A Static Api Birthmark For Windows Binary Executables

Seokwoo Choi; Heewan Park; Hyun-il Lim; Taisook Han

首页> 外文期刊>Journal of systems and software >A Static Api Birthmark For Windows Binary Executables

【24h】

A Static Api Birthmark For Windows Binary Executables

机译：Windows二进制可执行文件的静态Api胎记

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

A software birthmark is the inherent characteristics of a program extracted from the program itself. By comparing birthmarks, we can detect whether a program is a copy of another program or not. We propose a static API birthmark for Windows executables that utilizes sets of API calls identified by a disassembler statically. By comparing 49 Windows executables, we show that our birthmark can distinguish similar programs and detect copies. By comparing binaries generated by various compilers, we also demonstrate that our birthmark is resilient. We compare our birthmark with a previous Windows dynamic-birthmark to show that it is more appropriate for GUI applications.

机译：软件胎记是从程序本身提取的程序的固有特性。通过比较胎记，我们可以检测一个程序是否是另一个程序的副本。我们为Windows可执行文件提出了一个静态API胎记，该标记利用由反汇编程序静态标识的API调用集。通过比较49个Windows可执行文件，我们表明胎记可以区分相似程序并检测副本。通过比较各种编译器生成的二进制文件，我们还证明了我们的胎记是有弹性的。我们将胎记与以前的Windows动态胎记进行比较，以表明它更适合GUI应用程序。

著录项

来源
《Journal of systems and software》 |2009年第5期|862-873|共12页
作者
Seokwoo Choi; Heewan Park; Hyun-il Lim; Taisook Han;
展开▼
作者单位

Division of Computer Science, Korea Advanced Institute of Science and Technology, 335 Gwahangno, Yuseong-gu, Daejeon 305-701, Republic of Korea;

Division of Computer Science, Korea Advanced Institute of Science and Technology, 335 Gwahangno, Yuseong-gu, Daejeon 305-701, Republic of Korea;

Division of Computer Science, Korea Advanced Institute of Science and Technology, 335 Gwahangno, Yuseong-gu, Daejeon 305-701, Republic of Korea;

Division of Computer Science, Korea Advanced Institute of Science and Technology, 335 Gwahangno, Yuseong-gu, Daejeon 305-701, Republic of Korea;

展开▼
收录信息
原文格式 PDF
正文语种 eng
中图分类
关键词
software birthmark; software theft detection; software security; static analysis; reverse engineering;

机译：软件胎记;软件盗窃检测;软件安全性;静态分析;逆向工程;

相似文献

外文文献
中文文献
专利

1. Mostly Static Program Partitioning of Binary Executables [J] . EFE YARDIMCI, MICHAEL FRANZ ACM Transactions on Programming Languages and Systems . 2009,第5期

机译：二进制可执行文件的大多数静态程序分区
2. Using Dynamic Information in the Interprocedural Static Slicing of Binary Executables [J] . AKOS KISS, JUDIT JASZ, TIBOR GYIMOTHY Software Quality Journal . 2005,第3期

机译：在二进制可执行文件的过程间静态切片中使用动态信息
3. Software Birthmark Method Using Combined Structure–Based and API–Based [J] . Donghoon Lee, Dongwoo Kang, Jiye Kim, Journal of Computers . 2017,第2期

机译：基于组合结构和基于API的软件出生标记方法
4. A Static Birthmark of Binary Executables Based on API Call Structure [C] . Seokwoo Choi, Heewan Park, Hyun-il Lim, Asian Computing Science Conference(ASIAN 2007); 20071209-11; Doha(QA) . 2007

机译：基于API调用结构的二进制可执行文件的静态出生标记
5. Ransomware Detection on Windows Platform Using Machine Learning-Based Threat Detection Model of API Calls [D] . Basavaraju, Sai Krishna Teja. 2021

机译：使用基于机器学习的API呼叫的威胁检测模型对Windows平台上的赎金软件检测
6. Ffuzz: Towards full system high coverage fuzz testing on binary executables [O] . Bin Zhang, Jiaxi Ye, Xing Bi, 2012

机译：Ffuzz：对二进制可执行文件进行全系统高覆盖率的模糊测试
7. A Static Birthmark of Binary Executables Based on API Call Structure [O] . Seokwoo Choi, Heewan Park, Hyun-il Lim, 2007

机译：基于apI调用结构的二进制可执行文件的静态胎记
8. Bin-Carver: Automatic Recovery of Binary Executable Files. [R] . Hand, S., Lin, Z., Gu, G., 2012

机译：Bin-Carver：自动恢复二进制可执行文件。

A Static Api Birthmark For Windows Binary Executables

摘要

著录项

相似文献

相关主题

期刊订阅