Author:
Karamitas Chariton,Kehagias Athanasios
Abstract
AbstractBinary diffing is a commonly used technique for detecting syntactic and semantic similarities and/or differences between two programs’ binary executables (not source code). Here we present REveal, a binary diffing application. REveal is based on the detection of Function Call Graph (FCG) approximate isomorphism and improves both speed and accuracy, mainly by the use of two techniques. First, we propose the use of hierarchical Community Detection (CD) in executables’ FCGs, for the purpose of detecting groups of densely connected functions, thus partitioning them in smaller groups. Moreover, we use Locality-Sensitive Hashing (LSH) for further grouping of similar functions in hash buckets. Both techniques are used in a divide-and-conquer fashion to simplify the diffing process of the programs being compared, practically reducing it to diffing of their FCG communities and LSH buckets.
Funder
Aristotle University of Thessaloniki
Publisher
Springer Science and Business Media LLC
Subject
Computational Theory and Mathematics,Hardware and Architecture,Software,Computer Science (miscellaneous)
Reference43 articles.
1. Babai, L.: Graph isomorphism in quasipolynomial time. In: Proceedings of the Forty-Eighth Annual ACM Symposium on Theory of Computing, pp. 684–697 (2016)
2. BinDiff, Z.: https://www.zynamics.com/bindiff.html
3. Blondel, V.D., et al.: Fast unfolding of communities in large networks. J. Stat. Mech Theory Exp. 10, 1008 (2008)
4. Broder, A.Z.: On the resemblance and containment of documents. In: Proceedings of Compression and Complexity of Sequences (CCCS’97), pp. 21–29 (1997)
5. Carter, J.L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18, 143–154 (1979)