Improving binary diffing speed and accuracy using community detection and locality-sensitive hashing: an empirical study

被引：0

作者：

Chariton Karamitas

Athanasios Kehagias

机构：

[1] Aristotle University of Thessaloniki,CENSUS S.A. Department of Electrical and Computer Engineering

[2] Aristotle University of Thessaloniki,Department of Electrical and Computer Engineering

来源：

Journal of Computer Virology and Hacking Techniques | 2023年 / 19卷

关键词：

Binary diffing; Community detection; Locality-sensitive hashing; Divide-and-conquer;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

Binary diffing is a commonly used technique for detecting syntactic and semantic similarities and/or differences between two programs’ binary executables (not source code). Here we present REveal, a binary diffing application. REveal is based on the detection of Function Call Graph (FCG) approximate isomorphism and improves both speed and accuracy, mainly by the use of two techniques. First, we propose the use of hierarchical Community Detection (CD) in executables’ FCGs, for the purpose of detecting groups of densely connected functions, thus partitioning them in smaller groups. Moreover, we use Locality-Sensitive Hashing (LSH) for further grouping of similar functions in hash buckets. Both techniques are used in a divide-and-conquer fashion to simplify the diffing process of the programs being compared, practically reducing it to diffing of their FCG communities and LSH buckets.

引用

页码：319 / 337

页数：18

共 38 条

[1]

Blondel VD(2008)Fast unfolding of communities in large networks J. Stat. Mech Theory Exp. 10 1008-154

[2]

Carter JL(1979)Universal classes of hash functions J. Comput. Syst. Sci. 18 143-317

[3]

Wegman MN(2013)Control flow-based malware variant detection IEEE Trans. Depend. Secure Comput. 11 307-16

[4]

Cesare S(2019)Neighbor similarity based agglomerative method for community detection in networks Complexity 1 1-20

[5]

Xiang Y(2016)Dynamic community detection in evolving networks using locality modularity optimization Soc. Netw. Anal. Min. 6 1-41

[6]

Zhou W(2007)Resolution limit in community detection Proc. Natl. Acad. Sci. 104 36-174

[7]

Cheng J(2010)Community detection in graphs Phys. Rep. 486 75-44

[8]

Cordeiro M(2016)Community detection in networks: a user guide Phys. Rep. 659 1-311

[9]

Sarmento RP(1988)Parallel algorithms for planar graph isomorphism and related problems IEEE Trans. Circuits Syst. 35 304-323

[10]

Gama J(2019)Function matching between binary executables: efficient algorithms and features J. Comput. Virol. Hack. Tech. 15 307-245

← 1 2 3 4 →