TY - GEN
T1 - Detecting software theft via system call based birthmarks
AU - Wang, Xinran
AU - Jhi, Yoon Chan
AU - Zhu, Sencun
AU - Liu, Peng
N1 - Copyright:
Copyright 2010 Elsevier B.V., All rights reserved.
PY - 2009
Y1 - 2009
N2 - Along with the burst of open source projects, software theft (or plagiarism) has become a very serious threat to the healthiness of software industry. Software birthmark, which represents the unique characteristic of a program, can be used for software theft detection. We propose two system call based software birthmarks: SCSSB (System Call Short Sequence Birthmark) and IDSCSB (Input Dependant System Call Subsequence Birthmark), and examine how well they reflect unique behavioral characteristics of a program. To our knowledge, our detection system based on SCSSB and IDSCSB is the first one that is capable of software component theft detection where only partial code is stolen. We demonstrate the strength of our birthmarks against various evasion techniques, including those based on different compilers and different compiler optimization levels as well as those based on very powerful obfuscation techniques supported by SandMark. Unlike the existing work that were evaluated through small or toy software, we also evaluate our birthmarks on a set of large software (web browsers). Our results show that system call based birthmarks are very practical and effective in detecting software theft that even adopts advanced evasion techniques.
AB - Along with the burst of open source projects, software theft (or plagiarism) has become a very serious threat to the healthiness of software industry. Software birthmark, which represents the unique characteristic of a program, can be used for software theft detection. We propose two system call based software birthmarks: SCSSB (System Call Short Sequence Birthmark) and IDSCSB (Input Dependant System Call Subsequence Birthmark), and examine how well they reflect unique behavioral characteristics of a program. To our knowledge, our detection system based on SCSSB and IDSCSB is the first one that is capable of software component theft detection where only partial code is stolen. We demonstrate the strength of our birthmarks against various evasion techniques, including those based on different compilers and different compiler optimization levels as well as those based on very powerful obfuscation techniques supported by SandMark. Unlike the existing work that were evaluated through small or toy software, we also evaluate our birthmarks on a set of large software (web browsers). Our results show that system call based birthmarks are very practical and effective in detecting software theft that even adopts advanced evasion techniques.
UR - http://www.scopus.com/inward/record.url?scp=77950834638&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77950834638&partnerID=8YFLogxK
U2 - 10.1109/ACSAC.2009.24
DO - 10.1109/ACSAC.2009.24
M3 - Conference contribution
AN - SCOPUS:77950834638
SN - 9780769539195
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 149
EP - 158
BT - 25th Annual Computer Conference Security Applications, ACSAC 2009
T2 - 25th Annual Computer Conference Security Applications, ACSAC 2009
Y2 - 7 December 2009 through 11 December 2009
ER -