A Static Birthmark for MS Windows Applications Using Import Address Table

Choi, Jongcheon; Han, Yongman; Cho, Seong-Je; Yoo, Hoon; Woo, Jinwoon; Park, Minkyu; Song, Young-Gyun; Chung, Lawrence

doi:10.1109/imis.2013.159

Cited by 15 publications

(8 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A static birthmark is extracted from the information stored in an executable file. Choi [46] developed a statistical method by calculating the distribution of IAT and imported DLL names as a birthmark for program identification. The k-gram birthmark [47] divides n instructions into sequences of length k and uses them as the birthmark [48].…”

Section: B Binary Code Similaritymentioning

confidence: 99%

“…To support dynamic address mapping, both IAT and EAT map the code bodies of functions into a lookup table with their addresses and function names. Although the code addresses of these functions may change for newly compiled executable files, their function names usually remain unchanged throughout different versions [46]. Therefore, we collect historical IATs and EATs from crossversion executable files to generate software birthmarks because of their consistency and commonality in executable files.…”

Section: Idea and Frameworkmentioning

confidence: 99%

See 1 more Smart Citation

Version-Wide Software Birthmark via Machine Learning

Chung

Wang

2021

IEEE Access

View full text Add to dashboard Cite

Identifying the credibility of executable files is critical for the security of an operating system. Modern operating systems rely on code signing for executable files to identify their publishers. Because code signing uses a default-valid trust model, a malware could pass software validation of operating systems and security software by using counterfeit code-signing certificates. Although the counterfeit certificates can be revoked by CAs, the previous research showed that the revocation delay takes as long as 5.6 months. In this paper, we attempt to identify the credibility of software with multiple-version executable files without relying on public key infrastructure (PKI). Because a new-version executable file is usually developed incrementally based on the previous versions, the sharing features among different versions can be extracted for identifying the software. Accordingly, we present a software-birthmark scheme to serve our purpose. Our scheme generates a cross-version software birthmark for executable files of the same software. The proposed software birthmark is a binary-classification model of a machine learning algorithm based on imported and exported function names extracted from different-version executable files. To evaluate the performance of version-wide software birthmarks, our experiments include 138 versions of Windows kernel32.dll and 545 versions of firefox.exe. We also use multiple machine learning algorithms for performance comparisons. The results show that proposed software birthmark can effectively identify the derivations of these executable files. The proposed software birthmark can be used by operating systems or security software to evaluate the credibility of executable files with suspicious certificates.

show abstract

Section: B Binary Code Similaritymentioning

confidence: 99%

Section: Idea and Frameworkmentioning

confidence: 99%

Version-Wide Software Birthmark via Machine Learning

Chung

Wang

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In [3], many analytical techniques have been proposed regarding software development to detect software piracy. Software badge is a unique feature that can be used to identify the application.…”

Section: Related Workmentioning

confidence: 99%

Examining Software Intellectual Property Rights

Sargolzaei¹,

Keikha²

2017

ijacsa

View full text Add to dashboard Cite

Abstract-Intellectual property rights (IPR) of computer software is the right to assign the software to its creator, not limited to time and space, and non-transferable. Proving IPR of the creators of computer software requires a rigorous review of the ways in which these rights may be violated. The present study was conducted by comparing two populations in Iran with the aim of identifying the level of familiarity and observance of software IPR: 1) 96 software engineers member of IEEE Association and 2) 386 students randomly. Results are analyzed by SPSS software and the validity of the results is verified using T-test. By comparing the results, it was concluded that the first population significantly observed these cases more. Then a model was presented for protecting software IPR so that the challenges are reduced. This research is the completion of our previous work that was discussed as a future work.

show abstract

“…As another technique, many software birthmarking techniques [7,8,9,10,11] have been proposed for detecting software theft, piracy, or plagiarism. A software birthmark is an inherent characteristic that a program uniquely possesses, which can be used to identify the program.…”

Section: Background and Related Workmentioning

confidence: 99%

“…In this paper, we propose a novel software asset management technique based on software birthmark, which can reduce software piracy, enhance operational performance, and avoid unnecessary legal, financial, and security risks. A software birthmark is a unique characteristic, or the invariable features, that a program possesses and which can be used to identify each program [7,8,9,10,11]. The general idea is that if two programs both have the same birthmark, then it is highly likely that one is a copy of the other.…”

Section: Introductionmentioning

confidence: 99%

A birthmark-based method for intellectual software asset management

Kim

Moon

Cho

et al. 2014

Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication

Self Cite

View full text Add to dashboard Cite

The software industry has been increasingly aware of the need to employ copyright protection techniques against software piracy or illegal distribution. Recently, as the value of software as intellectual property grows, so does the rate of global software piracy. Software piracy is a real threat to software industry. Moreover, Pirated software is more vulnerable to attacks since such software is less likely to be supported with critical security patches and updates. In this paper, we propose a birthmark-based software asset management technique to keep track of the lists and licenses of software assets (on desktop computers, servers, and intranet network components), and then assure the legal use and regular inspection of software assets. A software birthmark is the inherent and unique program characteristics that can identify a program. Using software birthmark, we investigate what kinds of software are installed on the system, whether software is purchased from a vendor or pirated, etc. The proposed technique can (1) control copyright infringement of software and protect software intellectual property based on software birthmark, (2) reduce cyber vulnerability by letting employees use legal software, and (3) reduce the software management cost of organizations.

show abstract

A Static Birthmark for MS Windows Applications Using Import Address Table

Cited by 15 publications

References 3 publications

Version-Wide Software Birthmark via Machine Learning

Version-Wide Software Birthmark via Machine Learning

Examining Software Intellectual Property Rights

A birthmark-based method for intellectual software asset management

Contact Info

Product

Resources

About