BinCola: Diversity-Sensitive Contrastive Learning for Binary Code Similarity Detection

Binary Code Similarity Detection (BCSD) is a fundamental binary analysis technique in the area of software security. Recently, advanced deep learning algorithms are integrated into BCSD platforms to achieve superior performance on well-known benchmarks. However, real-world large programs embed more...

Full description

Saved in:
Bibliographic Details
Published inIEEE transactions on software engineering Vol. 50; no. 10; pp. 2485 - 2497
Main Authors Jiang, Shuai, Fu, Cai, He, Shuai, Lv, Jianqiang, Han, Lansheng, Hu, Hong
Format Journal Article
LanguageEnglish
Published New York IEEE 01.10.2024
IEEE Computer Society
Subjects
Algorithms
attention mechanism
binary analysis
Binary codes
Compilers
Contrastive learning
Deep learning
Diversity sensitive
Feature extraction
Machine learning
Optimization
Performance evaluation
Semantics
Similarity
similarity detection
Software
Source coding
Training
Vectors
Online AccessGet full text

Cover

More Information
Summary:Binary Code Similarity Detection (BCSD) is a fundamental binary analysis technique in the area of software security. Recently, advanced deep learning algorithms are integrated into BCSD platforms to achieve superior performance on well-known benchmarks. However, real-world large programs embed more complex diversities due to different compilers, various optimization levels, multiple architectures and even obfuscations. Existing BCSD solutions suffer from low accuracy issues in such complicated real-world application scenarios. In this paper, we propose BinCola, a novel Transformer-based dual diversity-sensitive contrastive learning framework that comprehensively considers the diversity of compiler options and candidate functions in the real-world application scenarios and employs the attention mechanism to fuse multi-granularity function features for enhancing generality and scalability. BinCola simultaneously compares multiple candidate functions across various compilation option scenarios to learn the differences caused by distinct compiler options and different candidate functions. We evaluate BinCola's performance in a variety of ways, including binary similarity detection and real-world vulnerability search in multiple application scenarios. The results demonstrate that BinCola achieves superior performance compared to state-of-the-art (SOTA) methods, with improvements of 2.80%, 33.62%, 22.41%, and 34.25% in cross-architecture, cross-optimization level, cross-compiler, and cross-obfuscation scenarios, respectively.
ISSN:0098-5589
1939-3520
DOI:10.1109/TSE.2024.3411072