Presentation is loading. Please wait.

Presentation is loading. Please wait.

Detecting software clones in binaries Zaharije Radivojević, Saša Stojanović, Miloš Cvetanović School of Electrical Engineering, Belgrade University 14th.

Published byLeslie Curtis Modified over 9 years ago

Similar presentations

Presentation on theme: "Detecting software clones in binaries Zaharije Radivojević, Saša Stojanović, Miloš Cvetanović School of Electrical Engineering, Belgrade University 14th."— Presentation transcript:

1 Detecting software clones in binaries Zaharije Radivojević, Saša Stojanović, Miloš Cvetanović School of Electrical Engineering, Belgrade University 14th Workshop “Software Engineering Education and Reverse Engineering” Sinaia, Romania 24-30 August 2014

2 14th Workshop SEE and RE 2/16 Agenda Clone detection Binary code clones Metrics approach Conclusions

3 14th Workshop SEE and RE 3/16 Motivation (1) A motivating scenario is to find the reuse of a software library in a source code without an appropriate permission from the owner of the library.

4 14th Workshop SEE and RE 4/16 Code clones Type-1: Identical code (ignoring formatting) Type-2: Syntactically identical fragments (ignoring naming and formatting) Type-3: Copied fragments with further modifications (ignoring some statements, naming and formatting) Type-4: Two or more code fragments that perform the same computation

5 14th Workshop SEE and RE 5/16 Existing tools SimCadCCFinderDeckardACDMoss Supported languages C, C#, Java, Py C/C++, C#, Cobol, Java, VB, Text C, Java, PhpC/C++ C/C++, C#, Cobol, Java, VB, MIPS, Text… Language in experiment CCCCASM Comparison level block, procedure file Clone detection technique text basedtoken basedAST based text based (ASM generated from C) text based Types of detected clones 1, 2, and 3 Source code required not available for commercial product

6 14th Workshop SEE and RE 6/16 Motivation (2) A motivating scenario is to find the reuse of a software library in a commercial product binary without an appropriate permission from the owner of the library. Source code transformed by compiler (what compiler?) ARM architecture

7 14th Workshop SEE and RE 7/16 Approach

8 14th Workshop SEE and RE 8/16 Approach

9 14th Workshop SEE and RE 9/16 Metrics Metric’s description Acronym Value type Measure type Flow type Number of all instructions AINSA- Number of all branches ABNSAC Number of all calls ACNSAC Number of all loops APNSAC Number of all arithmetic instructions AANSAD Number of all logic instructions ALNSAD Number of all data transfer instructions ATNSAD Frequency of all branches ABFSNC Frequency of all calls ACFSNC Frequency of all loops APFSNC Frequency of all arithmetic instructions AAFSND Frequency of all logic instructions ALFSND Frequency of all data transfer instructions ATFSND Number of occurrences for each instruction EINVA- Frequency of occurrences for each instruction EIFVN- Number of occurrences for each target address in branches EBNVAC Frequency of occurrences for each target address in branches EBFVNC Number of occurrences for each target address in calls ECNVAC Frequency of occurrences for each target address in calls ECFVNC

10 14th Workshop SEE and RE 10/16 Filters/Formulas Filters: - No filtering - Adaptive filtering (based on previous knowledge) - Interval filtering Formulas: - Arithmetic mean - Geometric mean - Harmonic mean - Weighted functions (based on previous knowledge)

11 14th Workshop SEE and RE 11/16 Results (STAMP + Busy Box)

12 14th Workshop SEE and RE 12/16 Results (STAMP + Busy Box) Support Vector Machines and K-Nearest neighbors had much lower results!

13 14th Workshop SEE and RE 13/16 Results (STAMP + Busy Box)

14 Configurations with newly introduced metrics achieves up to 1.44 times better recall than configurations that use only metrics from the high level languages. Comparison of the proposed approach with some clone detection tools shows that it achieves a higher recall for an acceptable level of precision. Observing only the first position, for the real world example, the proposed approach achieves recall of 43% and precision of 43% (Busy Box). 14th Workshop SEE and RE 14/16 Conclusion

15 14th Workshop SEE and RE 15/16 Motivation (3) - final A motivating scenario is to find the use of a patent in a commercial product binary without an appropriate permission from the owner of the patent.

16 Thank you! Radivojevic Zaharije

Download ppt "Detecting software clones in binaries Zaharije Radivojević, Saša Stojanović, Miloš Cvetanović School of Electrical Engineering, Belgrade University 14th."

Similar presentations

Copyright © 2003 by Prentice Hall Computers: Tools for an Information Age Chapter 15 Programming and Languages: Telling the Computer What to Do.

