Fast reused code tracing method based on simhash and inverted index |
| |
Authors: | Yan-chen QIAO Xiao-chun YUN Yu-peng TUO Yong-zheng ZHANG |
| |
Institution: | 1. Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100080, China;2. Graduate School, Chinese Academy of Sciences, Beijing 100039, China;3. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China |
| |
Abstract: | A novel method for fast and accurately tracing reused code was proposed. Based on simhash and inverted in-dex, the method can fast trace similar functions in massive code. First of all, a code database with three-level inverted in-dex structures was constructed. For the function to be traced, similar code blocks could be found quickly according to simhash value of the code block in the function code. Then the potential similar functions could be fast traced using in-verted index. Finally, really similar functions could be identified by comparing jump relationships of similar code blocks. Further, malware samples containing similar functions could be traced. The experimental results show that the method can quickly identify the functions inserted by compilers and the reused functions based on the code database under the premise of high accuracy and recall rate. |
| |
Keywords: | network security reused code retrieval method homology identification malware |
|
| 点击此处可从《通信学报》浏览原始摘要信息 |
| 点击此处可从《通信学报》下载免费的PDF全文 |
|