Abstract:
Firmware comparison is an important branch of binary comparison technology. However, the existing binary comparison technology is not ideal when applied to firmware comparison. Previous studies focused on the optimization of the function representation method, but neglected the design and improvement of filters, which led to mismatches caused by firmware containing isomorphic functions. For this reason, this paper proposes a firmware comparison technology based on community detection algorithms, and applies complex network related theories to the field of binary comparison for the first time. Divide the function in the firmware into several communities through the community detection algorithm, use community matching to realize the filter function, and then find the matching function according to the matching community; In addition, this paper optimizes the function similarity calculation method, and designs the operand similarity calculation method. After the prototype system is implemented, this paper uses 1382 firmware to construct two data sets for experiments to verify the feasibility, analyze the performance of the method in this paper, and determine the reasonable value of each parameter, design the credible matching rate as the evaluation index, and compare the method in this paper and Bindiff. Experiments show that this method can improve the accuracy of Bindiff comparison results by 5% to 11%.