结构化比对算法研究及软件实现

doi:10.7523/j.issn.2095-6134.2009.4.017

中国科学院大学学报 ›› 2009, Vol. 26 ›› Issue (4): 549-554.DOI: 10.7523/j.issn.2095-6134.2009.4.017

结构化比对算法研究及软件实现

宋杨, 张玉清

中国科学院研究生院国家计算机网络入侵防范中心，北京 100049

收稿日期:2008-05-28 修回日期:2009-02-20 发布日期:2009-07-15
通讯作者: 宋杨
基金资助:
国家自然科学基金项目(60573048,60773135,90718007)和国家"863"计划项目(2007AA01Z427,2007AA01Z450)资助 

Algorithm for structural comparison and its software implement

SONG Yang, ZHANG Yu-Qing

National Computer Network Intrusion Protection Center, Graduate University of the Chinese Academy of Sciences, Beijing 100049, China

Received:2008-05-28 Revised:2009-02-20 Published:2009-07-15

摘要/Abstract

摘要：

对补丁比对技术中的结构化比对经典算法进行了分析和改进,并在此基础上实现了一个结构化比对工具软件. 与经典算法的区别在于,本文算法通过对签名相似程度的强弱进行量化达到函数配对的目的,从而解决了经典算法中签名一致性和唯一性之间的矛盾问题. 在此基础上,设计并实现了一款结构化比对工具——NBD(NCNIPC binary differ). 实际测试中NBD相对于已有工具软件,在函数配对的准确性方面取得了更好的成绩,从而证明了改进算法的优越性.

关键词: 补丁比对, 安全漏洞, 逆向工程, 结构化比对

Abstract:

Structural comparison is one of the core components of patch comparison. This paper improves the classic algorithm of structural comparison. Compared with the classic algorithm, the improved algorithm calculates the value of similarity between functions. Therefore, the problem of contradiction between the consistency and exclusiveness of signature is solved. Furthermore, a structural comparison tool named as NBD (NCNIPC binary differ), which gets a higher score compared with other popular tools during the exam towards some patches of microsoft, is constructed based on the improved algorithm.

Key words: patches comparison, security vulnerability, reverse engineering, structural comparison

中图分类号:

TP393

宋杨, 张玉清. 结构化比对算法研究及软件实现[J]. 中国科学院大学学报, 2009, 26(4): 549-554.

SONG Yang, ZHANG Yu-Qing. Algorithm for structural comparison and its software implement[J]. , 2009, 26(4): 549-554.

结构化比对算法研究及软件实现

Algorithm for structural comparison and its software implement

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 1

编辑推荐

Metrics

本文评价

访问统计

联系我们