Unleashing the power of pseudo-code for binary code similarity analysis

Abstract Code similarity analysis has become more popular due to its significant applicantions, including vulnerability detection, malware and patch analysis. Since the source code of software is difficult obtain under most circumstances, binary-level (BCSA) been paid much attention to. In recent years, many BCSA studies incorporating AI techniques focus on deriving semantic information from binary functions with representations such as assembly code, intermediate representations, control flow graphs measure similarity. However, impacts different compilers, architectures, obfuscations, binaries compiled same may vary considerably, which becomes major obstacle for these works robust features. this paper, we propose a solution, named UPPC (Unleashing Power Pseudo-code), leverages pseudo-code function input, address challenge, since higher abstraction platform-independent compared instructions. selectively inlines capture full semantics across compiler optimization levels uses deep pyramidal convolutional neural network embedding function. We evaluated data set containing vulnerabilities architectures (X86, ARM), options (O0-O3), compilers (GCC, Clang), four obfuscation strategies. The experimental results show that accuracy in search 33.2% than existing methods.