<p>Determining whether a binary contains a security patch is a critical task in vulnerability analysis. Existing approaches mainly rely on structural similarity of patch features, which limits their ability to identify semantically equivalent but syntactically different binary generated under different compilers and optimization settings. In addition, analyzing binaries at the function level often introduces noise from vendor-added extension code, which increases the false positives. To address these challenges, a semantic-aware patch presence test approach that focus on the control paths affected by the patch is proposed, named Patch presence test via Semantic Normalization and Key Path Extraction (PPTSP). The method first maps semantically equivalent instruction sequences to a unified representation, enhancing feature consistency across different compilation architectures. Then, it identifies the control paths affected by the patch to eliminate interference from irrelevant execution paths during feature extraction. Finally, when features are structurally similar, a large language model (LLM) is leveraged to analyze their semantic equivalence, further enhancing detection accuracy. Experiments demonstrate that PPTSP outperforms current state-of-the-art methods, even under different compiler and optimization level settings.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

PPTSP: patch presence test via semantic normalization and key path extraction

  • Chengke Xu,
  • Senlin Luo,
  • Xueming Duan,
  • Limin Pan

摘要

Determining whether a binary contains a security patch is a critical task in vulnerability analysis. Existing approaches mainly rely on structural similarity of patch features, which limits their ability to identify semantically equivalent but syntactically different binary generated under different compilers and optimization settings. In addition, analyzing binaries at the function level often introduces noise from vendor-added extension code, which increases the false positives. To address these challenges, a semantic-aware patch presence test approach that focus on the control paths affected by the patch is proposed, named Patch presence test via Semantic Normalization and Key Path Extraction (PPTSP). The method first maps semantically equivalent instruction sequences to a unified representation, enhancing feature consistency across different compilation architectures. Then, it identifies the control paths affected by the patch to eliminate interference from irrelevant execution paths during feature extraction. Finally, when features are structurally similar, a large language model (LLM) is leveraged to analyze their semantic equivalence, further enhancing detection accuracy. Experiments demonstrate that PPTSP outperforms current state-of-the-art methods, even under different compiler and optimization level settings.