• Smart Media Journal
• /
• v.4 no.2
• /
• pp.34-45
• /
• 2015

The illegal copy of Windows software is one of the problems, because Windows is the most popular operating system in the country. The illegal copy can be infringe a software copyright, and software birthmark is one of solutions which is protecting software copyright. Software birthmark is a technique to distinguish software piracy using feature information from software. The type of software birthmark can be differentiated between static birthmark and dynamic birthmark through an extraction method. Static birthmark and dynamic birthmark have strengths and weaknesses. In this paper, we propose similarity measurement technique using dynamic birthmark based on API, and we explain extraction process of dynamic birthmark. In addition, we have verified that the proposed similarity measurement technique meet resilience and credibility through experiment. Furthermore, we saw that proposed measurement technique better than existing measurement technique.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.4
• /
• pp.177-180
• /
• 2013

A software birthmark means inherent characteristics that can be used to identify a program. Because the software birthmark is difficult to remove by simple program transformation, it can be used to detect code theft. In this paper, we propose a birthmark technique based on API k-gram of Android applications. Android SDK provides various libraries that help programmers to develop application easily. In order to use Android SDK, we have to use API method calls. The API call instructions are hard to be replaced or removed, so they can be a inherent characteristics of an application. To show the effectiveness of the proposed birthmark, we compared it with previous birthmarks and evaluated it with open source applications. From the experiments, we verified that the credibility and resilience of our birthmark is higher than previous birthmarks.

• Journal of KIISE:Software and Applications
• /
• v.36 no.9
• /
• pp.767-776
• /
• 2009

A software birthmark is a set of characteristics that are extracted from a program itself to detect code theft. A dynamic API birthmark is extracted from the run-time API call sequences of a program. The dynamic Windows API birthmarks of Tamada et al. are extracted from API call sequences during the startup period of a program. Therefore. the dynamic birthmarks cannot reflect characteristics of main functions of the program. In this paper. we propose a functional unit birthmark(FDAPI) that is defined as API call sequences recorded during the execution of essential functions of a program. To find out that some functional units of a program are copied from an original program. two FDAPIs are extracted by executing the programs with the same input. The FDAPIs are compared using the semi-global alignment algorithm to compute a similarity between two programs. Programs with the same functionality are compared to show credibility of our birthmark. Binary executables that are compiled differently from the same source code are compared to prove resilience of our birthmark. The experimental result shows that our birthmark can detect module theft of software. to which the existing birthmarks of Tamada et al. cannot be applied.

• Journal of the Korea Society of Computer and Information
• /
• v.28 no.7
• /
• pp.85-93
• /
• 2023

Software birthmark refers to a unique feature inherent in software that can be extracted from program binaries even in the absence of the original source code of the program. Like human genetic information, the similarity between programs can be calculated numerically, so it can be used to determine whether software is stolen or copied. In this paper, we propose a new birthmark technique for Android applications developed using Unity. The source codes of Unity-based Android applications use C# language, and since the core logic of the program is included in the DLL module, it must be approached in a different way from normal Android applications. In this paper, a Unity birthmark extraction and comparison system was implemented, and reliability and resilience were evaluated. The use of the Unity birthmark technique proposed in this paper is expected to be effective in preventing illegal copy or code theft of the Unity-based Android applications.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.11
• /
• pp.871-875
• /
• 2009

A software birthmark is inherent characteristics that can be used to identify a program. In this paper, we propose a new Java birthmark based on control flow graph (CFG) matching. The CFG matching consists of node matching and edge matching. To get similarities of nodes and edges of two CFGs, we apply a sequence alignment algorithm and a shortest path algorithm, respectively. To evaluate the proposed birthmark, we perform experiments on Java programs that implement various algorithms. In the experiments, the proposed birthmark shows not only high credibility and resilience but also fast runtime performance.

• Journal of KIISE:Computing Practices and Letters
• /
• v.14 no.9
• /
• pp.911-915
• /
• 2008

Software birthmark is the inherent characteristics that can identify a program. In this paper, we propose a Java class theft detection technique based on static API traces of class files. We utilize control flow analysis to increase resilience, and we apply the semi-global alignment trace comparison algorithm to increase credibility. The credibility and resilience experiments for XML parsers show that our birthmark is more efficient than existing birthmarks.

• Journal of KIISE
• /
• v.43 no.10
• /
• pp.1067-1072
• /
• 2016

Software birthmarks, which are unique characteristics of the software, are used to detect software plagiarism or software similarity. Generally, software birthmarks are divided into static birthmarks or dynamic birthmarks, which have evident pros and cons depending on the extraction method. In this paper, we propose a method for extracting the API sequence birthmarks using a dynamic analysis and similarity detection between the executable codes. Dynamic birthmarks based on API sequences extract API functions during the execution of programs. The extracted API sequences often include all the API functions called from the start to the end of the program. Meanwhile, our dynamic birthmark scheme extracts the API functions only called directly from the executable code. Then, it uses a sequence alignment algorithm to calculate the similarity metric effectively. We evaluate the birthmark with several open source software programs to verify its reliability and credibility. Our dynamic birthmark scheme based on the extracted API sequence can be utilized in a similarity test of executable codes.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.40 no.4
• /
• pp.700-708
• /
• 2015

A software birthmark is the set of characteristics of a program which can be used to identify the program. Many researchers have studied on detecting theft of java programs using some birthmarks. In case of Android apps, code obfuscation techniques are used to protect the apps against reverse-engineering and tampering. However, attackers can also use the obfuscation techniques in order to conceal a stolen program. A birthmark (feature) of an app can be alterable by code obfuscations. Therefore, it is necessary to detect Android app theft based on the birthmark which is resilient to code obfuscation. In this paper, we propose an effective Android app birthmark and app theft detection through the proposed birthmark. By analyzing some obfuscation tools, we have first selected parameter and the return types of methods as an adequate birthmark. Then, we have measured similarity of target apps using the birthmarks extracted from the apps, where some target apps are not obfuscated and the others obfuscated. The measurement results show that our proposed birthmark is effective for detecting Android app theft even though the apps are obfuscated.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1297-1307
• /
• 2018

The rise of Online game ESD(Electronic Software Distribution) like Steam, the method of game piracy are more diversified. In Online Game ESD, Software DRM is applied to game because we have to play in offline situation, but it is easily bypassed due to low security level. In this study, we analyze crack files of pirated games to learn how to bypass Steam DRM and to establish countermeasures for based on API call birthmark. The generated birthmark showed more than 85% resilience in representing crack groups and 95% credibility in detecting cracked games. With this study, it is possible to enhance the security of the online game Electronic Software Distribution platform, and to provide a high level of game piracy protection for indie game developers, especially those who can not purchase Third Party DRM to protect their own games.

• Journal of KIISE
• /
• v.41 no.12
• /
• pp.1007-1012
• /
• 2014

Software birthmarks are used to detect software plagiarism. For binaries, however, only a few birthmarks have been developed. In this paper, we propose a static approach to generate API sequences along major paths, which are analyzed from control flow graphs of the binaries. Since our API sequences are extracted along the most plausible paths of the binary codes, they can represent actual API sequences produced from binary executions, but in a more concise form. Our similarity measures use the Smith-Waterman algorithm that is one of the popular sequence alignment algorithms for DNA sequence analysis. We evaluate our static path-based API sequence with multiple versions of five applications. Our experiment indicates that our proposed method provides a quite reliable similarity birthmark for binaries.