Copyright © 2003 by Prentice Hall Computers: Tools for an Information Age Chapter 15 Programming and Languages: Telling the Computer What to Do.
8. Code Generation. Generate executable code for a target machine that is a faithful representation of the semantics of the source code Depends not only.

8. Code Generation. Generate executable code for a target machine that is a faithful representation of the semantics of the source code Depends not only.
CPS3340 COMPUTER ARCHITECTURE Fall Semester, 2013 10/15/2013 Lecture 11: MIPS-Conditional Instructions Instructor: Ashraf Yaseen DEPARTMENT OF MATH & COMPUTER.

CPS3340 COMPUTER ARCHITECTURE Fall Semester, /15/2013 Lecture 11: MIPS-Conditional Instructions Instructor: Ashraf Yaseen DEPARTMENT OF MATH & COMPUTER.
Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Identifying Source.

Software Engineering Laboratory, Department of Computer Science, Graduate School of Information Science and Technology, Osaka University Identifying Source.
Chapter 10 Code Optimization. A main goal is to achieve a better performance Front End Code Gen Intermediate Code source Code target Code user Machine-

Chapter 10 Code Optimization. A main goal is to achieve a better performance Front End Code Gen Intermediate Code source Code target Code user Machine-
Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.

Overview Motivations Basic static and dynamic optimization methods ADAPT Dynamo.
CS0004: Introduction to Programming Introduction to Programming.

CS0004: Introduction to Programming Introduction to Programming.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Reverse Engineering © SERG Code Cloning: Detection, Classification, and Refactoring.

Reverse Engineering © SERG Code Cloning: Detection, Classification, and Refactoring.
Engineering Problem Solving With C++ An Object Based Approach Fundamental Concepts Chapter 1 Engineering Problem Solving.

Engineering Problem Solving With C++ An Object Based Approach Fundamental Concepts Chapter 1 Engineering Problem Solving.
Lecture 2: Do you speak Java?. From Problem to Program Last Lecture we looked at modeling with objects! Steps to solving a business problem –Investigate.

Lecture 2: Do you speak Java?. From Problem to Program Last Lecture we looked at modeling with objects! Steps to solving a business problem –Investigate.
Implementation Of The Discrete Event Simulator Based On Distributed Processing Zaharije Radivojević 1, Ljubomir Samarđić, Miloš Cvetanović 1 1 Elektrotehnički.

Implementation Of The Discrete Event Simulator Based On Distributed Processing Zaharije Radivojević 1, Ljubomir Samarđić, Miloš Cvetanović 1 1 Elektrotehnički.
Computers: Tools for an Information Age

Computers: Tools for an Information Age
Program Flow Charting How to tackle the beginning stage a program design.

Program Flow Charting How to tackle the beginning stage a program design.
The Effect of Data-Reuse Transformations on Multimedia Applications for Different Processing Platforms N. Vassiliadis, A. Chormoviti, N. Kavvadias, S.

The Effect of Data-Reuse Transformations on Multimedia Applications for Different Processing Platforms N. Vassiliadis, A. Chormoviti, N. Kavvadias, S.
Partial Automation of an Integration Reverse Engineering Environment of Binary Code Author : Cristina Cifuentes Reverse Engineering, 1996., Proceedings.

Partial Automation of an Integration Reverse Engineering Environment of Binary Code Author : Cristina Cifuentes Reverse Engineering, 1996., Proceedings.
Lecture 2: Do you speak Java?. From Problem to Program Last Lecture we looked at modeling with objects! Steps to solving a business problem –Investigate.

Lecture 2: Do you speak Java?. From Problem to Program Last Lecture we looked at modeling with objects! Steps to solving a business problem –Investigate.
SMIILE Finaly COBOL! and what else is new Gordana Rakić, Zoran Budimac.

SMIILE Finaly COBOL! and what else is new Gordana Rakić, Zoran Budimac.
Implementation of Distributed Air Traffic Control Simulator Ranko Radovanović, Miloš Cvetanović, Zaharije Radivojević School of Electrical Engineering,

Implementation of Distributed Air Traffic Control Simulator Ranko Radovanović, Miloš Cvetanović, Zaharije Radivojević School of Electrical Engineering,
1CMSC 345, Version 4/04 Verification and Validation Reference: Software Engineering, Ian Sommerville, 6th edition, Chapter 19.

1CMSC 345, Version 4/04 Verification and Validation Reference: Software Engineering, Ian Sommerville, 6th edition, Chapter 19.

Similar presentations

Ads by Google