Browse > Article

A Functional Unit Dynamic API Birthmark for Windows Programs Code Theft Detection  

Choi, Seok-Woo (KAIST 전산학과)
Cho, Woo-Young (티맥스코어 R&D Center Core 본부)
Han, Tai-Sook (KAIST 전산학과)
Publication Information
Journal of KIISE:Software and Applications / v.36, no.9, 2009 , pp. 767-776 More about this Journal
Abstract
A software birthmark is a set of characteristics that are extracted from a program itself to detect code theft. A dynamic API birthmark is extracted from the run-time API call sequences of a program. The dynamic Windows API birthmarks of Tamada et al. are extracted from API call sequences during the startup period of a program. Therefore. the dynamic birthmarks cannot reflect characteristics of main functions of the program. In this paper. we propose a functional unit birthmark(FDAPI) that is defined as API call sequences recorded during the execution of essential functions of a program. To find out that some functional units of a program are copied from an original program. two FDAPIs are extracted by executing the programs with the same input. The FDAPIs are compared using the semi-global alignment algorithm to compute a similarity between two programs. Programs with the same functionality are compared to show credibility of our birthmark. Binary executables that are compiled differently from the same source code are compared to prove resilience of our birthmark. The experimental result shows that our birthmark can detect module theft of software. to which the existing birthmarks of Tamada et al. cannot be applied.
Keywords
software birthmark; code theft detection; dynamic program analysis; data mining;
Citations & Related Records
연도 인용수 순위
  • Reference
1 H. Tamada, K. Okamoto, M. Nakamura, A. Monden, and K. Matsumoto, 'Dynamic software birthmarks to detect the theft of windows applications,' Proc. International Symposium on Future Software Technology, pp.20-22, 2004
2 Heewan Park, Seokwoo Choi, Hyun-il Lim, and Taisook Han, 'Detecting Java Theft Based on Static API Trace Birthmark,' Third International Workshop on Security (IWSEC 2008), LNCS 5312-0121, November 25-27, 2008
3 Ginger Myles and Christian S. Collberg, Detecting software theft via whole program path birthmarks, In Proc. of the 7th Int. Conf. on Information Security, vol.3225 of LNCS, Springer, pp.404-415, 2004
4 G. Hunt and D. Brubacher, 'Detours: Binary interception of Win32 functions,' Proceedings of the 3rd USENIX Windows NT Symposium, pp. 135-143, 1999
5 C. Linn and S. Debray, 'Obfuscation of executable code to improve resistance to static disassembly,' in Proceedings of the 10th ACM conference on Computer and communications security, pp.290-299, 2003   DOI
6 D. Schuler, V. Dallmeier, and C. Lindig, 'A Dynamic Birthmark for Java,' in Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering, 2007
7 G. Myles and C. S. Collberg, 'Software theft detection through program identification,' PhD. thesis. University of Arizona, 2006
8 H. Tamada, M. Nakamura, A. Monden, and K. I. Matsumoto, 'Java Birthmarks-Detecting the Software Theft,' IEICE Transactions on Information and Systems, pp.2148-2158, 2005
9 G. Myles and C. Collberg, 'K-gram based software birthmarks,' Proceedings of the 2005 ACM symposium on Applied computing (SAC'05), 2005
10 Hyun-il Lim, Heewan Park, Seokwoo Choi, and Taisook Han, 'Detecting Theft of Java Applications via a Static Birthmark Based on Weighted Stack Patterns,' IEICE Trans. On Information and Systems, vol.91, no.9, September 2008
11 C. S. Collberg and C. Thomborson, 'Watermarking, tamper-proofing, and obfuscation-tools for software protection,' IEEE Transactions on software engineering, vol.28, pp.735-746, 2002   DOI   ScienceOn
12 C. Wang, 'A security architecture for survivability mechanisms,' PhD thesis. University of Virginia, 2000
13 S. Choi, H. Park, H. Lim, and T. Han, 'A static birthmark of binary executables based on API call structure,' Lecture Notes in Computer Science, vol.4846, pp.2-16, 2007   DOI   ScienceOn