A Semantics-Based Approach on Binary Function Similarity Detection

As a fundamental component of Internet of Things (IoT) devices, firmware plays an essential role. Nowadays, the development of IoT firmware relies extensively on third-party components and substantially enhances development efficiency. However, these components are not inherently secure, and their vulnerabilities can adversely affect the security of IoT firmware. Existing research adopts binary code similarity analysis to detect known vulnerabilities in firmware. However, it encounters significant challenges, primarily in extracting function features from the limited semantic information within binary code. Another challenge is the need for real-world datasets to assess the model’s performance in practical scenarios, such as firmware supply chain analysis. We present a detection model named PDG2VEC based on Program Dependence Graphs (PDGs) to tackle these challenges. PDG2VEC extracts function features at the variable level on PDG and assesses function similarity by evaluating whether two functions can represent each other. We conducted evaluations using three datasets, including one we created to simulate a firmware supply chain scenario. The experimental results demonstrate that PDG2VEC exhibits resilience to cross-architecture challenges and captures more precise semantics than other approaches. Furthermore, PDG2VEC outperforms state-of-the-art tools in the supply chain analysis scenario, with a 16% higher AUC value average against baseline approaches.