基于栈行为动态胎记的软件抄袭检测方法

doi:10.6040/j.issn.1671-9352.2.2014.123

山东大学学报（理学版） ›› 2014, Vol. 49 ›› Issue (09): 9-16.doi: 10.6040/j.issn.1671-9352.2.2014.123

基于栈行为动态胎记的软件抄袭检测方法

范铭, 刘均, 郑庆华, 田振洲, 庄尔悦, 刘烃

西安交通大学计算机科学与技术系, 智能网络与网络安全教育部重点实验室, 陕西西安 710049

收稿日期:2014-06-24 修回日期:2014-08-27 出版日期:2014-09-20 发布日期:2014-09-30
通讯作者: 刘烃（1981-），男，讲师，博士，主要从事智能电网和可信计算方面的研究.E-mail：tingliu@mail.xjtu.edu.cn E-mail:tingliu@mail.xjtu.edu.cn
作者简介:范铭（1991-），男，硕士研究生，研究方向为可信软件.E-mail：fanming.911025@stu.xjtu.edu.cn
基金资助:
国家自然科学基金资助项目（91118005，91218301，61221063，61203174）；国家高技术研究发展计划（“八六三”计划）项目（2012AA011003）；长江学者基金资助项目；教育部创新团队项目（IRT13035）；国家科技支撑计划项目（2012BAH16F02）；中央高校基本科研业务费专项资金资助项目

SODB：a novel method for software plagiarism detection based on stack operation dynamic birthmark

FAN Ming, LIU Jun, ZHENG Qing-hua, TIAN Zhen-zhou, ZHUANG Er-yue, LIU Ting

Ministry of Education Key Lab for Intelligent Networks and Network Security, Department of Computer Science and Technology, Xi'an Jiaotong University, Xi'an 710049, Shaanxi, China

Received:2014-06-24 Revised:2014-08-27 Online:2014-09-20 Published:2014-09-30

摘要/Abstract

摘要： 软件抄袭检测是软件知识产权保护的关键技术之一。提出了一种新的软件胎记——栈行为动态胎记（stack operation dynamic birthmark，SODB），根据软件在执行过程中函数调用栈的入栈和出栈行为，生成栈深度变化序列标识软件；通过计算不同软件在相同输入条件下栈行为动态胎记的相似性，评估软件功能和执行过程的相似度，判断软件是否存在抄袭。实验中对14种35个版本的开源软件，利用不同编译器、编译条件和混淆工具进行处理，共生成了87个实验样本。试验结果表明本方法可以在缺少源代码情况下，准确识别出存在抄袭的软件，误判率和漏判率仅为6.7%和7%。

关键词: 软件混淆, 栈行为动态胎记, 软件抄袭检测

Abstract: Software plagiarism detection is one of the key techniques for the protection of software intellectual property. In this paper, a new kind of dynamic birthmark SODB (stack operation dynamic birthmark) was proposed, which utilizes the characteristics of push and pop operation of call stack during program execution, to uniquely identify the program. Plagiarism detection was realized by evaluating the similarity of their SODBs among different programs providing the same inputs. In the experiments, 35 versions of 14 different softwares taken from the Source Forge were selected, based on which 87 samples were generated totally by processing with different compilers and optimization levels and semantic-preserving code obfuscation techniques. The quality of our SODB was evaluated with these 87 experimental objects, and the results show that our method can accurately recognize plagiarism between copies and distinguish between independently implemented programs with only about 6.7% misjudgement rate and 7% false negative rate at the absence of software source code.

Key words: software plagiarism detection, software obfuscation, stack operation dynamic birthmark

中图分类号:

TP309

范铭, 刘均, 郑庆华, 田振洲, 庄尔悦, 刘烃. 基于栈行为动态胎记的软件抄袭检测方法[J]. 山东大学学报（理学版）, 2014, 49(09): 9-16.

