Multi-firmware comparison techniques can improve efficiency when auditing firmwares in bulk.How-ever,the problem of matching functions between multiple firmwares has not been studied before.This paper proposes a multi...Multi-firmware comparison techniques can improve efficiency when auditing firmwares in bulk.How-ever,the problem of matching functions between multiple firmwares has not been studied before.This paper proposes a multi-firmware comparison method based on evolutionary algorithms and trusted base points.We first model the multi-firmware comparison as a multi-sequence matching problem.Then,we propose an adaptation function and a population generation method based on trusted base points.Finally,we apply an evolutionary algorithm to find the optimal result.At the same time,we design the similarity of matching results as an evaluation metric to measure the effect of multi-firmware comparison.The experiments show that the proposed method outperforms Bindiff and the string-based method.Precisely,the similarity between the matching results of the proposed method and Bindiff matching results is 61%,and the similarity between the matching results of the proposed method and the string-based method is 62.8%.By sampling and manual verification,the accuracy of the matching results of the proposed method can be about 66.4%.展开更多
文摘Multi-firmware comparison techniques can improve efficiency when auditing firmwares in bulk.How-ever,the problem of matching functions between multiple firmwares has not been studied before.This paper proposes a multi-firmware comparison method based on evolutionary algorithms and trusted base points.We first model the multi-firmware comparison as a multi-sequence matching problem.Then,we propose an adaptation function and a population generation method based on trusted base points.Finally,we apply an evolutionary algorithm to find the optimal result.At the same time,we design the similarity of matching results as an evaluation metric to measure the effect of multi-firmware comparison.The experiments show that the proposed method outperforms Bindiff and the string-based method.Precisely,the similarity between the matching results of the proposed method and Bindiff matching results is 61%,and the similarity between the matching results of the proposed method and the string-based method is 62.8%.By sampling and manual verification,the accuracy of the matching results of the proposed method can be about 66.4%.
