| As one of the most fundamental and critical techniques in software vulnerability searching and software copyright protection,software similarity detection has received tremendous attention and has been extensively studied ever since the beginning of information technology era.And source-code based methods with their intrinsic access to the source code which has abundant semantic information,has been proved to be able to cope with some practical demands with simple syntax or grammatical analysis.However,under more real-world situations,the availability of source code cannot always be depended on,furthermore,the run-time information,which is crucial to many virus and vulnerability detections,is lost with source code alone.So in recent years,increasing attention has been paid to binary executable based code similarity detection.Traditional static binary executable similarity detection which was largely borrowed from source code method is very sensitive to the structural change,thus leading to a drawback in precision when it comes to binary code.Our fuzz-testing based binary executables similarity detection has a very strong resistance towards code obfuscation compared to the static methods.This makes it more fit for the binaries generated from different compilers even different platforms.Also,it out-performs the static methods in terms of mutated virus detection.Specifically speaking,Sim-Fuzz captures the run-time behaviors of the program e.g.memory access,library calls to use them as the features of the program.Then LCS(Longest Common Subsequence)turns these run-time behaviors into a fix-length vector in order to put them into a SVM(Support Vector Machine)to get the final prediction i.e.the confidence level of how similar the binaries are.The experiment results show that,Sim-Fuzz not only out-performs the state-of-the-art static detection methods in terms of accuracy by 20%,it also has advantages over the current dynamic methods in terms of speed by 31% and accuracy. |
PDF Full Text Request