FAN Ming, LIU Jun, ZHENG Qing-hua, TIAN Zhen-zhou, ZHUANG Er-yue, LIU Ting. SODB：a novel method for software plagiarism detection based on stack operation dynamic birthmark[J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2014, 49(09): 9-16.

参考文献

[1] Tuicool. Samsung demands access to apple's iOS 6 source code innotification lawsuit in Korea[EB/OL]. [2013-01-25]. http://www.tuicool.com/articles/j2INVn.
[2] JHI Yoon-Chan, WANG Xinran, JIA Xiaoqi, et al. Value-based program characterization and its application to software plagiarism detection[C]//Proceedings of the 33rd International Conference on Software Engineering. Piscataway: IEEE Press, 2011:756-765.
[3] KIM D J, HAN Yongman, CHO Seong-je, et al. Measuring similarity of windows applications using static and dynamic birthmarks[C]//Proceedings of the 28th Annual ACM Symposium on Applied Computing. New York: ACM Press, 2013: 1628-1633.
[4] CHOI Jongcheon,HAN Yongman, CHO Seong-je, et al. A survey of feature extraction techniques to detect the theft of windows applications[C]//Proceedings of the 7th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS).[S.l.]:[s.n.], 2013:723-731.
[5] TAMADA H, NAKAMURA M, MONDEN A, et al. Java birthmarks-detecting the software theft[J]. IEICE Transactions on Information and Systems, 2005, E88D(9): 2148-2158.
[6] JANG M, KOOK J, RYU S, et al. An efficient similarity comparison based on core API calls[C]//Proceedings of the 28th Annual ACM Symposium on Applied Computing. New York: ACM Press, 2013:1634-1638.
[7] TIAN Zhenzhou,ZHENG Qinghua, LIU Ting, et al. DKISB: dynamic key instruction sequence birthmark for software plagiarism detection[C]//Proceedings of 2013 IEEE International Conference on High-Performance Computing and Communications (HPCC) & 2013 IEEE International Conference on Embedded and Ubiquitous Computing (EUC). Washington: IEEE Computer Society, 2013:619-627.
[8] PARK H, CHOI S, LIM H, et al. Detecting code theft via a static instruction trace birthmark for Java methods[C]//Proceedings of the 6th IEEE International Conference onIndustrial Informatics. Washington: IEEE Computer Society, 2008:519-524.
[9] 谢鑫.基于程序属性的Java静态软件胎记技术研究[D].郑州:解放军信息工程大学,2011. XIE Xin. Research on program properties based Java static software birth marking [D]. Zhengzhou: The PLA Information Engineering University, 2011.
[10] LIM Hyun-il, HAN Taisook. Analyzing stack flows to compare Java programs[J]. IEICE Transactions on Information and Systems, 2012, E95D(2): 565-576.
[11] SCHULER D, DALLMEIER V, LINDIG C. A dynamic birthmark for Java[C]//Proceedings of the 22nd IEEE/ACM International Conference on Automated Software Engineering. New York: ACM Press,2007:274-283.
[12] CHOI Jongcheon, HAN Yongman, CHO Seong-je, et al. A static birthmark for MS Windows applications using import address table[C]//Proceedings of the 7th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS). New York: IEEE, 2013:129-134.
[13] YESOL K, JEONGOH M, DONGJIN K, et al. A static birthmark of windows binary executables based on strings[C]//Proceedings of the 7th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS). Los Alamitos: IEEE Computer Society, 2013:734-738.
[14] 陈林,刘粉林,芦斌,等.基于k-gram频数的静态软件胎记[J].计算机工程,2011, 37(4):46-48. CHEN Lin, LIU Fenlin, LU Bin, et al. Static software birthmark based on k-gram frequency[J]. Computer Engineering, 2011, 37(4): 46-48.
[15] CHAE D, KIM S, HA J, et al. Software plagiarism detection via the static API call frequency birthmark[C]//Proceedings of the 28th Annual ACM Symposium on Applied Computing. New York: ACM Press, 2013:1639-1643.
[16] FUKUDA K, TAMADA H. A dynamic birthmark from analyzing operand stack runtime behavior to detect copied software[C]//Proceedings of the 14th ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD). New York: IEEE, 2013:505-510.
[17] JANG J, CHOI S, HONG J. A method for resilient graph-based comparison of executable objects[C]//Proceedings of the 2012 ACM Research in Applied Computation Symposium. New York: ACM Press, 2012:288-289.
[18] TIAN Zhenzhou, ZHENG Qinghua, LIU Ting, et al. Plagiarism detection for multithread software based on thread-aware software birthmarks[C]//Proceedings of IEEE International Conference on Program Conprehension(ICPC14). New York: IEEE, 2014:303-314.
[19] COLLBERG C, MYLES G R, HUNTWORK A.Sandmark—a tool for software protection research[J]. IEEE Security & Privacy, 2003, 1(4): 40-49.

