南京邮电大学学报(自然科学版)2012,Vol.32Issue(2):75-83,113,10.
一种改进的补丁比较模型的研究与实现
Research and Implementation of an Improved Patch Comparison Technique Model
摘要
Abstract
Patch comparison technology is able to locate the changes between different versions of executable files,and has gradually been applied in vulnerability disclosure,malware variants analysis and so on. Based on the structural comparison technology, this paper first presents a new model of patch comparison, which is called IPCTM (Improved Patch Comparison Technique Model). In IPCTM, the accuracy of fixed-point ' s propagation technology is improved by proposing a rectifying mechanism for the erroneous matching. Additionally, control-flow-graph reconstruction and code assisting match are designed, and additional disposal policies for unmatched functions and basic blocks are presented. The experiment results show that IPCTM is able to identify semantic differences and eliminate syntactic differences, and then the workload of subsequent analysis is effectively reduced.关键词
补丁比较/固定点传播/图同构/回溯搜索Key words
patch comparison/fixed-points propagation/graph isomorphism/backtracking search分类
信息技术与安全科学引用本文复制引用
潘璠,吴礼发,孙传鲁,李华波,洪征..一种改进的补丁比较模型的研究与实现[J].南京邮电大学学报(自然科学版),2012,32(2):75-83,113,10.基金项目
江苏省自然科学基金(BK2010132)资助项目 (BK2010132)
