Replacement attacks on behavior based software birthmark

Zhi Xin; Huiyu Chen; Xinche Wang; Peng Liu; Sencun Zhu; Bing Mao; Li Xie

doi:10.1007/978-3-642-24861-0_1

Replacement attacks on behavior based software birthmark

Zhi Xin
, Huiyu Chen
, Xinche Wang
, Peng Liu
, Sencun Zhu
, Bing Mao
, Li Xie

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

7 Scopus citations

Abstract

Software birthmarks utilize certain specific program characteristics to validate the origin of software, so it can be applied to detect software piracy. One state-of-the-art technology on software birthmark adopts dynamic system call dependence graphs as the unique signature of a program, which cannot be cluttered by existing obfuscation techniques and is also immune to the no-ops system call insertion attack. In this paper, we analyze its weaknesses and construct replacement attacks with the help of semantics-equivalent system calls to unlock the high frequent dependency between the system calls in an original system call dependence graph. Our results show that the proposed replacement attacks can destroy the original birthmark successfully.

Original language	English (US)
Title of host publication	Information Security - 14th International Conference, ISC 2011, Proceedings
Publisher	Springer Verlag
Pages	1-16
Number of pages	16
ISBN (Print)	9783642248603
DOIs	https://doi.org/10.1007/978-3-642-24861-0_1
State	Published - 2011
Event	14th International Conference on Information Security, ISC 2011 - Xi'an, China Duration: Oct 26 2011 → Oct 29 2011

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7001 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	14th International Conference on Information Security, ISC 2011
Country/Territory	China
City	Xi'an
Period	10/26/11 → 10/29/11

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-642-24861-0_1

Cite this

Xin, Z., Chen, H., Wang, X., Liu, P., Zhu, S., Mao, B., & Xie, L. (2011). Replacement attacks on behavior based software birthmark. In Information Security - 14th International Conference, ISC 2011, Proceedings (pp. 1-16). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7001 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-642-24861-0_1

@inproceedings{e159ee0a4bb742ada2670c7903d52f8d,

title = "Replacement attacks on behavior based software birthmark",

abstract = "Software birthmarks utilize certain specific program characteristics to validate the origin of software, so it can be applied to detect software piracy. One state-of-the-art technology on software birthmark adopts dynamic system call dependence graphs as the unique signature of a program, which cannot be cluttered by existing obfuscation techniques and is also immune to the no-ops system call insertion attack. In this paper, we analyze its weaknesses and construct replacement attacks with the help of semantics-equivalent system calls to unlock the high frequent dependency between the system calls in an original system call dependence graph. Our results show that the proposed replacement attacks can destroy the original birthmark successfully.",

author = "Zhi Xin and Huiyu Chen and Xinche Wang and Peng Liu and Sencun Zhu and Bing Mao and Li Xie",

year = "2011",

doi = "10.1007/978-3-642-24861-0\_1",

language = "English (US)",

isbn = "9783642248603",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "1--16",

booktitle = "Information Security - 14th International Conference, ISC 2011, Proceedings",

address = "Germany",

note = "14th International Conference on Information Security, ISC 2011 ; Conference date: 26-10-2011 Through 29-10-2011",

}

Xin, Z, Chen, H, Wang, X, Liu, P , Zhu, S, Mao, B & Xie, L 2011, Replacement attacks on behavior based software birthmark. in Information Security - 14th International Conference, ISC 2011, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7001 LNCS, Springer Verlag, pp. 1-16, 14th International Conference on Information Security, ISC 2011, Xi'an, China, 10/26/11. https://doi.org/10.1007/978-3-642-24861-0_1

Replacement attacks on behavior based software birthmark. / Xin, Zhi; Chen, Huiyu; Wang, Xinche et al.
Information Security - 14th International Conference, ISC 2011, Proceedings. Springer Verlag, 2011. p. 1-16 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7001 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Replacement attacks on behavior based software birthmark

AU - Xin, Zhi

AU - Chen, Huiyu

AU - Wang, Xinche

AU - Liu, Peng

AU - Zhu, Sencun

AU - Mao, Bing

AU - Xie, Li

PY - 2011

Y1 - 2011

N2 - Software birthmarks utilize certain specific program characteristics to validate the origin of software, so it can be applied to detect software piracy. One state-of-the-art technology on software birthmark adopts dynamic system call dependence graphs as the unique signature of a program, which cannot be cluttered by existing obfuscation techniques and is also immune to the no-ops system call insertion attack. In this paper, we analyze its weaknesses and construct replacement attacks with the help of semantics-equivalent system calls to unlock the high frequent dependency between the system calls in an original system call dependence graph. Our results show that the proposed replacement attacks can destroy the original birthmark successfully.

AB - Software birthmarks utilize certain specific program characteristics to validate the origin of software, so it can be applied to detect software piracy. One state-of-the-art technology on software birthmark adopts dynamic system call dependence graphs as the unique signature of a program, which cannot be cluttered by existing obfuscation techniques and is also immune to the no-ops system call insertion attack. In this paper, we analyze its weaknesses and construct replacement attacks with the help of semantics-equivalent system calls to unlock the high frequent dependency between the system calls in an original system call dependence graph. Our results show that the proposed replacement attacks can destroy the original birthmark successfully.

UR - https://www.scopus.com/pages/publications/80054810318

UR - https://www.scopus.com/pages/publications/80054810318#tab=citedBy

U2 - 10.1007/978-3-642-24861-0_1

DO - 10.1007/978-3-642-24861-0_1

M3 - Conference contribution

AN - SCOPUS:80054810318

SN - 9783642248603

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 1

EP - 16

BT - Information Security - 14th International Conference, ISC 2011, Proceedings

PB - Springer Verlag

T2 - 14th International Conference on Information Security, ISC 2011

Y2 - 26 October 2011 through 29 October 2011

ER -

Xin Z, Chen H, Wang X, Liu P , Zhu S, Mao B et al. Replacement attacks on behavior based software birthmark. In Information Security - 14th International Conference, ISC 2011, Proceedings. Springer Verlag. 2011. p. 1-16. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-24861-0_1

Replacement attacks on behavior based software birthmark

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this