About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
Digital Forensics and Cyber Crime. 14th EAI International Conference, ICDF2C 2023, New York City, NY, USA, November 30, 2023, Proceedings, Part II

Research Article

Optir-SBERT: Cross-Architecture Binary Code Similarity Detection Based on Optimized LLVM IR

Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1007/978-3-031-56583-0_7,
        author={Yintong Yan and Lu Yu and Taiyan Wang and Yuwei Li and Zulie Pan},
        title={Optir-SBERT: Cross-Architecture Binary Code Similarity Detection Based on Optimized LLVM IR},
        proceedings={Digital Forensics and Cyber Crime. 14th EAI International Conference, ICDF2C 2023, New York City, NY, USA, November 30, 2023, Proceedings, Part II},
        proceedings_a={ICDF2C PART 2},
        year={2024},
        month={4},
        keywords={Binary code similarity detection Cross-architecture Optimized LLVM IR SBERT File-level vulnerability identification mechanism},
        doi={10.1007/978-3-031-56583-0_7}
    }
    
  • Yintong Yan
    Lu Yu
    Taiyan Wang
    Yuwei Li
    Zulie Pan
    Year: 2024
    Optir-SBERT: Cross-Architecture Binary Code Similarity Detection Based on Optimized LLVM IR
    ICDF2C PART 2
    Springer
    DOI: 10.1007/978-3-031-56583-0_7
Yintong Yan1, Lu Yu1, Taiyan Wang1, Yuwei Li1, Zulie Pan1,*
  • 1: College of Electronic Engineering, National University of Defense Technology
*Contact email: panzulie17@nudt.edu.cn

Abstract

Cross-architecture binary code similarity detection plays an important role in different security domains. In view of the low accuracy and poor scalability of existing cross-architecture detection technologies, we propose Optir-SBERT, which is the first technology to detect cross-architecture binary code similarity based on optimized LLVM IR. At the same time, we design a new data set BinaryIR, which is more diverse and provides a benchmark data set for subsequent research work based on LLVM IR. In terms of cross-architecture binary code similarity detection, the accuracy of Optir-SBERT reaches 94.38%, and the contribution of optimization is 3.99%. In terms of vulnerability detection, the average accuracy of Optir-SBERT reach 93.9%, and the contribution of optimization is 7%. The results are better than existing state-of-the-art (SOTA) cross-architecture detection technologies. In order to improve the efficiency of vulnerability detection in realistic scenarios, we introduced a file-level vulnerability identification mechanism on the basis of Optir-SBERT. The new model Optir-SBERT-F saved 45.36% of the detection time on the premise of a slight decrease in detection F value, which greatly improves the efficiency of vulnerability detection.

Keywords
Binary code similarity detection Cross-architecture Optimized LLVM IR SBERT File-level vulnerability identification mechanism
Published
2024-04-03
Appears in
SpringerLink
http://dx.doi.org/10.1007/978-3-031-56583-0_7
Copyright © 2023–2025 ICST
EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL