A static API birthmark for Windows binary executables
A software birthmark is the inherent characteristics of a program extracted from the program itself. By comparing birthmarks, we can detect whether a program is a copy of another program or not. We propose a static API birthmark for Windows executables that utilizes sets of API calls identified by a disassembler statically. By comparing 49 Windows executables, we show that our birthmark can distinguish similar programs and detect copies. By comparing binaries generated by various compilers, we also demonstrate that our birthmark is resilient. We compare our birthmark with a previous Windows dynamic birthmark to show that it is more appropriate for GUI applications. (C) 2008 Elsevier Inc. All rights reserved.
- Publisher
- ELSEVIER SCIENCE INC
- Issue Date
- 2009-05
- Language
- English
- Article Type
- Article
- Keywords
ALGORITHM
- Citation
JOURNAL OF SYSTEMS AND SOFTWARE, v.82, no.5, pp.862 - 873
- ISSN
- 0164-1212
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 32 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.