• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제17권8호
• /
• pp.2101-2123
• /
• 2023

Recent studies have shown that the neural network-based binary code similarity detection technology performs well in vulnerability mining, plagiarism detection, and malicious code analysis. However, existing cross-architecture methods still suffer from insufficient feature characterization and low discrimination accuracy. To address these issues, this paper proposes a cross-architecture binary function similarity detection method based on composite feature model (SDCFM). Firstly, the binary function is converted into vector representation according to the proposed composite feature model, which is composed of instruction statistical features, control flow graph structural features, and application program interface calling behavioral features. Then, the composite features are embedded by the proposed hierarchical embedding network based on a graph neural network. In which, the block-level features and the function-level features are processed separately and finally fused into the embedding. In addition, to make the trained model more accurate and stable, our method utilizes the embeddings of predecessor nodes to modify the node embedding in the iterative updating process of the graph neural network. To assess the effectiveness of composite feature model, we contrast SDCFM with the state of art method on benchmark datasets. The experimental results show that SDCFM has good performance both on the area under the curve in the binary function similarity detection task and the vulnerable candidate function ranking in vulnerability search task.

• 정보과학회 논문지
• /
• 제44권10호
• /
• pp.1019-1025
• /
• 2017

바이너리 유사도 분석은 취약점 분석, 악성코드 분석, 표절 탐지 등에서 사용되고 있는데, 분석대상 함수가 알려진 안전한 함수와 동일하다는 것을 증명해주면 바이너리 코드의 악성행위 분석, 취약점 분석 등의 효율성을 높이는 데에 도움이 될 수 있다. 하지만 기존에는 동일 함수의 서로 다른 버전에 대한 유사도 분석에 대해서 별도로 이루어진 연구가 거의 없었다. 본 논문에서는 바이너리로부터 추출 가능한 함수 정보들을 바탕으로 다양한 방법을 통해 함수 단위의 유사도를 분석하고 적은 시간으로 효율적으로 분석할 수 있는 방안을 모색한다. 특히 OpenSSL 라이브러리의 서로 다른 버전을 대상으로 분석을 수행하여 버전이 다른 경우에도 유사한 함수를 탐지하는 것을 확인한다.

• Communications for Statistical Applications and Methods
• /
• 제10권3호
• /
• pp.971-980
• /
• 2003

The tree method can be extended to multivariate responses, such as repeated measure and longitudinal data, by modifying the split function so as to accommodate multiple responses. Recently, some decision trees for multiple responses have been constructed by Segal (1992) and Zhang (1998). Segal suggested a tree can analyze continuous longitudinal response using Mahalanobis distance for within node homogeneity measures and Zhang suggested a tree can analyze multiple binary responses using generalized entropy criterion which is proportional to maximum likelihood of joint distribution of multiple binary responses. In this paper, we will modify CART procedure and suggest a new tree-based method that can analyze multiple binary responses using similarity measures.

• Communications for Statistical Applications and Methods
• /
• 제13권3호
• /
• pp.719-732
• /
• 2006

A set of clustering algorithms with proper weight on the formulation of distance which extend to mixed numeric and multiple binary values is presented. A simple matching and Jaccard coefficients are used to measure similarity between objects for multiple binary attributes. Similarities are converted to dissimilarities between i th and j th objects. The performance of clustering algorithms with balancing weight on different similarity measures is demonstrated. Our experiments show that clustering algorithms with application of proper weight give competitive recovery level when a set of data with mixed numeric and multiple binary attributes is clustered.

• 대한기계학회논문집B
• /
• 제25권4호
• /
• pp.485-495
• /
• 2001

This paper presents a similarity solution for the directional casting of binary peritectic alloys in the presence of shrinkage-induced flow. The present model retains essential ingredients of alloy solidification, such as temperature-solute coupling, macrosegregation, solid-liquid property differences, and finite back diffusion in the primary phase. An algorithm for simultaneously determining the peritectic and liquidus positions is newly developed, which proves to be more efficient and stable than the existing scheme. Sample calculations are performed for both hypo- and hyper-peritectic compositions. The results show that the present analysis is capable of properly resolving the solidification characteristics of peritectic alloys so that it can be used for validating numerical models as a test solution.

