Context

Software similarity comparison has always been a common technique for software reuse detection, plagiarism detection, and defect detection.

Objective

Considering the role of API calls and arithmetic operations in software execution, a semantic-based dynamic software analysis method–mixed key instruction sequence (MKIS) is proposed.

Method

MKIS embeds key value sets into a vector and constructs a novel software execution sequence that contains API calls and arithmetic operations during software execution. To determine the location of key values, a key-value equivalent matching algorithm is proposed, combined with the longest common subsequence algorithm to optimize the software execution sequence.

Results

Experiments show that MKIS can accurately compare the similarity of binary programs without obtaining the software source code, and has better resiliency and credibility.

Conclusion

Moreover, in the case when the software source code is changed with some main function-independent modification and code obfuscator, software reuse can be successfully detected.

中文翻译：

---

通过混合键指令序列语义查找相似的二进制代码

语境

软件相似性比较一直是用于软件重用检测，窃检测和缺陷检测的常用技术。

目的

考虑到API调用和算术运算在软件执行中的作用，提出了一种基于语义的动态软件分析方法-混合密钥指令序列（MKIS）。

方法

MKIS将键值集嵌入向量中，并构造一个新颖的软件执行序列，其中包含在软件执行过程中的API调用和算术运算。为了确定关键值的位置，提出了一种关键值等效匹配算法，并结合最长的公共子序列算法来优化软件执行顺序。

结果

实验表明，MKIS可以准确地比较二进制程序的相似性，而无需获取软件源代码，并且具有更好的弹性和可信度。

结论

此外，在通过一些独立于主要功能的修改和代码混淆器更改了软件源代码的情况下，可以成功检测到软件重用。