ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2022, Vol. 59 ›› Issue (1): 209-235.doi: 10.7544/issn1000-1239.20200778

Previous Articles     Next Articles

Firmware Binary Comparison Technology Based on Community Detection Algorithm

Xiao Ruiqing, Fei Jinlong, Zhu Yuefei, Cai Ruijie, Liu Shengli   

  1. (State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001)
  • Online:2022-01-01
  • Supported by: 
    This work was supported by the National Key Research and Development Plan of China (2019QY1300) and the Foundation Enhancement Project of Science and Technology

Abstract: Firmware comparison is an important branch of binary comparison technology. However, the existing binary comparison technology is not ideal when applied to firmware comparison. Previous studies focused on the optimization of the function representation method, but neglected the design and improvement of filters, which led to mismatches caused by firmware containing isomorphic functions. For this reason, this paper proposes a firmware comparison technology based on community detection algorithms, and applies complex network related theories to the field of binary comparison for the first time. Divide the function in the firmware into several communities through the community detection algorithm, use community matching to realize the filter function, and then find the matching function according to the matching community; In addition, this paper optimizes the function similarity calculation method, and designs the operand similarity calculation method. After the prototype system is implemented, this paper uses 1382 firmware to construct two data sets for experiments to verify the feasibility, analyze the performance of the method in this paper, and determine the reasonable value of each parameter, design the credible matching rate as the evaluation index, and compare the method in this paper and Bindiff. Experiments show that this method can improve the accuracy of Bindiff comparison results by 5% to 11%.

Key words: firmware comparison, community detection, complex network, function similarity, BGLL algorithm

CLC Number: