{"@context":{"@vocab":"https://cir.nii.ac.jp/schema/1.0/","rdfs":"http://www.w3.org/2000/01/rdf-schema#","dc":"http://purl.org/dc/elements/1.1/","dcterms":"http://purl.org/dc/terms/","foaf":"http://xmlns.com/foaf/0.1/","prism":"http://prismstandard.org/namespaces/basic/2.0/","cinii":"http://ci.nii.ac.jp/ns/1.0/","datacite":"https://schema.datacite.org/meta/kernel-4/","ndl":"http://ndl.go.jp/dcndl/terms/","jpcoar":"https://github.com/JPCOAR/schema/blob/master/2.0/"},"@id":"https://cir.nii.ac.jp/crid/1390282679355307008.json","@type":"Article","productIdentifier":[{"identifier":{"@type":"DOI","@value":"10.1587/transinf.2015edp7379"}},{"identifier":{"@type":"URI","@value":"https://www.jstage.jst.go.jp/article/transinf/E99.D/7/E99.D_2015EDP7379/_pdf"}},{"identifier":{"@type":"NAID","@value":"130005160311"}}],"dc:title":[{"@language":"en","@value":"API-Based Software Birthmarking Method Using Fuzzy Hashing"}],"dc:language":"en","description":[{"type":"abstract","notation":[{"@language":"en","@value":"The software birthmarking technique has conventionally been studied in fields such as software piracy, code theft, and copyright infringement. The most recent API-based software birthmarking method (Han et al., 2014) extracts API call sequences in entire code sections of a program. Additionally, it is generated as a birthmark using a cryptographic hash function (MD5). It was reported that different application types can be categorized in a program through pre-filtering based on DLL/API numbers/names. However, similarity cannot be measured owing to the cryptographic hash function, occurrence of false negatives, and it is difficult to functionally categorize applications using only DLL/API numbers/names. In this paper, we propose an API-based software birthmarking method using fuzzy hashing. For the native code of a program, our software birthmarking technique extracts API call sequences in the segmented procedures and then generates them using a fuzzy hash function. Unlike the conventional cryptographic hash function, the fuzzy hash is used for the similarity measurement of data. Our method using a fuzzy hash function achieved a high reduction ratio (about 41% on average) more than an original birthmark that is generated with only the API call sequences. In our experiments, when threshold ε is 0.35, the results show that our method is an effective birthmarking system to measure similarities of the software. Moreover, our correlation analysis with top 50 API call frequencies proves that it is difficult to functionally categorize applications using only DLL/API numbers/names. Compared to prior work, our method significantly improves the properties of resilience and credibility."}],"abstractLicenseFlag":"disallow"}],"creator":[{"@id":"https://cir.nii.ac.jp/crid/1410282679355307011","@type":"Researcher","personIdentifier":[{"@type":"NRID","@value":"9000326651574"}],"foaf:name":[{"@language":"en","@value":"KANG Dongwoo"}],"jpcoar:affiliationName":[{"@language":"en","@value":"College of Information and Communication Engineering, Sungkyunkwan University"}]},{"@id":"https://cir.nii.ac.jp/crid/1410282679355307008","@type":"Researcher","personIdentifier":[{"@type":"NRID","@value":"9000326651573"}],"foaf:name":[{"@language":"en","@value":"LEE Donghoon"}],"jpcoar:affiliationName":[{"@language":"en","@value":"College of Information and Communication Engineering, Sungkyunkwan University"}]},{"@id":"https://cir.nii.ac.jp/crid/1410282679355307010","@type":"Researcher","personIdentifier":[{"@type":"NRID","@value":"9000326651576"}],"foaf:name":[{"@language":"en","@value":"KIM Jiye"}],"jpcoar:affiliationName":[{"@language":"en","@value":"College of Information and Communication Engineering, Sungkyunkwan University"}]},{"@id":"https://cir.nii.ac.jp/crid/1410282679355307012","@type":"Researcher","personIdentifier":[{"@type":"NRID","@value":"9000326651575"}],"foaf:name":[{"@language":"en","@value":"CHOI Younsung"}],"jpcoar:affiliationName":[{"@language":"en","@value":"Department of Cyber Security, Howon University"}]},{"@id":"https://cir.nii.ac.jp/crid/1410282679355307009","@type":"Researcher","personIdentifier":[{"@type":"NRID","@value":"9000326651577"}],"foaf:name":[{"@language":"en","@value":"WON Dongho"}],"jpcoar:affiliationName":[{"@language":"en","@value":"College of Information and Communication Engineering, Sungkyunkwan University"}]}],"publication":{"publicationIdentifier":[{"@type":"PISSN","@value":"09168532"},{"@type":"EISSN","@value":"17451361"}],"prism:publicationName":[{"@language":"en","@value":"IEICE Transactions on Information and Systems"},{"@language":"en","@value":"IEICE Trans. Inf. & Syst."