Binary function similarity detection plays an important role in a wide range of security applications. Existing works usually assume that the query function and target function share equal semantics and compare their full semantics to obtain the similarity. However, we find that the function mapping is more complex, especially when function inlining happens. In this paper, we will systematically investigate cross-inlining binary function similarity detection. We first construct a cross-inlining dataset by compiling 51 projects using 9 compilers, with 4 optimizations, to 6 architectures, with 2 inlining flags, which results in two datasets both with 216 combinations. Then we construct the cross-inlining function mappings by linking the common source functions in these two datasets. Through analysis of this dataset, we find that three cross-inlining patterns widely exist while existing work suffers when detecting cross-inlining binary function similarity. Next, we propose a pattern-based model named CI-Detector for cross-inlining matching. CI-Detector uses the attributed CFG to represent the semantics of binary functions and GNN to embed binary functions into vectors. CI-Detector respectively trains a model for these three cross-inlining patterns. Finally, the testing pairs are input to these three models and all the produced similarities are aggregated to produce the final similarity. We conduct several experiments to evaluate CI-Detector. Results show that CI-Detector can detect cross-inlining pairs with a precision of 81% and a recall of 97%, which exceeds all state-of-the-art works.

翻译：二进制函数相似性检测在众多安全应用中扮演着重要角色。现有工作通常假设查询函数与目标函数具有相同语义，并通过比较其完整语义来获取相似度。然而，我们发现当发生函数内联时，函数映射关系更为复杂。本文系统性地研究了跨内联二进制函数的相似性检测问题。我们首先通过使用9种编译器、4种优化选项，将51个项目编译到6种架构并配合2种内联标志，构建了包含216种组合的两个跨内联数据集。随后通过关联这两个数据集的共同源函数，建立了跨内联函数映射关系。通过数据集分析，我们发现存在三种普遍存在的跨内联模式，而现有方法在检测跨内联二进制函数相似性时表现不佳。为此，我们提出基于模式的模型CI-Detector用于跨内联匹配。CI-Detector采用属性控制流图表示二进制函数语义，并利用图神经网络将二进制函数嵌入为向量。该模型针对三种跨内联模式分别进行训练。最后将待检测对输入这三个模型，通过聚合所有生成的相似度得到最终相似性。我们通过多项实验评估CI-Detector，结果表明其检测跨内联对的精确率达81%，召回率达97%，超越了所有现有最优方法。