Yongman Han scite author profile

Yongman Han

4Publications

23Citation Statements Received

78Citation Statements Given

How they've been cited

How they cite others

Affiliations

Dankook University

Publications

Order By: Most citations

A new detection scheme of software copyright infringement using software birthmark on windows systems

et al. 2014

View full text Add to dashboard Cite

As software is getting more valuable, unauthorized users or malicious programmers illegally copies and distributes copyrighted software over online service provider (OSP) and P2P networks. To detect, block, and remove pirated software (illegal programs) on OSP and P2P networks, this paper proposes a new filtering approach using software birthmark, which is unique characteristics of program and can be used to identify each program. Software birthmark typically includes constant values, library information, sequence of function calls, and call graphs, etc. We target Microsoft Windows applications and utilize the numbers and names of DLLs and APIs stored in a Windows executable file. Using that information and each cryptographic hash value of the API sequence of programs, we construct software birthmark database. Whenever a program is uploaded or downloaded on OSP and P2P networks, we can identify the program by comparing software birthmark of the program with birthmarks in the database. It is possible to grasp to some extent whether software is an illegally copied one. The experiments show that the proposed software birthmark can effectively identify Windows applications. That is, our proposed technique can be employed to efficiently detect and block pirated programs on OSP and P2P networks.

show abstract

A Static Birthmark for MS Windows Applications Using Import Address Table

Choi

Han

Cho

et al. 2013

View full text Add to dashboard Cite

Measuring similarity of windows applications using static and dynamic birthmarks

Kim

Han

Cho

et al. 2013

View full text Add to dashboard Cite

A software birthmark is unique, as certain native characteristics of a program, hence can be used to measure the similarity between programs. In general, a static software birthmark does not need program execution, but is more vulnerable to attacks by semanticpreserving transformations. A dynamic software birthmark is applicable to packed executables, but cannot cover all the possible program paths. In this paper, we propose a novel effective technique to measure the similarity of Microsoft Windows applications using both static and dynamic birthmarks, which are based on the list of system APIs as well as the frequency of system API calls. Because system APIs are located in Windows system directories and act as a bridge between applications and the operating system, our birthmarks are resilient to obfuscations and compiler optimizations. A static birthmark consists of the system API call frequency of a target program, which can be extracted by scanning the executable file. A dynamic birthmark is the frequency of system API function calls, which can be extracted by a binary instrumentation tool during the execution of the program. To evaluate the effectiveness of the proposed technique, we compare various types of Windows applications using both the static and dynamic birthmarks. To demonstrate the robustness, we compare packed executables that were compressed by a binary packing tool. We carry out additional experiments for measuring the similarity between target Windows applications at the source code level and verify the evaluation results. The experimental results show that our birthmarks can effectively measure the similarity between Windows applications, as intended.

show abstract

A Survey of Feature Extraction Techniques to Detect the Theft of Windows Applications

Choi

Han

Cho

et al. 2013

View full text Add to dashboard Cite

As software industry has been grown, it occurs more frequently to illegally copy software or to steal the core modules of a program. In order to detect program plagiarism, similarity analysis of suspicious programs based on source codes is one of accurate methods. However, the source codes are not always available. Therefore, it is necessary to analyze and determine software piracy or theft with only binary executables that are release versions of their products. In this paper, we propose a method to extract the feature information from the binary codes of the executable files on MS Windows systems in order to determine whether software is pirated or core modules of a program are stolen. We perform a small experiment to detect program similarity and plagiarism by comparing the statically extracted features of target programs.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Yongman Han

A new detection scheme of software copyright infringement using software birthmark on windows systems

A Static Birthmark for MS Windows Applications Using Import Address Table

Measuring similarity of windows applications using static and dynamic birthmarks

A Survey of Feature Extraction Techniques to Detect the Theft of Windows Applications

Contact Info

Product

Resources

About