}],"dc:publisher":[{"@language":"en","@value":"The Institute of Electronics, Information and Communication Engineers"},{"@language":"ja","@value":"一般社団法人 電子情報通信学会"}],"prism:publicationDate":"2016","prism:volume":"E99.D","prism:number":"7","prism:startingPage":"1836","prism:endingPage":"1851"},"reviewed":"false","url":[{"@id":"https://www.jstage.jst.go.jp/article/transinf/E99.D/7/E99.D_2015EDP7379/_pdf"}],"availableAt":"2016","foaf:topic":[{"@id":"https://cir.nii.ac.jp/all?q=software%20birthmark","dc:title":"software birthmark"},{"@id":"https://cir.nii.ac.jp/all?q=birthmarking%20systems","dc:title":"birthmarking systems"},{"@id":"https://cir.nii.ac.jp/all?q=software%20similarity","dc:title":"software similarity"},{"@id":"https://cir.nii.ac.jp/all?q=fuzzy%20hash","dc:title":"fuzzy hash"},{"@id":"https://cir.nii.ac.jp/all?q=API-based%20sequences","dc:title":"API-based sequences"}],"relatedProduct":[{"@id":"https://cir.nii.ac.jp/crid/1361137045407782272","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"K-gram based software birthmarks"}]},{"@id":"https://cir.nii.ac.jp/crid/1361418518635449344","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"The MD5 Message-Digest Algorithm"}]},{"@id":"https://cir.nii.ac.jp/crid/1361418520321637504","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"A dynamic birthmark for java"}]},{"@id":"https://cir.nii.ac.jp/crid/1361981469006970880","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"Detecting Java Theft Based on Static API Trace Birthmark"}]},{"@id":"https://cir.nii.ac.jp/crid/1361981469750706944","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"Dynamic path-based software watermarking"}]},{"@id":"https://cir.nii.ac.jp/crid/1362262943403331328","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"Detecting Software Theft via Whole Program Path Birthmarks"}]},{"@id":"https://cir.nii.ac.jp/crid/1362262944579286272","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"Software Similarity and Classification"}]},{"@id":"https://cir.nii.ac.jp/crid/1362544419343022208","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"Digital forensics research: The next 10 years"}]},{"@id":"https://cir.nii.ac.jp/crid/1362544419703658368","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"A static API birthmark for Windows binary executables"}]},{"@id":"https://cir.nii.ac.jp/crid/1362544419717835008","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"Sandmark-A tool for software protection research"}]},{"@id":"https://cir.nii.ac.jp/crid/1362825894931848576","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"A Survey of Software Watermarking"}]},{"@id":"https://cir.nii.ac.jp/crid/1363107368404571776","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"A method for detecting the theft of Java programs through analysis of the control flow information"}]},{"@id":"https://cir.nii.ac.jp/crid/1363107370497388800","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"Software watermarking"}]},{"@id":"https://cir.nii.ac.jp/crid/1363107370885495040","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"Watermarking, tamper-proofing, and obfuscation - tools for software protection"}]},{"@id":"https://cir.nii.ac.jp/crid/1363388846336429568","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"Tamper resistant software: an implementation"}]},{"@id":"https://cir.nii.ac.jp/crid/1363670321136682752","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"Multi-resolution similarity hashing"}]},{"@id":"https://cir.nii.ac.jp/crid/1363951794665616256","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"Identifying almost identical files using context triggered piecewise hashing"}]},{"@id":"https://cir.nii.ac.jp/crid/1363951795260625536","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"A Software Birthmark Based on Dynamic Opcode n-gram"}]},{"@id":"https://cir.nii.ac.jp/crid/1363951795885830400","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@value":"An Efficient Categorization of the Instructions Based on Binary Excutables for Dynamic Software Birthmark"}]},{"@id":"https://cir.nii.ac.jp/crid/1390282679356056320","@type":"Article","relationType":["references"],"jpcoar:relatedTitle":[{"@language":"en","@value":"Detecting Theft of Java Applications via a Static Birthmark Based on Weighted Stack Patterns"}]}],"dataSourceIdentifier":[{"@type":"JALC","@value":"oai:japanlinkcenter.org:2001025739"},{"@type":"CROSSREF","@value":"10.1587/transinf.2015edp7379"},{"@type":"CIA","@value":"130005160311"}]}