Binary Similarity Analysis for Vulnerability Detection

Zeming Tai; Hironori Washizaki; Yoshiaki Fukazawa; Yurie Fujimatsu; Jun Kanai

doi:10.1109/COMPSAC48688.2020.0-110

Binary Similarity Analysis for Vulnerability Detection

Zeming Tai, Hironori Washizaki, Yoshiaki Fukazawa, Yurie Fujimatsu, Jun Kanai

基幹理工学部

研究成果: Conference contribution

1 被引用数 (Scopus)

抄録

Binary similarity has been widely used in function recognition and vulnerability detection. How to define a proper similarity is the key element in implementing a fast detection method. We proposed a scalable method to detect binary vulnerabilities based on similarity. Procedures lifted from binaries are divided into several comparable strands by data dependency, and those strands are transformed into a normalized form by our tool named VulneraBin, so that similarity can be determined between two procedures through a hash value comparison. The low computational complexity allows semantically equivalent code to be identified in binaries compiled from million lines of source code in a fast and accurate way.

本文言語	English
ホスト出版物のタイトル	Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020
編集者	W. K. Chan, Bill Claycomb, Hiroki Takakura, Ji-Jiang Yang, Yuuichi Teranishi, Dave Towey, Sergio Segura, Hossain Shahriar, Sorel Reisman, Sheikh Iqbal Ahamed
出版社	Institute of Electrical and Electronics Engineers Inc.
ページ	1121-1122
ページ数	2
ISBN（電子版）	9781728173030
DOI	https://doi.org/10.1109/COMPSAC48688.2020.0-110
出版ステータス	Published - 2020 7月
イベント	44th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2020 - Virtual, Madrid, Spain 継続期間: 2020 7月 13 → 2020 7月 17

出版物シリーズ

名前	Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020

Conference

Conference	44th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2020
国/地域	Spain
City	Virtual, Madrid
Period	20/7/13 → 20/7/17

ASJC Scopus subject areas

人工知能
コンピュータネットワークおよび通信
コンピュータサイエンスの応用
ハードウェアとアーキテクチャ
ソフトウェア
教育

文献へのアクセス

10.1109/COMPSAC48688.2020.0-110

他のファイルとリンク

引用スタイル

Tai, Z., Washizaki, H., Fukazawa, Y., Fujimatsu, Y., & Kanai, J. (2020). Binary Similarity Analysis for Vulnerability Detection. In W. K. Chan, B. Claycomb, H. Takakura, J-J. Yang, Y. Teranishi, D. Towey, S. Segura, H. Shahriar, S. Reisman, & S. I. Ahamed (Eds.), Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020 (pp. 1121-1122). Article 9201918 (Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/COMPSAC48688.2020.0-110

Binary Similarity Analysis for Vulnerability Detection. / Tai, Zeming; Washizaki, Hironori ; Fukazawa, Yoshiaki その他.
Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020. ed. / W. K. Chan; Bill Claycomb; Hiroki Takakura; Ji-Jiang Yang; Yuuichi Teranishi; Dave Towey; Sergio Segura; Hossain Shahriar; Sorel Reisman; Sheikh Iqbal Ahamed. Institute of Electrical and Electronics Engineers Inc., 2020. p. 1121-1122 9201918 (Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020).

研究成果: Conference contribution

Tai, Z, Washizaki, H , Fukazawa, Y, Fujimatsu, Y & Kanai, J 2020, Binary Similarity Analysis for Vulnerability Detection. in WK Chan, B Claycomb, H Takakura, J-J Yang, Y Teranishi, D Towey, S Segura, H Shahriar, S Reisman & SI Ahamed (eds), Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020., 9201918, Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020, Institute of Electrical and Electronics Engineers Inc., pp. 1121-1122, 44th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2020, Virtual, Madrid, Spain, 20/7/13. https://doi.org/10.1109/COMPSAC48688.2020.0-110

Tai Z, Washizaki H , Fukazawa Y, Fujimatsu Y, Kanai J. Binary Similarity Analysis for Vulnerability Detection. In Chan WK, Claycomb B, Takakura H, Yang J-J, Teranishi Y, Towey D, Segura S, Shahriar H, Reisman S, Ahamed SI, editors, Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020. Institute of Electrical and Electronics Engineers Inc. 2020. p. 1121-1122. 9201918. (Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020). doi: 10.1109/COMPSAC48688.2020.0-110

Tai, Zeming ; Washizaki, Hironori ; Fukazawa, Yoshiaki その他. / Binary Similarity Analysis for Vulnerability Detection. Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020. editor / W. K. Chan ; Bill Claycomb ; Hiroki Takakura ; Ji-Jiang Yang ; Yuuichi Teranishi ; Dave Towey ; Sergio Segura ; Hossain Shahriar ; Sorel Reisman ; Sheikh Iqbal Ahamed. Institute of Electrical and Electronics Engineers Inc., 2020. pp. 1121-1122 (Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020).

