二进制比对技术:场景、方法与挑战  

作　　者：胡梦莹 王笑克 赵磊[1,2] HU Mengying;WANG Xiaoke;ZHAO Lei(School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China;Key Laboratory of Aerospace Information Security and Trusted Computing Ministry of Education,Wuhan University,Wuhan 430072,China)

机构地区：[1]武汉大学国家网络安全学院,武汉430072 [2]武汉大学空天信息安全与可信计算教育部重点实验室,武汉430072

出　　处：《信息安全学报》2025年第2期48-66,共19页Journal of Cyber Security

基　　金：国家自然科学基金(No.62172305)资助。

摘　　要：二进制比对技术通过比较两段二进制代码片段的特征来识别它们之间的相似度和差异性,其在安全领域应用广泛,包括漏洞搜索、补丁分析、恶意软件检测等,在各个应用场景下也伴随着不同的技术挑战。尽管已有研究对二进制比对技术进行了调研分类,然而现有研究无法准确描述二进制比对技术的特点、不同挑战对二进制代码特征的具体影响以及二进制比对技术的比较基准。为弥补上述缺失,对二进制比对工作进行了大规模的调研,发现目前以应用场景对二进制比对技术进行分类的方式不足以精确描述二进制比对技术的特点,并且大部分工作没有明确其应用场景,因此提出了二进制比对的通用描述模型,该模型由二进制比对的比较对象、预期目标、技术挑战和方法特征4个维度构成,通过该模型可以更精确描述二进制比对技术。进而,论述了各技术挑战对二进制代码特征的影响,具体包括编译配置、语义修改以及代码混淆对二进制代码的句法特征、结构特征和语义特征的影响。与此同时,提出了一种二进制比对技术的比较基准并通过实验进行了验证,实验结果表明,在选择比较基准时,应考虑不同方法的比较对象、预期目标、解决的挑战是否一致。当比较对象、预期目标、解决的挑战不一致时,对它们之间的对比没有意义;当比较对象、预期目标、解决的挑战一致时,对它们之间的对比更有意义。最后,结合研究发现给出了下一步的建议研究方向。Binary comparison technology identifies the similarities and differences between two binary code fragments by comparing their features.It is widely used in the field of security,including bug search,patch analysis and malware detection,and it has different technical challenges in various application scenarios.Although studies have been conducted to investigate and classify binary comparison techniques,they are unable to accurately describe the characteristics of bi-nary comparison techniques,the specific impact of different challenges on binary code features,and the benchmark of binary comparison techniques.In order to make up for the above shortcomings,a large-scale investigation was conducted on binary comparison work.It was found that the current method of classifying binary comparison technology based on application scenarios is not sufficient to accurately describe the characteristics of binary comparison technology,and most of the work has not clearly declared its application scenarios.Therefore,a generic descriptive model for binary comparison technology was proposed,which consists of the comparison object,expected target,technical challenges and the charac-teristics of binary comparison technology.This model can more accurately describe binary comparison technology.Fur-thermore,the impact of various technical challenges on the characteristics of binary code was discussed,including the im-pact of compilation configuration,semantic modification,and code confusion on the syntactic,structural,and semantic features of binary code.At the same time,a benchmark for binary comparison technology was proposed and verified through experiments.The experimental results showed that when selecting a comparison benchmark,it is necessary to consider whether the comparison objects,expected goals,and challenges solved by different methods are consistent.When the com-parison objects,expected goals,and challenges to be solved are inconsistent,the comparison between them is meaningless;When the comparison objects,expected goals

关 键 词：二进制比对 软件安全 比较实验 

分 类 号：TP311[自动化与计算机技术—计算机软件与理论]