Binary function similarity detection plays an important role in a wide range of security applications. Existing works usually assume that the query function and target function share equal semantics and compare their full semantics to obtain the similarity. However, we find that the function mapping is more complex, especially when function inlining happens.
In this paper, we will systematically investigate cross-inlining binary function similarity detection. We first construct a cross-inlining dataset by compiling 51 projects using 9 compilers, with 4 optimizations, to 6 architectures, with 2 inlining flags, which results in two datasets both with 216 compilation combinations. Then we construct the cross-inlining function mappings by linking the common source functions in these two datasets. Through analysis of this dataset, we find that three cross-inlining patterns widely exist while existing works suffer when detecting cross-inlining binary function similarity. Next, we propose a pattern-based model named CI-Detector for cross-inlining matching. CI-Detector uses the attributed CFG to represent the semantics of binary functions and GNN to embed binary functions into vectors. CI-Detector respectively trains a model for these three cross-inlining patterns. Finally, the testing pairs are input to these three models and all the produced similarities are aggregated to produce the final similarity. We conduct several experiments to evaluate CI-Detector. Results show that CI-Detector can detect cross-inlining pairs with a precision of 81% and a recall of 97%, which exceeds all state-of-the-art works.
Wed 17 AprDisplayed time zone: Lisbon change
16:00 - 17:30 | Program binaries - evolvabilityResearch Track / Software Engineering in Practice / Demonstrations at Amália Rodrigues Chair(s): Auri Vincenzi Federal University of São Carlos | ||
16:00 15mTalk | Cross-Inlining Binary Function Similarity Detection Research Track Ang Jia Xi'an Jiaotong University, Ming Fan Xi'an Jiaotong University, Xi Xu Xi'an Jiaotong University, Wuxia Jin Xi'an Jiaotong University, Haijun Wang Xi'an Jiaotong University, Ting Liu Xi'an Jiaotong University DOI Pre-print | ||
16:15 15mTalk | BinaryAI: Binary Software Composition Analysis via Intelligent Binary Source Code Matching Research Track Ling Jiang Southern University of Science and Technology, Junwen An Southern University of Science and Technology, Huihui Huang Southern University of Science and Technology, Qiyi Tang Tencent Security Keen Lab, Sen Nie Tencent Security Keen Lab, Shi Wu Tencent Security Keen Lab, Yuqun Zhang Southern University of Science and Technology | ||
16:30 15mTalk | PPT4J: Patch Presence Test for Java Binaries Research Track Zhiyuan Pan Zhejiang University, Xing Hu Zhejiang University, Xin Xia Huawei Technologies, Xian Zhan Southern University of Science and Technology, David Lo Singapore Management University, Xiaohu Yang Zhejiang University | ||
16:45 15mTalk | Code Impact Beyond Disciplinary Boundaries: Constructing A Multidisciplinary Dependency Graph and Analyzing Cross-Boundary Impact Software Engineering in Practice Gengyi Sun University of Waterloo, Mehran Meidani University of Waterloo, Sarra Habchi Ubisoft Montréal, Mathieu Nayrolles Ubisoft Montreal, Shane McIntosh University of Waterloo Pre-print | ||
17:00 7mTalk | The Devil Is in the Command Line: Associating the Compiler Flags With the Binary and Build Metadata Software Engineering in Practice Gunnar Kudrjavets Amazon Web Services, USA, Aditya Kumar Google, Jeff Thomas Meta Platforms, Inc., Ayushi Rastogi University of Groningen, The Netherlands DOI Pre-print | ||
17:07 7mTalk | Verifying and Displaying Move Smart Contract Source Code for the Sui Blockchain Demonstrations Rijnard van Tonder Mysten Labs, Inc. | ||