Faster scaling algorithms for network problems
SIAM Journal on Computing
Software forensics: can we track code to its authors?
Computers and Security
YAP3: improved detection of similarities in computer program and other texts
SIGCSE '96 Proceedings of the twenty-seventh SIGCSE technical symposium on Computer science education
An efficient cost scaling algorithm for the assignment problem
Mathematical Programming: Series A and B
Manufacturing cheap, resilient, and stealthy opaque constructs
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A graph distance metric based on the maximal common subgraph
Pattern Recognition Letters
Software watermarking: models and dynamic embeddings
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Sim: a utility for detecting similarity in computer programs
SIGCSE '99 The proceedings of the thirtieth SIGCSE technical symposium on Computer science education
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis
ECOOP '95 Proceedings of the 9th European Conference on Object-Oriented Programming
Data-Flow-Based Virtual Function Resolution
SAS '96 Proceedings of the Third International Symposium on Static Analysis
Static Analysis of Binary Code to Isolate Malicious Behaviors
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Winnowing: local algorithms for document fingerprinting
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A security architecture for survivability mechanisms
A security architecture for survivability mechanisms
Sandmark--A Tool for Software Protection Research
IEEE Security and Privacy
Obfuscation of executable code to improve resistance to static disassembly
Proceedings of the 10th ACM conference on Computer and communications security
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Abstracting Stack to Detect Obfuscated Calls in Binaries
SCAM '04 Proceedings of the Source Code Analysis and Manipulation, Fourth IEEE International Workshop
Static Analyzer of Vicious Executables (SAVE)
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
K-gram based software birthmarks
Proceedings of the 2005 ACM symposium on Applied computing
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
A Method for Detecting Obfuscated Calls in Malicious Binaries
IEEE Transactions on Software Engineering
Deobfuscation: Reverse Engineering Obfuscated Code
WCRE '05 Proceedings of the 12th Working Conference on Reverse Engineering
LOCO: an interactive code (De)obfuscation tool
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Software theft detection through program identification
Software theft detection through program identification
Java Birthmarks —Detecting the Software Theft—
IEICE - Transactions on Information and Systems
A semantics-based approach to malware detection
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static analysis of executables to detect malicious patterns
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Static disassembly of obfuscated binaries
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Detours: binary interception of Win32 functions
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
Intrusion detection using sequences of system calls
Journal of Computer Security
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Wysinwyx: what you see is not what you execute
Wysinwyx: what you see is not what you execute
A static birthmark of binary executables based on API call structure
ASIAN'07 Proceedings of the 12th Asian computing science conference on Advances in computer science: computer and network security
Opaque predicates detection by abstract interpretation
AMAST'06 Proceedings of the 11th international conference on Algebraic Methodology and Software Technology
An efficient similarity comparison based on core API calls
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Software plagiarism detection via the static API call frequency birthmark
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Zero-day malware detection based on supervised learning algorithms of API call signatures
AusDM '11 Proceedings of the Ninth Australasian Data Mining Conference - Volume 121
Detecting malicious behaviour using supervised learning algorithms of the function calls
International Journal of Electronic Security and Digital Forensics
Software plagiarism detection: a graph-based approach
Proceedings of the 22nd ACM international conference on Conference on information & knowledge management
Measuring similarity of android applications via reversing and K-gram birthmarking
Proceedings of the 2013 Research in Adaptive and Convergent Systems
Simseer and bugwise: web services for binary-level software similarity and defect detection
AusPDC '13 Proceedings of the Eleventh Australasian Symposium on Parallel and Distributed Computing - Volume 140
| Hi-index | 0.00 |
A software birthmark is the inherent characteristics of a program extracted from the program itself. By comparing birthmarks, we can detect whether a program is a copy of another program or not. We propose a static API birthmark for Windows executables that utilizes sets of API calls identified by a disassembler statically. By comparing 49 Windows executables, we show that our birthmark can distinguish similar programs and detect copies. By comparing binaries generated by various compilers, we also demonstrate that our birthmark is resilient. We compare our birthmark with a previous Windows dynamic birthmark to show that it is more appropriate for GUI applications.