Title :
A Static Birthmark for MS Windows Applications Using Import Address Table
Author :
JongCheon Choi ; YongMan Han ; Seong-je Cho ; HaeYoung Yoo ; Jinwoon Woo ; Minkyu Park ; Youngsang Song ; Chung, Lawrence
Author_Institution :
Dept. of Comput. Sci., Dankook Univ., Yongin, South Korea
Abstract :
A software birthmark is unique and native characteristics of software, and thus can be used to detect the theft of software. We propose a new static software birthmark for programs on Microsoft Windows which have Portable Executable (PE) format. These programs use different Dynamic Link Libraries (DLLs) and Application Program Interfaces (APIs) while they are executing. The number and names of the used DLLs and APIs are unique to each program. The proposed birthmark is based on these numbers and names. This information can be obtained from the Import Address Table (IAT), which is part of the PE file. By inspecting the proposed birthmark, we can identify certain software and detect pirated software. To evaluate the effectiveness of the proposed birthmark, we inspect and compare several applications of different kinds. The experimental results show that the proposed birthmark can identify Windows applications, leading to the prevention of an illegal distribution of copyrighted software.
Keywords :
computer crime; operating systems (computers); software libraries; API; DLL; IAT; MS Windows applications; Microsoft Windows; PE format; application program interfaces; copyrighted software; dynamic link libraries; illegal distribution; import address table; portable executable format; software theft detect; static birthmark; static software birthmark; Data mining; Databases; Educational institutions; Feature extraction; Java; Libraries; Software; API; DLL; Import address table; Software birthmark; Static birthmark;
Conference_Titel :
Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2013 Seventh International Conference on
Conference_Location :
Taichung
DOI :
10.1109/IMIS.2013.159
