Behavior based software theft detection

Xinran Wang; Yoon Chan Jhi; Sencun Zhu; Peng Liu

doi:10.1145/1653662.1653696

Behavior based software theft detection

Xinran Wang, Yoon Chan Jhi, Sencun Zhu, Peng Liu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

92 Scopus citations

Abstract

Along with the burst of open source projects, software theft (or plagiarism) has become a very serious threat to the healthiness of software industry. Software birthmark, which represents the unique characteristics of a program, can be used for software theft detection. We propose a system call dependence graph based software birthmark called SCDG birthmark, and examine how well it reflects unique behavioral characteristics of a program. To our knowledge, our detection system based on SCDG birthmark is the first one that is capable of detecting software component theft where only partial code is stolen. We demonstrate the strength of our birthmark against various evasion techniques, including those based on different compilers and different compiler optimization levels as well as two state-of-the-art obfuscation tools. Unlike the existing work that were evaluated through small or toy software, we also evaluate our birthmark on a set of large software. Our results show that SCDG birthmark is very practical and effective in detecting software theft that even adopts advanced evasion techniques.

Original language	English (US)
Title of host publication	CCS'09 - Proceedings of the 16th ACM Conference on Computer and Communications Security
Pages	280-290
Number of pages	11
DOIs	https://doi.org/10.1145/1653662.1653696
State	Published - 2009
Event	16th ACM Conference on Computer and Communications Security, CCS'09 - Chicago, IL, United States Duration: Nov 9 2009 → Nov 13 2009

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Other

Other	16th ACM Conference on Computer and Communications Security, CCS'09
Country/Territory	United States
City	Chicago, IL
Period	11/9/09 → 11/13/09

All Science Journal Classification (ASJC) codes

Software
Computer Networks and Communications

Access to Document

10.1145/1653662.1653696

Cite this

@inproceedings{2340cffeba2e40ea8f8fbed49609c8d4,

title = "Behavior based software theft detection",

abstract = "Along with the burst of open source projects, software theft (or plagiarism) has become a very serious threat to the healthiness of software industry. Software birthmark, which represents the unique characteristics of a program, can be used for software theft detection. We propose a system call dependence graph based software birthmark called SCDG birthmark, and examine how well it reflects unique behavioral characteristics of a program. To our knowledge, our detection system based on SCDG birthmark is the first one that is capable of detecting software component theft where only partial code is stolen. We demonstrate the strength of our birthmark against various evasion techniques, including those based on different compilers and different compiler optimization levels as well as two state-of-the-art obfuscation tools. Unlike the existing work that were evaluated through small or toy software, we also evaluate our birthmark on a set of large software. Our results show that SCDG birthmark is very practical and effective in detecting software theft that even adopts advanced evasion techniques.",

author = "Xinran Wang and Jhi, {Yoon Chan} and Sencun Zhu and Peng Liu",

year = "2009",

doi = "10.1145/1653662.1653696",

language = "English (US)",

isbn = "9781605583525",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

pages = "280--290",

booktitle = "CCS'09 - Proceedings of the 16th ACM Conference on Computer and Communications Security",

note = "16th ACM Conference on Computer and Communications Security, CCS'09 ; Conference date: 09-11-2009 Through 13-11-2009",

}

Wang, X, Jhi, YC, Zhu, S & Liu, P 2009, Behavior based software theft detection. in CCS'09 - Proceedings of the 16th ACM Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, pp. 280-290, 16th ACM Conference on Computer and Communications Security, CCS'09, Chicago, IL, United States, 11/9/09. https://doi.org/10.1145/1653662.1653696

TY - GEN

T1 - Behavior based software theft detection

AU - Wang, Xinran

AU - Jhi, Yoon Chan

AU - Zhu, Sencun

AU - Liu, Peng

PY - 2009

Y1 - 2009

N2 - Along with the burst of open source projects, software theft (or plagiarism) has become a very serious threat to the healthiness of software industry. Software birthmark, which represents the unique characteristics of a program, can be used for software theft detection. We propose a system call dependence graph based software birthmark called SCDG birthmark, and examine how well it reflects unique behavioral characteristics of a program. To our knowledge, our detection system based on SCDG birthmark is the first one that is capable of detecting software component theft where only partial code is stolen. We demonstrate the strength of our birthmark against various evasion techniques, including those based on different compilers and different compiler optimization levels as well as two state-of-the-art obfuscation tools. Unlike the existing work that were evaluated through small or toy software, we also evaluate our birthmark on a set of large software. Our results show that SCDG birthmark is very practical and effective in detecting software theft that even adopts advanced evasion techniques.

AB - Along with the burst of open source projects, software theft (or plagiarism) has become a very serious threat to the healthiness of software industry. Software birthmark, which represents the unique characteristics of a program, can be used for software theft detection. We propose a system call dependence graph based software birthmark called SCDG birthmark, and examine how well it reflects unique behavioral characteristics of a program. To our knowledge, our detection system based on SCDG birthmark is the first one that is capable of detecting software component theft where only partial code is stolen. We demonstrate the strength of our birthmark against various evasion techniques, including those based on different compilers and different compiler optimization levels as well as two state-of-the-art obfuscation tools. Unlike the existing work that were evaluated through small or toy software, we also evaluate our birthmark on a set of large software. Our results show that SCDG birthmark is very practical and effective in detecting software theft that even adopts advanced evasion techniques.

UR - http://www.scopus.com/inward/record.url?scp=74049163233&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=74049163233&partnerID=8YFLogxK

U2 - 10.1145/1653662.1653696

DO - 10.1145/1653662.1653696

M3 - Conference contribution

AN - SCOPUS:74049163233

SN - 9781605583525

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 280

EP - 290

BT - CCS'09 - Proceedings of the 16th ACM Conference on Computer and Communications Security

T2 - 16th ACM Conference on Computer and Communications Security, CCS'09

Y2 - 9 November 2009 through 13 November 2009

ER -

Behavior based software theft detection

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this