中图分类号：TP311.5
文献标识码：A
DOI:10.19358/j.issn.2097-1788.2023.03.010
引用格式：熊敏，薛吟兴，徐云.基于代码嵌入的二进制代码相似性分析方法［J］.网络安全与数据治理，2023,42(3):58-67.

A binary code similarity analysis method based on code embedding

Abstract： Code embedding utilizes neural network models to convert binary code into a vector, showing advantages in applications such as vulnerability searching. Existing methods represent functions as assembly instruction sequences, topology structures of control flow graphs, or several paths.However, none of them can overcome the interference produced by the structural changes in control flow graphs caused by different compilation environments.To this end, this paper designs a basic block tree (BBT)-based code representation and builds a corresponding code embedding model named BBTree.Firstly, the binary function is represented as a series of BBTs, and each BBT is processed into an instruction sequence Secondly, BBTree utilizes LSTM and Bi.GRU to convert the BBT.based code representation into a numerical vector Last, the distance between vectors is calculated to efficiently measure the similarity of corresponding functions. In code search, BBTree’s average accuracy rate is 24.8% higher than mainstream tools; in vulnerability search, BBTree’s average recall rate is 26.1% higher than mainstream tools.

Key words :