A Static Birthmark of Binary Executables Based on API Call Structure

Choi, Seokwoo; Park, Heewan; Lim, Hyeong-Seok; Han, Tian

doi:10.1007/978-3-540-76929-3_2

Cited by 26 publications

(26 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Choi et al suggested a static API birthmark for Windows [17]. Their static API birthmark is a set of possible API calls which is extracted statically by analyzing disassembled code.…”

Section: B Experimental Resultsmentioning

confidence: 99%

Detecting code theft via a static instruction trace birthmark for Java methods

Park

Choi

Lim

et al. 2008

2008 6th IEEE International Conference on Industrial Informatics

Self Cite

View full text Add to dashboard Cite

Abstract-A software birthmark is an inherent program characteristic that can identify a program. In this paper, we propose a static instruction trace birthmark to detect code theft of Java methods. Because the static instruction traces can reflect the algorithmic structure of a program, our birthmark can be used to detect algorithm theft which existing static birthmarks cannot handle. Because the static instruction traces are extracted by static analyses, they can be applied to library programs which previous dynamic birthmarks could not. We evaluate the proposed birthmark with respect to two criteria: credibility and resilience. Experimental result shows that our birthmark is more resilient than and at least as credible as the existing Java birthmarks.

show abstract

“…Choi et al suggested a static API birthmark for Windows [17]. Their static API birthmark is a set of possible API calls which is extracted statically by analyzing disassembled code.…”

Section: B Experimental Resultsmentioning

confidence: 99%

Detecting code theft via a static instruction trace birthmark for Java methods

Park

Choi

Lim

et al. 2008

2008 6th IEEE International Conference on Industrial Informatics

Self Cite

View full text Add to dashboard Cite

show abstract

“…Software birthmarks can be classified into static and dynamic birthmarks [2][3][4][5][6][7][8][9][10][11][12][13]. Static birthmarks rely on syntactic structure of a program, and are extracted from it without its execution.…”

Section: A Software Birthmarks (Features Of Programs)mentioning

confidence: 99%

“…Software birthmark is an intrinsic feature of a program that can be used to identify the program and prove software plagiarism [2,3,4,5,7,9,10,11,12,13,15]. A birthmark can detect software theft by comparing the native characteristics of programs.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Feature Extraction Techniques to Detect the Theft of Windows Applications

Choi

Han

Cho

et al. 2013

2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing

View full text Add to dashboard Cite

As software industry has been grown, it occurs more frequently to illegally copy software or to steal the core modules of a program. In order to detect program plagiarism, similarity analysis of suspicious programs based on source codes is one of accurate methods. However, the source codes are not always available. Therefore, it is necessary to analyze and determine software piracy or theft with only binary executables that are release versions of their products. In this paper, we propose a method to extract the feature information from the binary codes of the executable files on MS Windows systems in order to determine whether software is pirated or core modules of a program are stolen. We perform a small experiment to detect program similarity and plagiarism by comparing the statically extracted features of target programs.

show abstract

“…In addition, compilers that create byte code such as JAVA can extract relatively more accurate static birthmark compared to binary execution file, but it is difficult to extract by accurately analyzing code since accurate distinction between code and data is not possible with binary execution file. That's why dynamic birthmark method has been studied to extract birthmark in executed state of program [5], [6], [8], [9].…”

Section: Introductionmentioning

confidence: 99%

An Efficient Categorization of the Instructions Based on Binary Excutables for Dynamic Software Birthmark

Lee¹,

Choi²,

Jung³

et al. 2015

IJIET

View full text Add to dashboard Cite

Abstract-Software birthmark is a unique characteristic of program extracted from a program without source code. Through the comparison of original program and modified program, code similarity can be measured. Furthermore, birthmark can be used to measure the similarity of existing program to detect code theft or malware. Software birthmark can be mainly divided into static method and dynamic method. In the related works using dynamic method, birthmark was extracted by using API function name, call frequency, grammar structure, opcode, etc. If birthmark is extracted through API function name or call frequency, resilience can be increased but it could cause false-positive in similarity. In addition, extraction method using grammar structure or opcode could increase similarity but it decreases resilience, thereby causing different extraction result even for program with same structure. This paper proposes a method that can simultaneously satisfy resilience and uniqueness by reflecting unique characteristics while maintaining the meaning of instruction through the categorization according to instruction function and the removal of consecutive duplication for dynamic software birthmark, which will also be verified through experiment.Index Terms-Dynamic software birthmark, code theft detection, information security, dynamic analysis.

show abstract

A Static Birthmark of Binary Executables Based on API Call Structure

Cited by 26 publications

References 16 publications

Detecting code theft via a static instruction trace birthmark for Java methods

Detecting code theft via a static instruction trace birthmark for Java methods

A Survey of Feature Extraction Techniques to Detect the Theft of Windows Applications

An Efficient Categorization of the Instructions Based on Binary Excutables for Dynamic Software Birthmark

Contact Info

Product

Resources

About