北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2012, Vol. 35 ›› Issue (3): 56-60.doi: 10.13190/jbupt.201203.56.357

• 论文 • 上一篇    下一篇

二进制文件同源性检测的结构化相似度计算

刘春红1,2,郭涛3,崔宝江2,王建新4   

  1. 1河南师范大学 计算机与信息技术学院, 河南 新乡 453007; 2北京邮电大学 计算机学院, 北京 100876; 3中国信息安全测评中心, 北京 100085; 4北京林业大学 信息学院, 北京 100083
  • 收稿日期:2011-08-14 修回日期:2011-10-18 出版日期:2012-06-28 发布日期:2012-02-29
  • 通讯作者: 崔宝江 E-mail:cuibj@bupt.edu.cn
  • 作者简介:刘春红(1969-),女,副教授 崔宝江(1973-),男,副教授,E-mail:cuibj@bupt.edu.cn
  • 基金资助:

    国家自然科学基金项目(61070207,90818021,61170268)

Similarity Computation for Executable Objects Homology Detection Based on Structural Signature

LIU Chun-hong1,2,GUO Tao3,CUI Bao-jiang2,WANG Jian-xin4   

  1. 1College of Computer and Information Technology, Henan Normal University, Henan Xinxiang 453007, China;2School of Computer Science and Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China;3China Information Technology Security Evaluation Center, Beijing 100085, China; 4School of Information of Science and Technology, Beijing Forestry University, Beijing 100083, China
  • Received:2011-08-14 Revised:2011-10-18 Online:2012-06-28 Published:2012-02-29

摘要:

提出了一种利用二进制文件的结构化信息进行软件同源性相似度计算的方法. 针对克隆软件的特点,设计了基本块签名,在文件-函数-基本块的层次化结构基础上,构建了基于基本块属性和结构化信息的基本块相似度度量,利用函数的结构化信息构建函数权重计算文件相似度,来衡量原文件和目标文件的同源性. 针对常见克隆手段进行测试,对所提出的加权相似度算法与不加权算法、主流二进制比对工具的检测结果进行对比. 结果表明,加权方法能更准确地衡量出2个文件的相似程度.

关键词: 二进制文件, 同源性检测, 结构化签名, 权重

Abstract:

A method of similarity computation for executable objects homology detection based on structural signature was proposed. At first step, considering the characteristic of clone code, a signature of basic code block was designed. On the basis of the hierarchical structure of filefunctionbasic code block, similarity measurement of basic code block was built based on its basic properties and structural information. At second step, to evaluate the homology between original and object files, the similarity was calculated through constructing function weight by means of function structural information. Aiming at the most common clone patterns, some experiments were conducted between the proposed method, the method without considering weight and some mainstream similarity detection tools. Comparative results demonstrate that the proposed method can measure the similarity of two executable objects more accurately than other methods.

Key words: executable objects, homologous detection, structural signature, weight

中图分类号: