A Static Birthmark of Windows Binary Executables Based on Strings


A software birthmark is a unique characteristic or a set of those characteristics that are used to identify the program or to measure similarities between programs. Existing birthmarks have two problems. First, when an executable file is generated, some information of the source code is deformed or lost. Second, the amount of data to be processed and the processing time for extracting the birthmark are very large. This paper provides a new birthmark that can solve such problems. This birthmark takes advantage of the information, which is not lost in the executable file and is also associated with API to be used by the program. Experimental results show that the proposed birthmark can be used to effectively measure similarities between programs.

DOI: 10.1109/IMIS.2013.30

4 Figures and Tables

Cite this paper

@article{Kim2013ASB, title={A Static Birthmark of Windows Binary Executables Based on Strings}, author={Yesol Kim and Jeongoh Moon and Dongjin Kim and Younsik Jeong and Seong-je Cho and Minkyu Park and Sangchul Han}, journal={2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing}, year={2013}, pages={734-738} }