@inproceedings{00a43326df6a49cf9b3612f497c77515,

title = "Binary Similarity Analysis for Vulnerability Detection",

abstract = "Binary similarity has been widely used in function recognition and vulnerability detection. How to define a proper similarity is the key element in implementing a fast detection method. We proposed a scalable method to detect binary vulnerabilities based on similarity. Procedures lifted from binaries are divided into several comparable strands by data dependency, and those strands are transformed into a normalized form by our tool named VulneraBin, so that similarity can be determined between two procedures through a hash value comparison. The low computational complexity allows semantically equivalent code to be identified in binaries compiled from million lines of source code in a fast and accurate way.",

keywords = "binary analysis, binary code search, binary similarity, static analysis",

author = "Zeming Tai and Hironori Washizaki and Yoshiaki Fukazawa and Yurie Fujimatsu and Jun Kanai",

note = "Publisher Copyright: {\textcopyright} 2020 IEEE.; 44th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2020 ; Conference date: 13-07-2020 Through 17-07-2020",

year = "2020",

month = jul,

doi = "10.1109/COMPSAC48688.2020.0-110",

language = "English",

series = "Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1121--1122",

editor = "Chan, {W. K.} and Bill Claycomb and Hiroki Takakura and Ji-Jiang Yang and Yuuichi Teranishi and Dave Towey and Sergio Segura and Hossain Shahriar and Sorel Reisman and Ahamed, {Sheikh Iqbal}",

booktitle = "Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020",

}

TY - GEN

T1 - Binary Similarity Analysis for Vulnerability Detection

AU - Tai, Zeming

AU - Washizaki, Hironori

AU - Fukazawa, Yoshiaki

AU - Fujimatsu, Yurie

AU - Kanai, Jun

PY - 2020/7

Y1 - 2020/7

N2 - Binary similarity has been widely used in function recognition and vulnerability detection. How to define a proper similarity is the key element in implementing a fast detection method. We proposed a scalable method to detect binary vulnerabilities based on similarity. Procedures lifted from binaries are divided into several comparable strands by data dependency, and those strands are transformed into a normalized form by our tool named VulneraBin, so that similarity can be determined between two procedures through a hash value comparison. The low computational complexity allows semantically equivalent code to be identified in binaries compiled from million lines of source code in a fast and accurate way.

AB - Binary similarity has been widely used in function recognition and vulnerability detection. How to define a proper similarity is the key element in implementing a fast detection method. We proposed a scalable method to detect binary vulnerabilities based on similarity. Procedures lifted from binaries are divided into several comparable strands by data dependency, and those strands are transformed into a normalized form by our tool named VulneraBin, so that similarity can be determined between two procedures through a hash value comparison. The low computational complexity allows semantically equivalent code to be identified in binaries compiled from million lines of source code in a fast and accurate way.

KW - binary analysis

KW - binary code search

KW - binary similarity

KW - static analysis

UR - http://www.scopus.com/inward/record.url?scp=85094102116&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85094102116&partnerID=8YFLogxK

U2 - 10.1109/COMPSAC48688.2020.0-110

DO - 10.1109/COMPSAC48688.2020.0-110

M3 - Conference contribution

AN - SCOPUS:85094102116

T3 - Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020

SP - 1121

EP - 1122

BT - Proceedings - 2020 IEEE 44th Annual Computers, Software, and Applications Conference, COMPSAC 2020

A2 - Chan, W. K.

A2 - Claycomb, Bill

A2 - Takakura, Hiroki

A2 - Yang, Ji-Jiang

A2 - Teranishi, Yuuichi

A2 - Towey, Dave

A2 - Segura, Sergio

A2 - Shahriar, Hossain

A2 - Reisman, Sorel

A2 - Ahamed, Sheikh Iqbal

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 44th IEEE Annual Computers, Software, and Applications Conference, COMPSAC 2020

Y2 - 13 July 2020 through 17 July 2020

ER -

Binary Similarity Analysis for Vulnerability Detection

抄録

出版物シリーズ

Conference

ASJC Scopus subject areas

文献へのアクセス

他のファイルとリンク

フィンガープリント

引用スタイル