Software Birthmark Usability for Source Code Transformation Using Machine Learning Algorithms

Keqing, Guan; Nazir, Shah; Kong, Xianli; Rehman, Sadaqat ur

doi:10.1155/2021/5547766

Cited by 2 publications

(2 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A recent survey article identifies 24 types of techniques for generating software birthmarks [39]. These techniques mainly focus on detecting software theft and piracy [16], [40]. There are also birthmarks designed for software asset management [41] or malware detection [42].…”

Section: B Binary Code Similaritymentioning

confidence: 99%

Version-Wide Software Birthmark via Machine Learning

Chung

Wang

2021

IEEE Access

View full text Add to dashboard Cite

Identifying the credibility of executable files is critical for the security of an operating system. Modern operating systems rely on code signing for executable files to identify their publishers. Because code signing uses a default-valid trust model, a malware could pass software validation of operating systems and security software by using counterfeit code-signing certificates. Although the counterfeit certificates can be revoked by CAs, the previous research showed that the revocation delay takes as long as 5.6 months. In this paper, we attempt to identify the credibility of software with multiple-version executable files without relying on public key infrastructure (PKI). Because a new-version executable file is usually developed incrementally based on the previous versions, the sharing features among different versions can be extracted for identifying the software. Accordingly, we present a software-birthmark scheme to serve our purpose. Our scheme generates a cross-version software birthmark for executable files of the same software. The proposed software birthmark is a binary-classification model of a machine learning algorithm based on imported and exported function names extracted from different-version executable files. To evaluate the performance of version-wide software birthmarks, our experiments include 138 versions of Windows kernel32.dll and 545 versions of firefox.exe. We also use multiple machine learning algorithms for performance comparisons. The results show that proposed software birthmark can effectively identify the derivations of these executable files. The proposed software birthmark can be used by operating systems or security software to evaluate the credibility of executable files with suspicious certificates.

show abstract

Section: B Binary Code Similaritymentioning

confidence: 99%

Version-Wide Software Birthmark via Machine Learning

Chung

Wang

2021

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Considering the broad applicability and objective security obtained for low cost, we focus on software-level protection. Software-level protection can be divided into protection before being damaged and forensics after being damaged, such as protecting core technologies through code obfuscation [10,11], encryption and decryption [12,13], software watermarking [7,14], or software birthmark [15,16] for effective tracking of software copyright.…”

Section: Introductionmentioning

confidence: 99%

iOLLVM: Enhanced Version of OLLVM

Huang¹,

Chen²,

Xie³

et al. 2022

Artificial Intelligence Trends &Amp; Technologies

View full text Add to dashboard Cite

Code obfuscation increases the difficulty of understanding programs, improves software security, and, in particular, OLLVM offers the possibility of cross-platform code obfuscation. For OLLVM, we provide enhanced solutions for control flow obfuscation and identifier obfuscation. First, we propose the nested switch obfuscation scheme and the in-degree obfuscation for bogus blocks in the control flow obfuscation. Secondly, the identifier obfuscation scheme is presented in the LLVM layer to fill the gap of OLLVM at this level. Finally, we experimentally verify the enhancement effect of the control flow method and the identifier obfuscation effect and prove that the program's security can be further improved with less overhead, providing higher software security.

show abstract

Software Birthmark Usability for Source Code Transformation Using Machine Learning Algorithms

Cited by 2 publications

References 41 publications

Version-Wide Software Birthmark via Machine Learning

Version-Wide Software Birthmark via Machine Learning

iOLLVM: Enhanced Version of OLLVM

Contact Info

Product

Resources

About