Effective and efficient detection of software theft via dynamic API authority vectors

Software theft has become a very serious threat to both the software industry and individual software developers. A software birthmark indicates unique characteristics of a program in question, which can be used for analyzing the similarity of a pair of programs and detecting theft. This paper proposes a novel birthmark, a dynamic API authority vector (DAAV). DAAV satisfies four essential requirements for good birthmarks-credibility, resiliency, scalability, and packing-free-while existing static birthmarks are unable to handle the packed programs and existing dynamic birthmarks do not satisfy credibility and resiliency. Through our extensive experiments with a set of Windows applications, DAAV is shown to have not only the credibility and resiliency higher than the existing dynamic birthmarks but also the accuracy comparable to that of existing static birthmarks. This result indicates that our proposed birthmark provides high accuracy and also covers packed programs successfully in detecting software theft.