The ability to compute similarity scores of binary code at the function level is essential for cyber security. A single binary file can contain tens of thousands of functions. A deployable learning framework for cybersecurity applications needs to work not only accurately but also efficiently with large amounts of data. Traditional methods suffer from two drawbacks. First, it is very difficult to annotate different pairs of functions with accurate labels. These supervised learning methods can easily be overtrained with inaccurate labels. The second is that they either use the pre-trained encoder or use the fine-grained graph comparison. However, these methods have shortcomings in terms of time or memory consumption. We focus on large-scale Binary Code Similarity Detection (BCSD) and to mitigate the traditional problems, we propose GraphMoco: a graph momentum contrast model that uses multimodal structure information for large-scale binary function representation learning. We take an unsupervised learning approach and make full use of the structural information in the binary code. It does not require manually labelled similar or dissimilar information. Our models perform efficiently on large amounts of training data. Our experimental results show that our method outperforms the state-of-the-art in terms of accuracy.

翻译：摘要：在函数级别上计算二进制代码相似度得分的能力对于网络安全至关重要。单个二进制文件可能包含数万个函数。一个可用于网络安全应用的可部署学习框架，不仅需要精确工作，还需高效处理大量数据。传统方法存在两个缺点。首先，为不同函数对标注精确标签极为困难。这些监督学习方法容易因标签不准确而过度训练。其次，它们要么使用预训练编码器，要么采用细粒度图比较。然而，这些方法在时间或内存消耗方面存在不足。我们聚焦于大规模二进制代码相似性检测（BCSD），为缓解传统问题，提出GraphMoco：一种利用多模态结构信息进行大规模二进制函数表示学习的图动量对比模型。我们采用无监督学习方法，充分利用二进制代码中的结构信息。它不需要人工标注相似或相异信息。我们的模型在大量训练数据上高效运行。实验结果表明，我们的方法在准确性上超越了当前最先进技术。