Skip to Main content Skip to Navigation
New interface
Conference papers

RouAlign: Cross-Version Function Alignment and Routine Recovery with Graphlet Edge Embedding

Abstract : Reverse engineering is labor-intensive work to understand the inner implementation of a program, and is necessary for malware analysis, vulnerability hunting, etc. Cross-version function identification and subroutine matching would greatly release manpower by indicating the known parts coming from different binary programs. Existing approaches mainly focus on function recognition ignoring the recovery of the relationships between functions, which makes the researchers hard to locate the calling routine they are interested in.In this paper, we propose a method using graphlet edge embedding to abstract high-level topology features of function call graphs and recover the relationships between functions. With the recovery of function relationships, we reconstruct the calling routine of the program and then infer the specific functions in it. We implement a prototype model called RouAlign, which can automatically align the trunk routine of assembly codes. We evaluated RouAlign on 65 groups of real-world programs, with over two million functions. RouAlign outperforms state-of-the-art binary comparing solutions by over 35% with a high precision of 92% on average in pairwise function recognition.
Document type :
Conference papers
Complete list of metadata
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, November 22, 2021 - 3:33:26 PM
Last modification on : Monday, November 22, 2021 - 4:37:41 PM
Long-term archiving on: : Wednesday, February 23, 2022 - 7:59:04 PM


 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2023-01-01

Please log in to resquest access to the document


Distributed under a Creative Commons Attribution 4.0 International License




Can Yang, Jian Liu, Mengxia Luo, Xiaorui Gong, Baoxu Liu. RouAlign: Cross-Version Function Alignment and Routine Recovery with Graphlet Edge Embedding. 35th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Sep 2020, Maribor, Slovenia. pp.155-170, ⟨10.1007/978-3-030-58201-2_11⟩. ⟨hal-03440839⟩



Record views