Constructing the Call Graph of a Program
IEEE Transactions on Software Engineering
Improved call graph comparison using simulated annealing
Proceedings of the 2011 ACM Symposium on Applied Computing
Malware classification based on call graph clustering
Journal in Computer Virology
Malware classification method via binary content comparison
Proceedings of the 2012 ACM Research in Applied Computation Symposium
| Hi-index | 0.00 |
This paper proposes a method to calculate similarities of software without any source code information. The proposed method can be used for various applications such as detecting the source code theft and copyright infringement, as well as locating updated parts of software including malware. To determine the similarities of software, we used an approach that matches similar functions included in software. Our function-based matching process is composed of two steps. In step 1, the structural information of call graph in binary file is used to match functions, and the matched functions are not processed in step 2 to reduce the number of detailed matching. In step 2, by using instruction mnemonics, N-gram similarity-based matching is performed. Using the structural matching proposed in this paper, about 30% improvement in the matching performance is achieved with the four-tuple matching which also reduces the false positive rate compared to previous studies. Our other experimental results showed that, in comparison to source code-based approaches, our proposed method has only about 3% difference in similarity calculation with real software samples. Therefore, we argue that our proposed method makes a contribution in the field of binary-based software similarity calculation.