Matching Function-Call Graph of Binary Codes and Its Applications (Short Paper)

For a binary code, the function-call graph (FCG) reflects its capability, structure and intrinsic relations. In this work, we propose a FCG matching algorithm based on Hungarian algorithm which makes matching between graphs of large scale possible. Also, optimizations are proposed to improve the efficiency and accuracy of FCG matching algorithm. Finally, a series of experiments are conducted to show that FCG matching is an effective method and has huge application potentiality in software and security analysis.

[1]  Danai Koutra,et al.  BIG-ALIGN: Fast Bipartite Graph Alignment , 2013, 2013 IEEE 13th International Conference on Data Mining.

[2]  Kang G. Shin,et al.  Large-scale malware indexing using function-call graphs , 2009, CCS.

[3]  Bjorn De Sutter,et al.  Matching Control Flow of Program Versions , 2007, 2007 IEEE International Conference on Software Maintenance.

[4]  Peng Liu,et al.  Achieving accuracy and scalability simultaneously in detecting application clones on Android markets , 2014, ICSE.

[5]  Kamran Sartipi,et al.  On modeling software architecture recovery as graph matching , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[6]  Jens Krinke,et al.  Identifying similar code with program dependence graphs , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[7]  Mario Luca Bernardi,et al.  A model-driven graph-matching approach for design pattern detection , 2013, 2013 20th Working Conference on Reverse Engineering (WCRE).

[8]  H. Kuhn The Hungarian method for the assignment problem , 1955 .

[9]  Pascal Junod,et al.  Obfuscator-LLVM -- Software Protection for the Masses , 2015, 2015 IEEE/ACM 1st International Workshop on Software Protection.

[10]  Yong Tang,et al.  Signature Tree Generation for Polymorphic Worms , 2011, IEEE Transactions on Computers.

[11]  Orestis Kostakis,et al.  Classy: fast clustering streams of call-graphs , 2014, Data Mining and Knowledge Discovery.

[12]  Salvatore Tabbone,et al.  Graph Matching Based on Node Signatures , 2009, GbRPR.

[13]  Yang Xiang,et al.  Simseer and bugwise: web services for binary-level software similarity and defect detection , 2013 .

[14]  P. Foggia,et al.  Performance evaluation of the VF graph matching algorithm , 1999, Proceedings 10th International Conference on Image Analysis and Processing.

[15]  Salvatore Tabbone,et al.  Attributed Graph Matching Using Local Descriptions , 2009, ACIVS.