Akcije

Telfor Journal
kako citirati ovaj članak
podeli ovaj članak

Metrika

  • citati u SCIndeksu: 0
  • citati u CrossRef-u:0
  • citati u Google Scholaru:[]
  • posete u poslednjih 30 dana:8
  • preuzimanja u poslednjih 30 dana:5

Sadržaj

članak: 1 od 1  
2020, vol. 12, br. 1, str. 46-49
Comparing assembler procedures by analyzing sequences of opcodes
(naslov ne postoji na srpskom)
Univerzitet u Beogradu, Elektrotehnički fakultet

e-adresanikolapeja6@gmail.com, cmilos@etf.bg.ac.rs, zaki@etf.bg.ac.rs
Projekat:
Razvoj digitalnih tehnologija i umreženih servisa u sistemima sa ugrađenim elektronskim komponentama (MPNTR - 44009)
Razvoj hardverske, softverske i telekomunikacione infrastrukture e-sistema za kontrolu prometa i poreza (MPNTR - 32047)

Ključne reči: assembler code analysis; sequence of instructions; software clone detection
Sažetak
(ne postoji na srpskom)
Static analysis of executables for the purpose of comparing them can be made more difficult if the binaries are created using different compilers. In order to compensate for the noise introduced by the compilers, the arguments of the instructions are usually discarded as having a low signal-tonoise ratio. As compiler can often apply instruction reordering, some approaches only compare statistical information about the instructions, or compare their subsequences in order to measure their similarity. This paper presents an approach for estimating the similarity of procedures given in assembler form (disassembled binaries) by analyzing their sequences of opcodes. The approach first encodes the opcodes into integer values by mapping opcodes that represent similar actions into the same values, and then calculates a relative Levenshtein distance between the two sequences of integers. The proposed approach is evaluated and compared with some existing approaches, where it showed to have on average around 6% higher recall than the second-best approach.
Reference
Arm Limited Embedded development tools. http://www.keil.com
Chí, C.M., Chung, J.W., Kozyrakis, C., Olukotun, K. (2008) STAMP: Stanford transactional applications for multi-processing. u: IEEE International Symposium on Workload Characterization, IISWC'08
Davis, I.J., Godfrey, M.W. (2010) From whence it came: Detecting source code clones by analyzing assembler. u: Working Conference on Reverse Engineering, WCRE, Proceedings
Dullien, T., Rolles, R. (2005) Graph-based comparison of executable objects (english version). Sstic, doi: 10.1.1.96.5076
IAR Systems IAR embedded workbench. https://www.iar.com/iar-embedded-workbench
Levenshtein, V. (1966) Binary codes capable of correcting deletions, insertions, and reversals. Soviet Physics Doklady
Li, L., Bissyandé, T.F., Papadakis, M., Rasthofer, S., Bartel, A., Octeau, D., Klein, J., Traon, L. (2017) Static analysis of android apps: A systematic literature review. Information and Software Technology, 88, 67-95
Mentor Sourcery CodeBench. https://www.mentor.com/embedded-software/sourcerytools/sourcery-codebench/overview
Mišić, M., Sustran, Z., Protić, J. (2016) A comparison of software tools for plagiarism detection in programming assignments. International Journal of Engineering Education, 32(2), 738-748
Needleman, S.B., Wunsch, C.D. (1970) A general method applicable to the search for similarities in the amino acid sequence of two proteins. Journal of Molecular Biology
Pejić, N., Cvetanović, M., Radivojević, Z. (2019) Estimating similarity between differently compiled procedures using neural networks. u: 27th Telecommunications Forum (TELFOR), November, IEEE
Python Software Foundation (2001) Welcome to Python.org. https://www.python.org
Radivojević, Z., Cvetanović, M., Stojanović, S. (2015) Comparison of binary procedures: A set of techniques for evading compiler transformations. Computer Journal
Rowley Associates Ltd CrossWorks for ARM. https://www.rowley.co.uk/arm/index.htm
Santos, I., Brezo, F., Nieves, J., Penya, Y.K., Sanz, B., Laorden, C., Bringas, P.G. (2010) Idea: Opcode-sequence-based malware detection. u: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Berlin-Heidelberg: Springer, 35-43
Stojanović, S., Radivojević, Z., Cvetanović, M. (2015) Approach for estimating similarity between procedures in differently compiled binaries. Information and Software Technology, 58, 259-271
Sysprogs Prebuilt windows toolchain for ARM. http://gnutoolchains.com/arm-eabi
Zampetti, F., Scalabrino, S., Oliveto, R., Canfora, G., di Penta, M. (2017) How open source projects use static code analysis tools in continuous integration pipelines. u: IEEE International Working Conference on Mining Software Repositories
 

O članku

jezik rada: engleski
vrsta rada: neklasifikovan
DOI: 10.5937/telfor2001046P
primljen: 13.05.2020.
prihvaćen: 21.06.2020.
objavljen: 31.07.2020.
objavljen u SCIndeksu: 09.10.2020.

Povezani članci

Serb J Electr Engineering (2015)
Estimation of similarity between functions extracted from X86 executable files
Berta Katarina, i dr.