Systems and methods for detecting copied computer code using fingerprints

摘要

Systems and methods of detecting copying of computer code or portions of computer code involve generating unique fingerprints from compiled computer binaries. The unique fingerprints are simplified representations of the compiled computer binaries and are compared with each other to identify similarities between the compiled computer binaries. Copying can be detected when there are sufficient similarities between at least portions of two compiled computer binaries.

主权项

1. A method comprising:
receiving, by a computer, a first compiled computer binary; disassembling, by the computer, the first complied computer binary into a form independent of programming language, operating system and architecture for which the first compiled computer binary was written; generating, by the computer, a first fingerprint of the first compiled computer binary using the disassembled first compiled computer binary; receiving, by the computer, a second compiled computer binary; generating, by the computer, a second fingerprint of the second compiled computer binary; comparing, by the computer, the first fingerprint of the first compiled computer binary with the second fingerprint of the second compiled computer binary; and determining, by the computer, whether at least some of the first compiled computer binary is present in the second compiled computer binary based on the comparison, wherein the generation of the first fingerprint of the first compiled computer binary comprises
generating, by the computer, a call graph using the disassembled first compiled computer binary, wherein the call graph describes relationships between functions and sub-functions in the disassembled first compiled computer binary;generating, by the computer, a control flow graph for each of a plurality of functions in the call graph, wherein the control flow graph describes all possible paths that may be traversed during execution of each of the plurality of functions in the call graph;selecting, by the computer, one of the plurality of functions;calculating, by the computer for the selected one of the plurality of functions, a leading Eigenvector of an adjacency matrix of the selected function's control flow graph;generating, by the computer for the selected one of the plurality of functions, an edge-connected path starting from a node corresponding to a largest element in the leading Eigenvector of the adjacency matrix and appending connected nodes corresponding to successively smaller elements of the leading Eigenvector; andcalculating, by the computer for the selected one of the plurality of functions, unique spectra of the control flow graph for the selected function using the generated edge-connected path.