Identifying Software Theft Based on Classification of Multi-Attribute Features

Identifying Software Theft Based on Classification of Multi-Attribute Features

JOURNAL OF SOFTWARE, VOL. 9, NO. 6, JUNE 2014 1401 Identifying Software Theft Based on Classification of Multi-Attribute Features Ye Guo School of information, Xi'an University of finance and economics, China Email: [email protected] Mingyu Wang School of information, Xi'an University of finance and economics, China Email: [email protected] Yangxia Luo School of information, Xi'an University of finance and economics, China NWU (China) -Irdeto Network-Information Security Joint Laboratory (NISL), Xi’an, China Email: [email protected] Abstract―Due to the low performance caused by the into “embedded” watermarks and “constructed” traditional "embedded" watermark and the shortages about watermarks by whether or not it is changed from the low accuracy and weak anti-aggressive of single-attribute original program. The embedded watermarks are birthmark in checking obfuscated software theft, a software inevitable to affect program load and performance, such identification scheme is proposed which is based on as dynamic path-based software watermarking [6], classification of multi-dimensional features. After disassembly analysis and static analysis on protecting generating the watermark through encoding instruction software and its resisting semantics-preserving sequences or memory address in program; Threading transformations, the algorithm extracts features from many software watermarks [7], encoding watermark by thread dimensions, which combines the statistic and semantic competition, adding multithread to improve robustness features to reflect the behavior characteristic of the software, will lead to reducing efficiency of program execution due analyzing and detecting theft based on similarities of to the introduction of a large number of threads; Dynamic software instead of traditional ways depending on a trusted data structure watermark [8], [9]: the watermark third party or alone-similarity threshold. Through giving information hidden in the memory stack states or global the formal description about the algorithm, depicting the variables domain of the program that will take up algorithm realization, after comparisons and analysis from the qualitative and quantitative, theoretical and memory and change the global variables. experimental aspects, the results show that the algorithm In order to prevent performance degradation when contributes to the resistance to attacks, as well as the watermark is embedded into a program, researches are robustness and credibility, and has advantages compared conducted mostly to limit the amount of loaded with similar methods. information, such as the typical system:Sandmark [10]. If there was more loaded watermark information, Index Terms―software theft, classification learning, invisibility will decrease; if less information was multi-dimension features, software birthmark embedded, the copyright authentication is insufficient, especially for a meaningful watermark (need to embed I. INTRODUCTION more information). In order to prevent the watermarks Malicious software attacks and software piracy already from being attacked, many technologies: encryption and are an indisputable fact, rampant on a global scale and tamper-resistant are also applied to consolidate them, but has seriously hampered the software industry sustainable those will bring more running load inevitably [8], [11]. development [1]. The present software protection is For the above summary, the “embedded” watermarking responsible by software developers, through has two problems: (1) the software performance will be encryption[2], sequence number, Key File, software dog, reduced; (2) It could be removed as time as possible and and so on, , these software protection methods have affect the copyright authentication. So whether don't difficulty realizing the piracy tracking and try to provide insert information or the imbedded information is zero, a uniform legal basis because of different technologies. and can also identify copyright. Watermark, such as Ref. [3] and Ref.[4] and birthmark in In fact, image watermarks are also facing similar [5] were a good attempt in copyright identification and problems above, some scholars have proposed a new protection. concept: "constructed” watermark—image zero- At present, the software watermarks can be divided watermarking [12], [13] to solve that. Subsequently, the © 2014 ACADEMY PUBLISHER doi:10.4304/jsw.9.6.1401-1411 1402 JOURNAL OF SOFTWARE, VOL. 9, NO. 6, JUNE 2014 text zero watermark [14] and database zero-watermark TABLE I [15]. The study on the three types of zero-watermarking FEATURE EXTRACTION ALGORITHMS technology shows that they have a same characteristic that extract features of the carrier, and then use the features to identify carrier while didn’t embedded information into carrier. Just think of software birthmark (unique feature of software). In this paper, software features and a scheme of the constructed software zero-watermark with features are researched. Whether or not the features are anti-aggressive and representative, or the copyright identification scheme constructed by The Table1 shows the shortages in software features is reasonable, is related to the accuracy of identification that was based on one type of feature software copyright discrimination. The paper focuses on objects (a single attribute or only one judgement software multi-dimension features, first using condition), lack of attack resistance. For example classification learning in pattern recognition to build the software confusion attacks [27],[28]: rename confusion judgment model and identify unknown software in order attack will impact on the class name in source; adding to improve the accuracy and objectivity of the copyright useless verbs (dead code)attack affects the frequency and identification. order of API call; smoothing control flow attacks would The remainder of this paper is organized as follows. In affect the extracted edges and vertices of control flow Sections II: through the comparison and discussion on the graph, so using only one kind of attribute object is related work, indicating the significance and value of this insufficient in representation of copyright and weak in paper work; Section III gives the concepts, definitions resistance to different attacks. and formal descriptions about software features and In view of above shortage, one contribution of the copyright identification in order to accurately understand; paper is to improve the recognition accuracy by Section IV studies the overall model of the proposed increasing the type of feature objects (multi-attribute software copyright identification based on features or multiple discriminate conditions), and give multi--dimension features, its formal description, design fully consideration of the software diversity to make and implementation; Simulation results, comparison with features (or birthmark) with the attack resistance and other conventional algorithms, and the experiment and representation. analysis are given in Section V; Finally, the conclusion B. Copyright Identifications Based on Features and outlook are drawn in Section VI. There were two ways to identify software copyright based on extracted features: 1) proving copyright based II. RELATED WORK on a trusted third party [23]; 2) judging software For improving the embedded watermarking, copyright based on a threshold [24]. researchers hope to find a kind of feature is a unique Copyright proof based on a trusted third party is to use feature which is birthmark. The extracted objects and the extracted features and there is a watermark (owner copyright identification schemes based on the objects are information) to generate registration information stored the key problems of correct judgment copyright. in a third party (That can be called the zero-watermark embedding process). When need to prove the software A. Software Feature Object copyright, calculating register information of the third The research on software features initiated the party with the extracted features to retrieve the source-code plagiarism detection system, MOSS watermark (the zero-watermark extracting process). [16],[17], but, sometimes the source code is not available Shown in Fig.1 and Fig.2: and can easily be changed; H. Tamada and the other three members [18] worked on executable code (binaries or bytecode) rather than source code, and took java bytecode set as software features; API calls [19] were choosen to take software features because API calls of a program can be unique and difficult to be forged for an adversary and later were improved for the dynamic API call-level and call-frequency [20] as software features; Heewan Park [21] used the operation code and the static Fig.1.The embedding process based on the third party stack as features to identify software, the christian collbergr team and other researchers [22-24], introduced n-gram and dynamic extraction methods to improve resistance to compression, encryption and packers attacks of features; Control flow edge was also used for software features by Hyun-il Lim [25]; Hunan University [26], Fig.2. The extracting process based on third party researched component dependency graphs characteristics of the software, summarized in Table I: © 2014 ACADEMY PUBLISHER JOURNAL OF SOFTWARE, VOL. 9, NO. 6, JUNE 2014 1403 A shortage of the scheme (Shortage (2)) is a non-blind A. Features and Feature Attributes extraction process that needs to save features of the DEFINITION 1 (Software Features, SF):Refers to all original software in a trusted third

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    11 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us