Detecting software theft via system call based birthmarks

Xinran Wang, Yoon Chan Jhi, Sencun Zhu, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

92 Scopus citations


Along with the burst of open source projects, software theft (or plagiarism) has become a very serious threat to the healthiness of software industry. Software birthmark, which represents the unique characteristic of a program, can be used for software theft detection. We propose two system call based software birthmarks: SCSSB (System Call Short Sequence Birthmark) and IDSCSB (Input Dependant System Call Subsequence Birthmark), and examine how well they reflect unique behavioral characteristics of a program. To our knowledge, our detection system based on SCSSB and IDSCSB is the first one that is capable of software component theft detection where only partial code is stolen. We demonstrate the strength of our birthmarks against various evasion techniques, including those based on different compilers and different compiler optimization levels as well as those based on very powerful obfuscation techniques supported by SandMark. Unlike the existing work that were evaluated through small or toy software, we also evaluate our birthmarks on a set of large software (web browsers). Our results show that system call based birthmarks are very practical and effective in detecting software theft that even adopts advanced evasion techniques.

Original languageEnglish (US)
Title of host publication25th Annual Computer Conference Security Applications, ACSAC 2009
Number of pages10
StatePublished - 2009
Event25th Annual Computer Conference Security Applications, ACSAC 2009 - Honolulu, HI, United States
Duration: Dec 7 2009Dec 11 2009

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527


Other25th Annual Computer Conference Security Applications, ACSAC 2009
Country/TerritoryUnited States
CityHonolulu, HI

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Software
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Detecting software theft via system call based birthmarks'. Together they form a unique fingerprint.

Cite this