PE file similarity comparison method based on derived function

The invention relates to a PE file similarity comparison method based on an export function, and belongs to the technical field of software binary code traceability analysis. According to the comparison method, PE file similarity comparison and similarity calculation are completed through PE file an...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	LI HAOYU, YANG BO, JIA ZHANGTAO, SHAO SA, GAO YANKUN, TAO JINLONG
Format:	Patent
Sprache:	chi ; eng
Schlagworte:	CALCULATING COMPUTING COUNTING ELECTRIC DIGITAL DATA PROCESSING PHYSICS
Online-Zugang:	Volltext bestellen
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue
container_start_page
container_title
container_volume
creator	LI HAOYU YANG BO JIA ZHANGTAO SHAO SA GAO YANKUN TAO JINLONG
description	The invention relates to a PE file similarity comparison method based on an export function, and belongs to the technical field of software binary code traceability analysis. According to the comparison method, PE file similarity comparison and similarity calculation are completed through PE file analysis, extraction and comparison of PE file'export functions'. The method mainly provides technical means for traceability of PE format binary files such as an executable program, a dynamic link library and an ActiveX control in a Windows operating system, and has good robustness and relatively high accuracy and usability. 本发明涉及一种基于导出函数的PE文件相似性比对方法，属于软件二进制代码溯源分析技术领域。该比对方法通过PE文件解析，提取并比对PE文件"导出函数"，完成了PE文件相似性比对和相似度计算。该方法主要是为Windows操作系统下可执行程序、动态链接库、ActiveX控件等PE格式二进制文件溯源提供技术手段，具有良好的鲁棒性、较高的准确性和可用性。
format	Patent
fullrecord	<record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_CN114860244A</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>CN114860244A</sourcerecordid><originalsourceid>FETCH-epo_espacenet_CN114860244A3</originalsourceid><addsrcrecordid>eNrjZLALcFVIy8xJVSjOzM3MSSzKLKlUSM7PLQCyivPzFHJTSzLyUxSSEotTUxSA_JTUoswyIDOtNC-5JDM_j4eBNS0xpziVF0pzMyi6uYY4e-imFuTHpxYXJCan5qWWxDv7GRqaWJgZGJmYOBoTowYASscwfg</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>PE file similarity comparison method based on derived function</title><source>esp@cenet</source><creator>LI HAOYU ; YANG BO ; JIA ZHANGTAO ; SHAO SA ; GAO YANKUN ; TAO JINLONG</creator><creatorcontrib>LI HAOYU ; YANG BO ; JIA ZHANGTAO ; SHAO SA ; GAO YANKUN ; TAO JINLONG</creatorcontrib><description>The invention relates to a PE file similarity comparison method based on an export function, and belongs to the technical field of software binary code traceability analysis. According to the comparison method, PE file similarity comparison and similarity calculation are completed through PE file analysis, extraction and comparison of PE file'export functions'. The method mainly provides technical means for traceability of PE format binary files such as an executable program, a dynamic link library and an ActiveX control in a Windows operating system, and has good robustness and relatively high accuracy and usability. 本发明涉及一种基于导出函数的PE文件相似性比对方法，属于软件二进制代码溯源分析技术领域。该比对方法通过PE文件解析，提取并比对PE文件"导出函数"，完成了PE文件相似性比对和相似度计算。该方法主要是为Windows操作系统下可执行程序、动态链接库、ActiveX控件等PE格式二进制文件溯源提供技术手段，具有良好的鲁棒性、较高的准确性和可用性。</description><language>chi ; eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC DIGITAL DATA PROCESSING ; PHYSICS</subject><creationdate>2022</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20220805&DB=EPODOC&CC=CN&NR=114860244A$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20220805&DB=EPODOC&CC=CN&NR=114860244A$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>LI HAOYU</creatorcontrib><creatorcontrib>YANG BO</creatorcontrib><creatorcontrib>JIA ZHANGTAO</creatorcontrib><creatorcontrib>SHAO SA</creatorcontrib><creatorcontrib>GAO YANKUN</creatorcontrib><creatorcontrib>TAO JINLONG</creatorcontrib><title>PE file similarity comparison method based