A Static Birthmark for MS Windows Applications Using Import Address Table

2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing Pub Date : 2013-07-03 DOI:10.1109/IMIS.2013.159

JongCheon Choi, Yongman Han, Seong-je Cho, Haeyoung Yoo, Jinwoon Woo, Minkyu Park, Youngsang Song, L. Chung

{"title":"A Static Birthmark for MS Windows Applications Using Import Address Table","authors":"JongCheon Choi, Yongman Han, Seong-je Cho, Haeyoung Yoo, Jinwoon Woo, Minkyu Park, Youngsang Song, L. Chung","doi":"10.1109/IMIS.2013.159","DOIUrl":null,"url":null,"abstract":"A software birthmark is unique and native characteristics of software, and thus can be used to detect the theft of software. We propose a new static software birthmark for programs on Microsoft Windows which have Portable Executable (PE) format. These programs use different Dynamic Link Libraries (DLLs) and Application Program Interfaces (APIs) while they are executing. The number and names of the used DLLs and APIs are unique to each program. The proposed birthmark is based on these numbers and names. This information can be obtained from the Import Address Table (IAT), which is part of the PE file. By inspecting the proposed birthmark, we can identify certain software and detect pirated software. To evaluate the effectiveness of the proposed birthmark, we inspect and compare several applications of different kinds. The experimental results show that the proposed birthmark can identify Windows applications, leading to the prevention of an illegal distribution of copyrighted software.","PeriodicalId":425979,"journal":{"name":"2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","volume":"86 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"24","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IMIS.2013.159","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 24

Abstract

A software birthmark is unique and native characteristics of software, and thus can be used to detect the theft of software. We propose a new static software birthmark for programs on Microsoft Windows which have Portable Executable (PE) format. These programs use different Dynamic Link Libraries (DLLs) and Application Program Interfaces (APIs) while they are executing. The number and names of the used DLLs and APIs are unique to each program. The proposed birthmark is based on these numbers and names. This information can be obtained from the Import Address Table (IAT), which is part of the PE file. By inspecting the proposed birthmark, we can identify certain software and detect pirated software. To evaluate the effectiveness of the proposed birthmark, we inspect and compare several applications of different kinds. The experimental results show that the proposed birthmark can identify Windows applications, leading to the prevention of an illegal distribution of copyrighted software.

查看原文本刊更多论文

使用导入地址表的MS Windows应用程序的静态胎记

软件胎记是软件特有的、固有的特征，可以用来检测软件的盗窃行为。我们提出了一种新的静态软件胎记，用于Microsoft Windows上具有可移植可执行文件(PE)格式的程序。这些程序在执行时使用不同的动态链接库(dll)和应用程序接口(api)。所使用的dll和api的数量和名称对于每个程序都是唯一的。提议的胎记是基于这些数字和名字。这些信息可以从导入地址表(IAT)中获得，它是PE文件的一部分。通过检查建议的胎记，我们可以识别某些软件并检测盗版软件。为了评估所提出的胎记的有效性，我们检查和比较了几种不同类型的应用。实验结果表明，所提出的胎记可以识别Windows应用程序，从而防止正版软件的非法传播。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing

自引率

0.00%

发文量