多维度评价

Viewed

Full text

Abstract

Cited

Shared

Discussed

基于栈行为动态胎记的软件抄袭检测方法

SODB：a novel method for software plagiarism detection based on stack operation dynamic birthmark

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

多维度评价

本文评价

推荐阅读 0

[1]	晏燕,郝晓弘. 差分隐私密度自适应网格划分发布方法[J]. 山东大学学报（理学版）, 2018, 53(9): 12-22.
[2]	焦鸿儒,秦静. 可实现全部超星量子存取结构的量子秘密共享方案[J]. 山东大学学报（理学版）, 2018, 53(9): 62-68.
[3]	许力冬,王明强. 对10轮AES-128的中间相遇攻击[J]. 山东大学学报（理学版）, 2018, 53(7): 39-45.
[4]	张建标,李志刚,刘国杰,王超,王玮. 面向Windows环境进程主动动态度量方法[J]. 山东大学学报（理学版）, 2018, 53(7): 46-50.
[5]	崔朝阳,孙甲琦,徐松艳,蒋鑫. 适用于集群无人机的自组网安全分簇算法[J]. 山东大学学报（理学版）, 2018, 53(7): 51-59.
[6]	刘政,牛芳琳,钱大兴,蔡希彪,郭颖. 基于喷泉码的防窃听编码设计[J]. 山东大学学报（理学版）, 2018, 53(7): 60-64.
[7]	刘明明,张敏情,刘佳,高培贤. 一种基于浅层卷积神经网络的隐写分析方法[J]. 山东大学学报（理学版）, 2018, 53(3): 63-70.
[8]	阮树骅,瓮俊昊,毛麾,陈雪莲. 云安全风险评估度量模型[J]. 山东大学学报（理学版）, 2018, 53(3): 71-76.
[9]	康海燕,黄渝轩,陈楚翘. 基于视频分析的地理信息隐私保护方法[J]. 山东大学学报（理学版）, 2018, 53(1): 19-29.
[10]	孟博,鲁金钿,王德军,何旭东. 安全协议实施安全性分析综述[J]. 山东大学学报（理学版）, 2018, 53(1): 1-18.
[11]	谭韧,殷肖川,焦贤龙,廉哲,陈玉鑫. 一种软件定义APT攻击移动目标防御网络架构[J]. 山东大学学报（理学版）, 2018, 53(1): 38-45.
[12]	孙泽锐,王继军,李国祥,夏国恩. 基于插值图像的可逆信息隐藏算法[J]. 山东大学学报（理学版）, 2018, 53(1): 46-52.
[13]	孙亮,陈小春,钟阳,林志鹏,任彤. 基于可信BMC的服务器安全启动机制[J]. 山东大学学报（理学版）, 2018, 53(1): 89-94.
[14]	姚克,朱斌瑞,秦静. 基于生物信息的可验证公钥可搜索加密协议[J]. 山东大学学报（理学版）, 2017, 52(11): 11-22.
[15]	韩盼盼,秦静. 云计算中可验证的外包数据库加密搜索方案[J]. 山东大学学报（理学版）, 2017, 52(9): 41-53.