Hyun-il Lim

A method for detecting the theft of Java programs through analysis of the control flow information

A software birthmark refers to the inherent characteristics of a program that can be used to identify the program. In this paper, a method for detecting the theft of Java programs through a static software birthmark is proposed that is based on the control flow information. The control flow information shows the structural characteristics and the possible behaviors during the execution of program. Flow paths (FP) and behaviors in Java programs are formally described here, and a set of behaviors of FPs is used as a software birthmark. The similarity is calculated by matching the pairs of similar behaviors from two birthmarks. Experiments centered on the proposed birthmark with respect to precision and recall. The performance was evaluated by analyzing the F-measure curves. The experimental results show that the proposed birthmark is a more effective measure compared to earlier approaches for detecting copied programs, even in cases where such programs are aggressively modified.

A static birthmark of binary executables based on API call structure

A software birthmark is a unique characteristic of a program that can be used as a software theft detection. In this paper we suggest and empirically evaluate a static birthmark of binary executables based on API call structure. The program properties employed in this birthmark are functions and standard API calls when the functions are executed. The API calls from a function includes the API calls explicitly found from the function and its descendants within limited depth in the call graph. To statically identify functions, call graphs and API calls, we utilizes IDAPro disassembler and its plug-ins. We define the similarity between two functions as the proportion of the number of all API calls to the number of the common API calls. The similarity between two programs is obtained by the maximum weight bipartite matching between two programs using the function similarity matrix. To show the credibility of the proposed techniques, we compare the same applications with different versions and the various types of applications which include text editors, picture viewers, multimedia players, P2P applications and ftp clients. To show the resilience, we compare binary executables compiled from various compilers. The empirical result shows that the similarities obtained using our birthmark sufficiently indicates the functional and structural similarities among programs.

Detecting Theft of Java Applications via a Static Birthmark Based on Weighted Stack Patterns

A software birthmark means the inherent characteristics of a program that can be used to identify the program. A comparison of such birthmarks facilitates the detection of software theft. In this paper, we propose a static Java birthmark based on a set of stack patterns, which reflect the characteristic of Java applications. A stack pattern denotes a sequence of bytecodes that share their operands through the operand stack. A weight scheme is used to balance the influence of each bytecode in a comparison of the birthmarks. We evaluate the proposed birthmark with respect to two properties required for a birthmark: credibility and resilience. The empirical results show that the proposed birthmark is highly credible and resilient to program transformation. We also compare the proposed birthmark with existing birthmarks, such as that of Tamada et al. and the k-gram birthmark. The experimental results show that the proposed birthmark is more stable than the birthmarks in terms of resilience to program transformation. Thus, the proposed birthmark can provide more reliable evidence of software theft when the software is modified by someone other than author.

Detecting Java Theft Based on Static API Trace Birthmark

Software birthmark is the inherent program characteristics that can identify a program. In this paper, we propose a static API trace birthmark to detect Java theft. Because the API traces can reflect the behavior of a program, our birthmark is more resilient than the existing static birthmarks. Because the API traces are extracted by static analysis, they can be applied to library programs which earlier dynamic birthmarks cannot handle properly. We evaluate the proposed birthmark in terms of credibility and resilience. Experimental results show that our birthmark can detect common library modules of two packages while other birthmarks fail to detect.

A Static Java Birthmark Based on Control Flow Edges

A software birthmark is an inherent characteristic of a program that can be used to identify that program. By comparing the birthmarks of two programs, it is possible to infer if one program is a copy of another. In this paper, we propose a static birthmark based on the control flow edges in Java programs. Control flow edges can represent possible behaviors in program execution. Thus, a set of the control flow edges of a program can be used as a birthmark for that program. The similarity between two programs can then be calculated by finding pairs of similar behaviors of the control flow edges in the two birthmarks. The proposed birthmark is evaluated and compared with previous approaches in terms of credibility and resilience. Experimental results show that the proposed birthmark is more reliable than previous methods for detecting programs that are suspected to be copied.

Detecting code theft via a static instruction trace birthmark for Java methods

A software birthmark is an inherent program characteristic that can identify a program. In this paper, we propose a static instruction trace birthmark to detect code theft of Java methods. Because the static instruction traces can reflect the algorithmic structure of a program, our birthmark can be used to detect algorithm theft which existing static birthmarks cannot handle. Because the static instruction traces are extracted by static analyses, they can be applied to library programs which previous dynamic birthmarks could not. We evaluate the proposed birthmark with respect to two criteria: credibility and resilience. Experimental result shows that our birthmark is more resilient than and at least as credible as the existing Java birthmarks.

Detecting Common Modules in Java Packages Based on Static Object Trace Birthmark

A software birthmark means inherent characteristics that can be used to identify a program. In this paper, we propose a birthmark technique based on object traces of Java programs. Java is an object-oriented programming language that provides various predefined class libraries that help programmers to produce software easily. In order to utilize Java class libraries, we have to use Java object instructions. The Java object instructions are hard to replace or remove, and so a set of sequences of object instructions is a proper candidate to represent inherent characteristics of a program. We propose a new birthmark using the sequences of object instructions. We evaluate the proposed birthmark with open source programs and compare it with previous static birthmarks. Experiments show that the detection capability of our birthmark is much higher than that of other static birthmarks despite obfuscations by Smokescreen and ZKM.

Compiling Lazy Functional Programs Based on the Spineless Tagless G-Machine for the Java Virtual Machine

A systematic method of compiling lazy functional programs based on the Spineless Tagless G-machine (STGM) is presented for the Java Virtual Machine (JVM). A new specification of the STGM, which consists of a compiler and a reduction machine, is presented; the compiler translates a program in the STG language, which is the source language for the STGM, into a program in an intermediate language called L-code, and our reduction machine reduces the L-code program into an answer. With our representation for the reduction machine by the Java language, an L-code program is translated into a Java program simulating the reduction machine. The translated Java programs also run at a reasonable execution speed. Our experiment shows that execution times of translated benchmarks are competitive compared with those in a traditional Haskell interpreter, Hugs, particularly when Glasgow Haskell compilers STG-level optimizations are applied.

Groupers for deterministic guaranteed service in an FH-OFDM wireless system

Groupers are proposed to guarantee strict delay bounds of a large number of real-time sessions in advanced wireless networks that adopt adaptive modulation techniques. We show that the number of admitted sessions is increased significantly, if groupers are used.