Effective and efficient detection of software theft via dynamic API authority vectors

We design a novel feature of a program for detecting software theft.We reflect the sequence and the frequency information of a program to our feature.Our proposed method is credible, resilient, and scalable.Our method outperforms existing software theft detection methods in our experiments. Software theft has become a very serious threat to both the software industry and individual software developers. A software birthmark indicates unique characteristics of a program in question, which can be used for analyzing the similarity of a pair of programs and detecting theft. This paper proposes a novel birthmark, a dynamic API authority vector (DAAV). DAAV satisfies four essential requirements for good birthmarkscredibility, resiliency, scalability, and packing-freewhile existing static birthmarks are unable to handle the packed programs and existing dynamic birthmarks do not satisfy credibility and resiliency. Through our extensive experiments with a set of Windows applications, DAAV is shown to have not only the credibility and resiliency higher than the existing dynamic birthmarks but also the accuracy comparable to that of existing static birthmarks. This result indicates that our proposed birthmark provides high accuracy and also covers packed programs successfully in detecting software theft.