检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]数学工程与先进计算国家重点实验室,郑州450001 [2]西安报业传媒集团,西安710002
出 处:《计算机工程与应用》2017年第21期144-150,共7页Computer Engineering and Applications
基 金:国家自然科学基金(No.61271252);国家重点研发计划(No.2016YFB0801505;No.2016YFB0801601)
摘 要:当前二进制文件比对技术主流是以BinDiff为代表的结构化比对方法,存在结构相似导致的误匹配、分析耗时较高的问题。针对该问题提出一种基于节点层次化、价值化的匹配方法。通过提取函数节点在函数调用图中的层次与函数在调用网络中的价值,对层次模糊的节点提供了节点层次估算算法,最后递归匹配节点。实验表明,该方法避免了结构相似导致的误匹配,其时耗低于结构化比对工具Bindiff的1/2,节点匹配数量减少在15%以内。该方法可有效提高嵌入式设备固件的跨版本相似性分析效率。The existing methods of binary files comparison is mainly achieved by the comparison of structural directed graph, such as BinDiff, it has problems such as mismatch caused by structure similar and high time-consumption of analysis.A matching method based on node hierarchy and node value is proposed to solve this problem. By extracting the hierarchical and value information of the function node which in the function call graph, providing a node level estimation algorithm for nodes which hierarchical information is unclearly, it has matched nodes recursively in the end. Experiments show that this method avoids the mismatch caused by structural similarity, the time consumption is less than 1/2 of the time consumed by the structured matching tool BinDiff, and the reduction of matching nodes’ number less than 15%. This method can effectively improve the cross-version similarity analysis efficiency of the embedded device firmware.
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.118