

Section: B Function Inliningmentioning

confidence: 99%

“…Therefore, they are ineffective in comparing code compiled with different configurations in this paper. More recently, BinGo [9], CACompare [27], and IMF-sim [71] are proposed to detect similar binary code as well. Besides, BinShape [61] and BinSequence [28] are proposed to measure the similarity of binary function accurately and efficiently.…”

Section: B Binary Code Similarity Comparisonmentioning

confidence: 99%

Automatically Patching Vulnerabilities of Binary Programs via Code Transfer From Correct Versions

Zhang

2019

IEEE Access

Self Cite

View full text Add to dashboard Cite

The security of binary programs is significantly threatened by software vulnerabilities. When vulnerabilities are found, those applications are exposed to malicious attacks that exploit the known vulnerabilities. Thus, it is necessary to patch them when vulnerabilities are reported to the public as soon as possible. However, it still heavily relies on manual work to locate and correct the corresponding defective code in the binary programs. In order to raise productivity and ensure software security, it becomes imperative to automate the process. In this paper, we propose BINPATCH to automatically patch known vulnerabilities of binary programs. It first locates the defective function, which contains the vulnerability, via similar code comparison. Then, it reuses the corresponding code from the correct version of the defective function as the patch code and inserts it to the defective function via binary rewriting. BINPATCH is evaluated on eight real-world vulnerabilities, and the experimental results show that it is able to not only locate the defective code effectively but also patch the code correctly. INDEX TERMS Reverse engineering, binary code patching, binary program analysis, software security.

show abstract

“…Multi-MH [34], discovRE [12], Genius [13] are proposed to detect known vulnerabilities and bugs in multiarchitecture binaries via code clone analysis. BinGo [6] and CACompare [19] are proposed to analyze the similarity of binary code across architectures as well. However, discovRE and Genius still depend heavily on the CFG of a binary function.…”

Section: Related Workmentioning

confidence: 99%

BinMatch: A Semantics-Based Hybrid Approach on Binary Code Clone Analysis

Zhang

et al. 2018

2018 IEEE International Conference on Software Maintenance and Evolution (ICSME)

Self Cite

View full text Add to dashboard Cite

Binary code clone analysis is an important technique which has a wide range of applications in software engineering (e.g., plagiarism detection, bug detection). The main challenge of the topic lies in the semantics-equivalent code transformation (e.g., optimization, obfuscation) which would alter representations of binary code tremendously. Another challenge is the trade-off between detection accuracy and coverage. Unfortunately, existing techniques still rely on semantics-less code features which are susceptible to the code transformation. Besides, they adopt merely either a static or a dynamic approach to detect binary code clones, which cannot achieve high accuracy and coverage simultaneously.In this paper, we propose a semantics-based hybrid approach to detect binary clone functions. We execute a template binary function with its test cases, and emulate the execution of every target function for clone comparison with the runtime information migrated from that template function. The semantic signatures are extracted during the execution of the template function and emulation of the target function. Lastly, a similarity score is calculated from their signatures to measure their likeness. We implement the approach in a prototype system designated as BINMATCH which analyzes IA-32 binary code on the Linux platform. We evaluate BINMATCH with eight real-world projects compiled with different compilation configurations and commonly-used obfuscation methods, totally performing over 100 million pairs of function comparison. The experimental results show that BINMATCH is robust to the semantics-equivalent code transformation. Besides, it not only covers all target functions for clone analysis, but also improves the detection accuracy comparing to the state-of-the-art solutions.

show abstract

Binary Code Clone Detection across Architectures and Compiling Configurations

Cited by 65 publications

References 24 publications

Detection of Similar Functions Through the Use of Dominator Information

Detection of Similar Functions Through the Use of Dominator Information

Automatically Patching Vulnerabilities of Binary Programs via Code Transfer From Correct Versions

BinMatch: A Semantics-Based Hybrid Approach on Binary Code Clone Analysis

Contact Info

Product

Resources

About