Binjuice: Fast Location of Similar Code Fragments Using Semantic Juice
There is a growing need for the comparison of binary executables in application such as threat-detection via malware analysis and copyright infringement. For malware analysis in particular, finding matching binaries involves searching extremely large (e.g., millions) of malware. Additionally, it is important that the comparison algorithms account for changes due to code evolution, changes in compiler optimizations, and post-compile obfuscation. Various technologies have been developed for these purposes; however most suffer from low sensitivity, scalability and robustness. In the current invention, researchers at the University of Louisiana at Lafayette introduce the concept of ‘juice’ – an algebraic generalization of the denotational semantics of a program. The juice captures the essential relations established by a piece of code, independent of choices of registers and literal constants. The juice then serves as a template of the code that is invariant against choices made by compilers or by code obfuscation tools and permits fast-matching of related code.
