YAP3: improved detection of similarities in computer program and other texts
SIGCSE '96 Proceedings of the twenty-seventh SIGCSE technical symposium on Computer science education
A graph distance metric based on the maximal common subgraph
Pattern Recognition Letters
Software watermarking: models and dynamic embeddings
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the ACM SIGPLAN 1999 conference on Programming language design and implementation
Watermarking, tamper-proffing, and obfuscation: tools for software protection
IEEE Transactions on Software Engineering
Winnowing: local algorithms for document fingerprinting
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
A security architecture for survivability mechanisms
A security architecture for survivability mechanisms
Sandmark--A Tool for Software Protection Research
IEEE Security and Privacy
K-gram based software birthmarks
Proceedings of the 2005 ACM symposium on Applied computing
Software theft detection through program identification
Software theft detection through program identification
Java Birthmarks —Detecting the Software Theft—
IEICE - Transactions on Information and Systems
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Recency-Abstraction for heap-allocated storage
SAS'06 Proceedings of the 13th international conference on Static Analysis
Detecting Java Theft Based on Static API Trace Birthmark
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
A static API birthmark for Windows binary executables
Journal of Systems and Software
Supervised learning for provenance-similarity of binaries
Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining
Measuring similarity of windows applications using static and dynamic birthmarks
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Measuring similarity of android applications via reversing and K-gram birthmarking
Proceedings of the 2013 Research in Adaptive and Convergent Systems
Simseer and bugwise: web services for binary-level software similarity and defect detection
AusPDC '13 Proceedings of the Eleventh Australasian Symposium on Parallel and Distributed Computing - Volume 140
A birthmark-based method for intellectual software asset management
Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication
| Hi-index | 0.00 |
A software birthmark is a unique characteristic of a program that can be used as a software theft detection. In this paper we suggest and empirically evaluate a static birthmark of binary executables based on API call structure. The program properties employed in this birthmark are functions and standard API calls when the functions are executed. The API calls from a function includes the API calls explicitly found from the function and its descendants within limited depth in the call graph. To statically identify functions, call graphs and API calls, we utilizes IDAPro disassembler and its plug-ins. We define the similarity between two functions as the proportion of the number of all API calls to the number of the common API calls. The similarity between two programs is obtained by the maximum weight bipartite matching between two programs using the function similarity matrix. To show the credibility of the proposed techniques, we compare the same applications with different versions and the various types of applications which include text editors, picture viewers, multimedia players, P2P applications and ftp clients. To show the resilience, we compare binary executables compiled from various compilers. The empirical result shows that the similarities obtained using our birthmark sufficiently indicates the functional and structural similarities among programs.