中圖分類號(hào)：TP311.5
文獻(xiàn)標(biāo)識(shí)碼：A
DOI:10.19358/j.issn.2097-1788.2023.03.010
引用格式：熊敏，薛吟興，徐云.基于代碼嵌入的二進(jìn)制代碼相似性分析方法［J］.網(wǎng)絡(luò)安全與數(shù)據(jù)治理，2023,42(3):58-67.

A binary code similarity analysis method based on code embedding

Abstract： Code embedding utilizes neural network models to convert binary code into a vector, showing advantages in applications such as vulnerability searching. Existing methods represent functions as assembly instruction sequences, topology structures of control flow graphs, or several paths.However, none of them can overcome the interference produced by the structural changes in control flow graphs caused by different compilation environments.To this end, this paper designs a basic block tree (BBT)-based code representation and builds a corresponding code embedding model named BBTree.Firstly, the binary function is represented as a series of BBTs, and each BBT is processed into an instruction sequence Secondly, BBTree utilizes LSTM and Bi.GRU to convert the BBT.based code representation into a numerical vector Last, the distance between vectors is calculated to efficiently measure the similarity of corresponding functions. In code search, BBTree’s average accuracy rate is 24.8% higher than mainstream tools; in vulnerability search, BBTree’s average recall rate is 26.1% higher than mainstream tools.

Key words :