Fast Comparison Of Executable Objects Based On Function Attribute

Binary file matching technology is mainly used in software homogeneity detection,software security analysis and software information transplantation and other different fields.Traditional binary file comparison technology is divided into byte-level comparison and compilation of instruction-level comparison of two categories.The comparison method based on byte content is only applicable to comparison of several byte changes due to lack of understanding of program semantics and structure.The comparison method based on assembly instruction overcomes the shortcomings of the former,and proposes a structured comparison technique based on function signature,which improves the accuracy of the comparison result.The problem of inconsistency of instruction sequence caused by compiling optimization is solved,and some new problems are brought out,such as the problem of low efficiency and the inaccuracy of matching result in the comparison of large-scale software.At the same time,the current binary comparison method only concerned about the similarity between the results of the function,while ignoring the structural characteristics of the file,the description of the file similarity is not perfect.In this paper,we focus on two key issues in binary file matching.On the one hand,two new algorithms are proposed to improve the time efficiency and the accuracy of the results.On the other hand,a scheme of file similarity calculation is proposed,which takes into account the structural characteristics of files and the internal functions Similarity relationship.The main results are as follows:1.Aiming at the problem of time efficiency,this paper proposes a similarity function query algorithm based on SimHash.The experiment shows that the algorithm can guarantee the accuracy rate of more than 90%(the correct result is less than 10%).A substantial reduction,the average reduction in more than 25 times.2.A heuristic matching algorithm based on function attributes is proposed.The signature of the function is extended,and the signature distance formula is designed according to the signature feature.At the same time,a heuristic matching mechanism is designed to solve the problem that the iterative times of stable matching is large.3.A similarity computing method is proposed,which takes into account the structural characteristics of the file and the similarity between the functions.So that the description of the file similarity can reflect the actual situation of the file more.Experiments show that the proposed algorithm improves the time efficiency of file comparison(1.3 to 8.3 times),while improving the accuracy of the comparison results.This paper is an important part of the National Natural Science Foundation of China(61472437),which has a certain impetus to the development of the binary file comparison.