POSTED BY: CENSUS / 23.03.2018
IEEE SANER 2018
CENSUS researcher Chariton Karamitas and associate professor Athanasios Kehagias (University of Thessaloniki, Greece), presented the "Efficient Features for Function Matching between Binary Executables" paper at the IEEE SANER 2018 conference held in Campobasso, Italy on March 20-23 2018.
The paper's abstract follows:
Binary diffing is the process of reverse engineering two programs, when source code is not available, in order to study their syntactic and semantic differences. For large programs, binary diffing can be performed by function matching which, in turn, is reduced to a graph isomorphism problem between the compared programs' CFGs (Control Flow Graphs) and/or CGs (Call Graphs). In this paper we provide a set of carefully chosen features, extracted from a binary's CG and CFG, which can be used by BinDiff algorithm variants to, first, build a set of initial exact matches with minimal false positives (by scanning for unique perfect matches) and, second, propagate approximate matching information using, for example, a nearest-neighbor scheme. Furthermore, we investigate the benefits of applying Markov lumping techniques to function CFGs (to our knowledge, this technique has not been previously studied). The proposed function features are evaluated in a series of experiments on various versions of the Linux kernel (Intel64), the OpenSSH server (Intel64) and Firefox's xul.dll (IA-32). Our prototype system is also compared to Diaphora, the current state-of-the-art binary diffing software.
The authors would like to thank the organizers and speakers for this great conference.