DAAV: Dynamic API Authority Vectors for Detecting Software Theft

This paper proposes a novel birthmark, a dynamic API authority vector (DAAV), for detecting software theft. DAAV satisfies four essential requirements for good birthmarks--credibility, resiliency, scalability, and packing-free--while existing birthmarks fail to satisfy all of them together. In particular, existing static birthmarks are unable to handle the packed programs and existing dynamic birthmarks do not satisfy credibility and resiliency. Our experimental results demonstrate that DAAV provides satisfying credibility and resiliency compared with existing dynamic birthmarks and also can cover packed programs.

[1]  David Grove,et al.  Call graph construction in object-oriented languages , 1997, OOPSLA '97.

[2]  Akito Monden,et al.  Dynamic Software Birthmarks to Detect the Theft of Windows Applications , 2004 .

[3]  Petra Perner,et al.  Data Mining - Concepts and Techniques , 2002, Künstliche Intell..

[4]  Dongho Won,et al.  An Efficient Categorization of the Instructions Based on Binary Excutables for Dynamic Software Birthmark , 2015 .

[5]  Christian S. Collberg,et al.  K-gram based software birthmarks , 2005, SAC '05.

[6]  Sencun Zhu,et al.  Value-based program characterization and its application to software plagiarism detection , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[7]  Sang-Chul Lee,et al.  Software plagiarism detection via the static API call frequency birthmark , 2013, SAC '13.

[8]  Taher H. Haveliwala Topic-sensitive PageRank , 2002, IEEE Trans. Knowl. Data Eng..

[9]  Eul Gyu Im,et al.  Software plagiarism detection: a graph-based approach , 2013, CIKM.

[10]  Christian S. Collberg,et al.  Detecting Software Theft via Whole Program Path Birthmarks , 2004, ISC.

[11]  Christos Faloutsos,et al.  Constructing seminal paper genealogy , 2011, CIKM '11.

[12]  Youngsu Park,et al.  An efficient similarity comparison based on core API calls , 2013, SAC '13.

[13]  Philip S. Yu,et al.  GPLAG: detection of software plagiarism by program dependence graph analysis , 2006, KDD '06.

[14]  Christos Faloutsos,et al.  Fast Random Walk with Restart and Its Applications , 2006, Sixth International Conference on Data Mining (ICDM'06).