on derived function</title><description>The invention relates to a PE file similarity comparison method based on an export function, and belongs to the technical field of software binary code traceability analysis. According to the comparison method, PE file similarity comparison and similarity calculation are completed through PE file analysis, extraction and comparison of PE file'export functions'. The method mainly provides technical means for traceability of PE format binary files such as an executable program, a dynamic link library and an ActiveX control in a Windows operating system, and has good robustness and relatively high accuracy and usability. 本发明涉及一种基于导出函数的PE文件相似性比对方法，属于软件二进制代码溯源分析技术领域。该比对方法通过PE文件解析，提取并比对PE文件"导出函数"，完成了PE文件相似性比对和相似度计算。该方法主要是为Windows操作系统下可执行程序、动态链接库、ActiveX控件等PE格式二进制文件溯源提供技术手段，具有良好的鲁棒性、较高的准确性和可用性。</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>PHYSICS</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2022</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZLALcFVIy8xJVSjOzM3MSSzKLKlUSM7PLQCyivPzFHJTSzLyUxSSEotTUxSA_JTUoswyIDOtNC-5JDM_j4eBNS0xpziVF0pzMyi6uYY4e-imFuTHpxYXJCan5qWWxDv7GRqaWJgZGJmYOBoTowYASscwfg</recordid><startdate>20220805</startdate><enddate>20220805</enddate><creator>LI HAOYU</creator><creator>YANG BO</creator><creator>JIA ZHANGTAO</creator><creator>SHAO SA</creator><creator>GAO YANKUN</creator><creator>TAO JINLONG</creator><scope>EVB</scope></search><sort><creationdate>20220805</creationdate><title>PE file similarity comparison method based on derived function</title><author>LI HAOYU ; YANG BO ; JIA ZHANGTAO ; SHAO SA ; GAO YANKUN ; TAO JINLONG</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_CN114860244A3</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>chi ; eng</language><creationdate>2022</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>PHYSICS</topic><toplevel>online_resources</toplevel><creatorcontrib>LI HAOYU</creatorcontrib><creatorcontrib>YANG BO</creatorcontrib><creatorcontrib>JIA ZHANGTAO</creatorcontrib><creatorcontrib>SHAO SA</creatorcontrib><creatorcontrib>GAO YANKUN</creatorcontrib><creatorcontrib>TAO JINLONG</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>LI HAOYU</au><au>YANG BO</au><au>JIA ZHANGTAO</au><au>SHAO SA</au><au>GAO YANKUN</au><au>TAO JINLONG</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>PE file similarity comparison method based on derived function</title><date>2022-08-05</date><risdate>2022</risdate><abstract>The invention relates to a PE file similarity comparison method based on an export function, and belongs to the technical field of software binary code traceability analysis. According to the comparison method, PE file similarity comparison and similarity calculation are completed through PE file analysis, extraction and comparison of PE file'export functions'. The method mainly provides technical means for traceability of PE format binary files such as an executable program, a dynamic link library and an ActiveX control in a Windows operating system, and has good robustness and relatively high accuracy and usability. 本发明涉及一种基于导出函数的PE文件相似性比对方法，属于软件二进制代码溯源分析技术领域。该比对方法通过PE文件解析，提取并比对PE文件"导出函数"，完成了PE文件相似性比对和相似度计算。该方法主要是为Windows操作系统下可执行程序、动态链接库、ActiveX控件等PE格式二进制文件溯源提供技术手段，具有良好的鲁棒性、较高的准确性和可用性。</abstract><oa>free_for_read</oa></addata></record>
fulltext	fulltext_linktorsrc
identifier
ispartof
issn
language	chi ; eng
recordid	cdi_epo_espacenet_CN114860244A
source	esp@cenet
subjects	CALCULATING COMPUTING COUNTING ELECTRIC DIGITAL DATA PROCESSING PHYSICS
title	PE file similarity comparison method based on derived function
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-22T22%3A55%3A09IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=LI%20HAOYU&rft.date=2022-08-05&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3ECN114860244A%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true