As software is getting more valuable, unauthorized users or malicious programmers illegally copies and distributes copyrighted software over online service provider (OSP) and P2P networks. To detect, block, and remove pirated software (illegal programs) on OSP and P2P networks, this paper proposes a new filtering approach using software birthmark, which is unique characteristics of program and can be used to identify each program. Software birthmark typically includes constant values, library information, sequence of function calls, and call graphs, etc. We target Microsoft Windows applications and utilize the numbers and names of DLLs and APIs stored in a Windows executable file. Using that information and each cryptographic hash value of the API sequence of programs, we construct software birthmark database. Whenever a program is uploaded or downloaded on OSP and P2P networks, we can identify the program by comparing software birthmark of the program with birthmarks in the database. It is possible to grasp to some extent whether software is an illegally copied one. The experiments show that the proposed software birthmark can effectively identify Windows applications. That is, our proposed technique can be employed to efficiently detect and block pirated programs on OSP and P2P networks.
A software birthmark is unique, as certain native characteristics of a program, hence can be used to measure the similarity between programs. In general, a static software birthmark does not need program execution, but is more vulnerable to attacks by semanticpreserving transformations. A dynamic software birthmark is applicable to packed executables, but cannot cover all the possible program paths. In this paper, we propose a novel effective technique to measure the similarity of Microsoft Windows applications using both static and dynamic birthmarks, which are based on the list of system APIs as well as the frequency of system API calls. Because system APIs are located in Windows system directories and act as a bridge between applications and the operating system, our birthmarks are resilient to obfuscations and compiler optimizations. A static birthmark consists of the system API call frequency of a target program, which can be extracted by scanning the executable file. A dynamic birthmark is the frequency of system API function calls, which can be extracted by a binary instrumentation tool during the execution of the program. To evaluate the effectiveness of the proposed technique, we compare various types of Windows applications using both the static and dynamic birthmarks. To demonstrate the robustness, we compare packed executables that were compressed by a binary packing tool. We carry out additional experiments for measuring the similarity between target Windows applications at the source code level and verify the evaluation results. The experimental results show that our birthmarks can effectively measure the similarity between Windows applications, as intended.
As software industry has been grown, it occurs more frequently to illegally copy software or to steal the core modules of a program. In order to detect program plagiarism, similarity analysis of suspicious programs based on source codes is one of accurate methods. However, the source codes are not always available. Therefore, it is necessary to analyze and determine software piracy or theft with only binary executables that are release versions of their products. In this paper, we propose a method to extract the feature information from the binary codes of the executable files on MS Windows systems in order to determine whether software is pirated or core modules of a program are stolen. We perform a small experiment to detect program similarity and plagiarism by comparing the statically extracted features of target programs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.