A static API birthmark for Windows binary executables
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Choi, Seok-Woo | ko |
| dc.contributor.author | Park, Hee-Wan | ko |
| dc.contributor.author | Lim, Hyun-Il | ko |
| dc.contributor.author | Han, Tai-Sook | ko |
| dc.date.accessioned | 2010-02-03T05:30:59Z | - |
| dc.date.available | 2010-02-03T05:30:59Z | - |
| dc.date.created | 2012-02-06 | - |
| dc.date.created | 2012-02-06 | - |
| dc.date.issued | 2009-05 | - |
| dc.identifier.citation | JOURNAL OF SYSTEMS AND SOFTWARE, v.82, no.5, pp.862 - 873 | - |
| dc.identifier.issn | 0164-1212 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/16449 | - |
| dc.description.abstract | A software birthmark is the inherent characteristics of a program extracted from the program itself. By comparing birthmarks, we can detect whether a program is a copy of another program or not. We propose a static API birthmark for Windows executables that utilizes sets of API calls identified by a disassembler statically. By comparing 49 Windows executables, we show that our birthmark can distinguish similar programs and detect copies. By comparing binaries generated by various compilers, we also demonstrate that our birthmark is resilient. We compare our birthmark with a previous Windows dynamic birthmark to show that it is more appropriate for GUI applications. (C) 2008 Elsevier Inc. All rights reserved. | - |
| dc.description.sponsorship | This work was partially supported by the Korea Science and Engineering Foundation(KOSEF) grant funded by the Korea government(MEST) (No. R01-2008-000-11856-0). Also, this work was partially supported by the MKE(Ministry of Knowledge Economy), Korea, under the ITRC(Information Technology Research Center) Support program supervised by the IITA(Institute of Information Technology Advancement)” (IITA-2008-C1090-0801-0020). | en |
| dc.language | English | - |
| dc.language.iso | en_US | en |
| dc.publisher | ELSEVIER SCIENCE INC | - |
| dc.subject | ALGORITHM | - |
| dc.title | A static API birthmark for Windows binary executables | - |
| dc.type | Article | - |
| dc.identifier.wosid | 000265318300012 | - |
| dc.identifier.scopusid | 2-s2.0-63149135419 | - |
| dc.type.rims | ART | - |
| dc.citation.volume | 82 | - |
| dc.citation.issue | 5 | - |
| dc.citation.beginningpage | 862 | - |
| dc.citation.endingpage | 873 | - |
| dc.citation.publicationname | JOURNAL OF SYSTEMS AND SOFTWARE | - |
| dc.identifier.doi | 10.1016/j.jss.2008.11.848 | - |
| dc.embargo.liftdate | 9999-12-31 | - |
| dc.embargo.terms | 9999-12-31 | - |
| dc.contributor.localauthor | Han, Tai-Sook | - |
| dc.type.journalArticle | Article | - |
| dc.subject.keywordAuthor | Software birthmark | - |
| dc.subject.keywordAuthor | Software theft detection | - |
| dc.subject.keywordAuthor | Software security | - |
| dc.subject.keywordAuthor | Static analysis | - |
| dc.subject.keywordAuthor | Reverse engineering | - |
| dc.subject.keywordPlus | ALGORITHM | - |
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 32 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.