• 설비공학논문집
• /
• 제16권10호
• /
• pp.942-951
• /
• 2004

This paper presents the results of a theoretical study of the effect of radiation during free convective laminar film boiling for methanol/water binary mixtures on an isothermal vertical wall at atmospheric pressure. With the well-known boundary layer theory as a basis, a theoretical model has been formulated into consideration for mass diffusion at liquid phase. The equations are numerically solved by a similarity method to investigate the effects of radiation emissivity on the surface with various parameters such as wall superheat and composition of more volatile component at liquid phase far from the wall. From the results, the distributions of the physical quantifies are investigated in both phases. New correlations are proposed to predict the heat transfer coefficient of binary mixtures. It is shown that the proposed correlations are in good agreement with numerical results and with Bromley's correlation within maximum $11\%$ errors. It is also found that as the wall superheat is increased, radiation effect becomes more important.

• 정보과학회 논문지
• /
• 제41권12호
• /
• pp.1007-1012
• /
• 2014

소스코드가 없이 실행코드만으로 소프트웨어 간의 유사성을 비교하기위해 소프트웨어 버스마크를 이용한다. 소프트웨어 버스마크란 그 소프트웨어만의 고유한 특징으로 소프트웨어 식별에 사용된다. 본 논문에서는 정적 주요경로 상의 API 함수 시퀀스를 이용하여 소프트웨어 간의 유사성을 산정하는 방법을 제시한다. 바이너리코드에서 소프트웨어의 특성이 뚜렷하게 나타나는 API 함수만을 사용하여 소프트웨어 유사성 검사의 신뢰성을 높이고, 정적 분석 기법에 동적 분석 기법의 특징을 적용하여 강인성을 높이는 방법을 모색하였다. 정적 분석으로 바이너리코드의 주요경로를 추출하고, API 함수 시퀀스 간의 효과적인 유사성 측정을 위해 서열정렬 알고리즘인 Smith-Waterman 알고리즘을 이용한 유사성 척도를 제안한다. 버스마크의 신뢰성을 평가하기 위하여 같은 프로그램의 여러 버전을 대상으로 실험하였고, 강인성을 평가하기 위해 오픈소스 소프트웨어의 소스코드를 다양한 컴파일환경으로 바꾸어 실험하였다.

• Journal of the Korean Physical Society
• /
• 제73권10호
• /
• pp.1589-1595
• /
• 2018

Similarity index measures the topological proximity of node pairs in a complex network. Numerous similarity indices have been defined and investigated, but the dependency of structure on the performance of similarity indices has not been sufficiently investigated. In this study, we investigated the relationship between the performance of similarity indices and structural properties of a network by employing a two-state random network. A node in a two-state network has binary types that are initially given, and a connection probability is determined from the state of the node pair. The performances of similarity indices are affected by the number of links and the ratio of intra-connections to inter-connections. Similarity indices have different characteristics depending on their type. Local indices perform well in small-size networks and do not depend on whether the structure is intra-dominant or inter-dominant. In contrast, global indices perform better in large-size networks, and some such indices do not perform well in an inter-dominant structure. We also found that link prediction performance and the performance of similarity are correlated in both model networks and empirical networks. This relationship implies that link prediction performance can be used as an approximation for the performance of the similarity index when information about node type is unavailable. This relationship may help to find the appropriate index for given networks.

• 한국경영과학회지
• /
• 제33권2호
• /
• pp.1-16
• /
• 2008

The purpose of this paper is to propose a new binary classification method for predicting corporate failure based on genetic algorithm, and to validate its prediction power through empirical analysis. Establishing virtual companies representing bankrupt companies and non-bankrupt ones respectively, the proposed method measures the similarity between the virtual companies and the subject for prediction, and classifies the subject into either bankrupt or non-bankrupt one. The values of the classification variables of the virtual companies and the weights of the variables are determined by the proper model to maximize the hit ratio of training data set using genetic algorithm. In order to test the validity of the proposed method, we compare its prediction accuracy with ones of other existing methods such as multi-discriminant analysis, logistic regression, decision tree, and artificial neural network, and it is shown that the binary classification method we propose in this paper can serve as a premising alternative to the existing methods for bankruptcy prediction.

• Journal of the Korean Data and Information Science Society
• /
• 제7권2호
• /
• pp.219-226
• /
• 1996

Basic objective in cluster analysis is to discover natural groupings of items or variables. In general, variable clustering was conducted based on some similarity measures between variables which have binary characteristics. We propose a variable clustering method when variables have more categories ordered in some sense. We also consider some measures of association as a similarity between variables. Numerical example is included.