中圖分類號：TP311.5
文獻標識碼：A
DOI:10.19358/j.issn.2097-1788.2023.03.010
引用格式：熊敏，薛吟興，徐云.基于代碼嵌入的二進制代碼相似性分析方法［J］.網絡安全與數據治理，2023,42(3):58-67.

A binary code similarity analysis method based on code embedding

Abstract： Code embedding utilizes neural network models to convert binary code into a vector, showing advantages in applications such as vulnerability searching. Existing methods represent functions as assembly instruction sequences, topology structures of control flow graphs, or several paths.However, none of them can overcome the interference produced by the structural changes in control flow graphs caused by different compilation environments.To this end, this paper designs a basic block tree (BBT)-based code representation and builds a corresponding code embedding model named BBTree.Firstly, the binary function is represented as a series of BBTs, and each BBT is processed into an instruction sequence Secondly, BBTree utilizes LSTM and Bi.GRU to convert the BBT.based code representation into a numerical vector Last, the distance between vectors is calculated to efficiently measure the similarity of corresponding functions. In code search, BBTree’s average accuracy rate is 24.8% higher than mainstream tools; in vulnerability search, BBTree’s average recall rate is 26.1% higher than mainstream tools.

Key words :