Deviation-Based Obfuscation-Resilient Program Equivalence Checking With Application to Software Plagiarism Detection

Jiang, Ming; Zhang, Fangfang; Wu, Dinghao; Liu, Peng; Zhu, Sencun

doi:10.1109/tr.2016.2570554

Cited by 29 publications

(16 citation statements)

References 62 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By combining rigorous program semantics with longest common subsequence based fuzzy matching, Cop [20] is obfuscation-resilient and can satisfy R3. Since the dynamic approaches can concentrate more on the program semantics, DYKIS [30], TOB [28], TreSB [27], and LoPD [21] meet R3 quite well.…”

Section: Recent State Of the Art And Practicementioning

confidence: 96%

“…4. In the domain of software plagiarism detection, our three works were widely cited by top conferences and top journals [21], [10], and many favorable comments were made upon the good resilience to code obfuscation techniques and the capability to work on multithreaded programs.…”

Section: Contributionmentioning

confidence: 99%

“…The interpretability of detection results. The detection results of existing approaches are usually reported in the form of similarity scores (e.g., [18], [21]), which cannot be used as evidence in law. In other words, the results only weigh the degree of similarity between two programs rather than pinpointing on the exact cause.…”

Section: Recent State Of the Art And Practicementioning

confidence: 99%

“…For R2, most dynamic analysis binary based approaches, (e.g., DYKIS [30], TOB [28], TreSB [27], and LoPD [21]) would fail because they detect whole program plagiarism and only generate a similarity score. The approaches based on static analysis (e.g., SKB [22], SWKB [33], SFB [17] and WSPB [18]) can satisfy R2, because static analysis make it possible to be applied at different granularities, such as basic blocks, functions, which can be detected locally.…”

Section: Recent State Of the Art And Practicementioning

confidence: 99%

See 3 more Smart Citations

Revisiting the Challenges and Opportunities in Software Plagiarism Detection

Fan

Jia

et al. 2020

2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER)

View full text Add to dashboard Cite

Software plagiarism seriously impedes the healthy development of open source software. To fight against code obfuscation and inherent non-determinism of thread scheduling applied against software plagiarism detection, we proposed a new dynamic birthmark called DYnamic Key Instruction Sequence (DYKIS) and a framework called Thread-oblivious dynamic Birthmark (TOB) for the purpose of reviving the existing birthmarks and a thread-aware dynamic birthmark called Thread-related System call Birthmark (TreSB). Though many approaches have been proposed for software plagiarism detection, they are still limited to satisfy the following highly desired requirements: the applicability to handle binary, the capability to detect partial plagiarism, the resiliency to code obfuscation, the interpretability on detection results, and the scalability to process large-scale software. In this position paper, we discuss and outline the research opportunities and challenges in the field of software plagiarism detection in order to stimulate brilliant innovations and direct our future research efforts.

show abstract

Section: Recent State Of the Art And Practicementioning

confidence: 96%

Section: Contributionmentioning

confidence: 99%

Section: Recent State Of the Art And Practicementioning

confidence: 99%

Section: Recent State Of the Art And Practicementioning

confidence: 99%

See 2 more Smart Citations

Revisiting the Challenges and Opportunities in Software Plagiarism Detection

Fan

Jia

et al. 2020

2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER)

View full text Add to dashboard Cite

show abstract

“…Thus, it is a code containment problem. The problem has been emphasized by previous work [27], [37], [45], [66], [60], [61], [38], but the proposed solutions can only work for code of the same ISA. Resolving the cross-architecture code containment problem is a new and important endeavor.…”

Section: Introductionmentioning

confidence: 99%

Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs

Zuo¹,

Li²,

Young³

et al. 2019

Proceedings 2019 Network and Distributed System Security Symposium

158

199

View full text Add to dashboard Cite

Binary code analysis allows analyzing binary code without having access to the corresponding source code. A binary, after disassembly, is expressed in an assembly language. This inspires us to approach binary analysis by leveraging ideas and techniques from Natural Language Processing (NLP), a fruitful area focused on processing text of various natural languages. We notice that binary code analysis and NLP share many analogical topics, such as semantics extraction, classification, and code/text comparison. This work thus borrows ideas from NLP to address two important code similarity comparison problems. (I) Given a pair of basic blocks of different instruction set architectures (ISAs), determining whether their semantics is similar; and (II) given a piece of code of interest, determining if it is contained in another piece of code of a different ISA. The solutions to these two problems have many applications, such as cross-architecture vulnerability discovery and code plagiarism detection.Despite the evident importance of Problem I, existing solutions are either inefficient or imprecise. Inspired by Neural Machine Translation (NMT), which is a new approach that tackles text across natural languages very well, we regard instructions as words and basic blocks as sentences, and propose a novel cross-(assembly)-lingual deep learning approach to solving Problem I, attaining high efficiency and precision. Many solutions have been proposed to determine whether two pieces of code, e.g., functions, are equivalent (called the equivalence problem), which is different from Problem II (called the containment problem). Resolving the cross-architecture code containment problem is a new and more challenging endeavor. Employing our technique for crossarchitecture basic-block comparison, we propose the first solution to Problem II. We implement a prototype system INNEREYE and perform a comprehensive evaluation. A comparison between our approach and existing approaches to Problem I shows that our system outperforms them in terms of accuracy, efficiency and scalability. The case studies applying the system demonstrate that our solution to Problem II is effective. Moreover, this research showcases how to apply ideas and techniques from NLP to largescale binary code analysis.

show abstract

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

Dong

Diao

et al. 2018

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Program code is a precious asset to its owner. Due to the easyto-reverse nature of Java, code protection for Android apps is of particular importance. To this end, code obfuscation is widely utilized by both legitimate app developers and malware authors, which complicates the representation of source code or machine code in order to hinder the manual investigation and code analysis. Despite many previous studies focusing on the obfuscation techniques, however, our knowledge on how obfuscation is applied by realworld developers is still limited.In this paper, we seek to better understand Android obfuscation and depict a holistic view of the usage of obfuscation through a large-scale investigation in the wild. In particular, we focus on four popular obfuscation approaches: identifier renaming, string encryption, Java reflection, and packing. To obtain the meaningful statistical results, we designed efficient and lightweight detection models for each obfuscation technique and applied them to our massive APK datasets (collected from Google Play, multiple thirdparty markets, and malware databases). We have learned several interesting facts from the result. For example, malware authors use string encryption more frequently, and more apps on third-party markets than Google Play are packed. We are also interested in the explanation of each finding. Therefore we carry out in-depth code analysis on some Android apps after sampling. We believe our study will help developers select the most suitable obfuscation approach, and in the meantime help researchers improve code analysis systems in the right direction.

show abstract

Deviation-Based Obfuscation-Resilient Program Equivalence Checking With Application to Software Plagiarism Detection

Cited by 29 publications

References 62 publications

Revisiting the Challenges and Opportunities in Software Plagiarism Detection

Revisiting the Challenges and Opportunities in Software Plagiarism Detection

Neural Machine Translation Inspired Binary Code Similarity Comparison beyond Function Pairs

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

Contact Info

Product

Resources

About