代码相似性检测技术综述  被引量：1

作　　者：孙祥杰 魏强[2] 王奕森[2] 杜江 SUN Xiangjie;WEI Qiang;WANG Yisen;DU Jiang(School of Cyber Science and Engineering,Zhengzhou University,Zhengzhou Henan 450002,China;School of Cyberspace Security,Information Engineering University,Zhengzhou Henan 450001,China)

机构地区：[1]郑州大学网络空间安全学院,郑州450002 [2]信息工程大学网络空间安全学院,郑州450001

出　　处：《计算机应用》2024年第4期1248-1258,共11页journal of Computer Applications

基　　金：国家重点研发计划项目(2019QY0502)。

摘　　要：代码复用为软件开发带来便利的同时也引入了安全风险,如加速漏洞传播、代码恶意抄袭等,代码相似性检测技术通过分析代码间词法、语法、语义等信息计算代码相似程度,是判断代码复用最有效的技术之一,也是近年发展较快的程序安全分析技术。首先,系统梳理代码相似性检测的近期技术进展,根据目标代码是否开源,将代码相似性检测技术分为源码相似性检测和二进制代码相似性检测,又根据编程语言、指令集的不同进行二次细分;其次,总结每一种技术的思路和研究成果,分析机器学习技术在代码相似性检测领域成功的案例,并讨论现有技术的优势与不足;最后,给出代码相似性检测技术的发展趋势,为相关研究人员提供参考。Code reuse not only brings convenience to software development,but also introduces security risks,such as accelerating vulnerability propagation and malicious code plagiarism.Code similarity detection technology is to calculate code similarity by analyzing lexical,syntactic,semantic and other information between codes.It is one of the most effective technologies to judge code reuse,and it is also a program security analysis technology that has developed rapidly in recent years.First,the latest technical progress of code similarity detection was systematically reviewed,and the current code similarity detection technology was classified.According to whether the target code was open source,it was divided into source code similarity detection and binary code similarity detection.According to the different programming languages and instruction sets,the second subdivision was carried out.Then,the ideas and research results of each technology were summarized,the successful cases of machine learning technology in the field of code similarity detection were analyzed,and the advantages and disadvantages of existing technologies were discussed.Finally,the development trend of code similarity detection technology was given to provide reference for relevant researchers.

关 键 词：二进制代码相似性 源代码相似性 跨语言代码相似性 深度学习 代码克隆 

分 类 号：TP311.5[自动化与计算机技术—计算机软件与理论]