A program behavior recognition algorithm based on assembly instruction sequence similarity
The analysis on assembly instruction sequence plays a vital role in the field of measuring software similarity, malware recognition and software analysis, etc. This paper summarizes the features of assembly instructions, builds a six-group model and puts forward an algorithm of calculating similarity of assembly instructions. On that base a set of methods of calculating similarity of assembly instruction sequence are summarized. The preliminary experimental results show that it has high efficiency and good effect.
KeywordsBasic Block Static Recognition Operation Code Assembly Instruction National Engineer Laboratory
Unable to display preview. Download preview PDF.
- 2.Gröbert F, Willems C, Holz T. Automated Identification of Cryptographic Primitives in Binary Programs[J]. Lecture Notes in Computer Science, 2011:41-60.Google Scholar
- 3.Jingwei Zhang. Research on Public Key Cryptographic Algorithm Recognition Technology [D]. The PLA Information Engineering University, 2011.Google Scholar
- 4.LI Xiang, KANG Fei, SHU Hui. Cryptographic Algorithm Recognition Based on Dynamic Binary Analysis. Computer Engineering, 2012, 38(17): 106-109,115.Google Scholar
- 5.Caballero J, Yin H, Liang Z, et al. Polyglot: automatic extraction of protocol message format using dynamic binary analysis[J]. Ccs ’07 Proceedings of Acm Conference on Computer & Communications Security Acm, 2007:317–329.Google Scholar