A software classification scheme using binary-level characteristics for efficient software filtering


From research surveys, it has been reported that on a global scale, an estimated one-third of PC software currently in use is counterfeit. In addition, the sources of this pirated software include peer-to-peer networks, auction sites, websites among others. Presently, this software piracy can be solved or mitigated by use of software filtering systems. Such systems employ automated techniques to identify and filter out illegal copies of software for the purpose of inhibiting its transmission through networks. These systems determine whether the suspicious program is legal or not by comparing it with authentic programs in a database. Unfortunately, during this similarity determination process, comparison overhead at times may run very high since the suspicious program has to be compared with all the software in the database. Consequently, this is time consuming and tedious which therefore calls for the need to improve the comparison technique employed.

Dankook University researchers in Korea: Ms Yesol Kim, Professor Seong-je Cho, Professor Sangchul Han and Professor Ilsun You developed a novel alternative software classification scheme for efficient software filtering systems, mainly focusing on executable files for Microsoft Windows platforms  which are usually the prime targets of piracy. The researchers also anticipated that their scheme would be able to extract software characteristics that reflects a program’s functionality from a binary executable file and utilizes the characteristics to classify the program. Their work is published in the research journal, Soft Computing.

Briefly, the research method employed entailed the use of two proposed techniques as advanced by the researchers. The techniques were based on the fact that any programs’ functionality can be obtained from binary executables. The first technique focused on extracting strings from Graphic User Interface-related resources of a program and computing the relevance of the program to each category based on the pre-computed score of the strings. The second technique operated by extracting API call frequency from a program’s execution codes. It also used Random Forest technique to classify the program. Eventually, they verified the effectiveness of their software classification scheme by carrying out experiments and performance evaluations.

The authors observed that the novel software classification scheme could efficiently classify the PE format executable programs. Moreover, it was seen that the scheme achieved a very low time overhead. Unfortunately, the team realized that the scheme was incapable of handling illegal binaries that were hacked with code obfuscation techniques like packing and encryption.

The Dankook University scientists have successfully presented two characteristic-based software classification methods which can be used for software filtering systems. In this work, the software characteristics employed reflect the program’s functionality which can be obtained from binary executables. Altogether, this work has shown and proven that the proposed software categorization scheme can classify programs efficiently and can also lessen the comparison overhead considerably despite the encountered setback.

A software classification scheme using binary-level characteristics for efficient software filtering

A software classification scheme using binary-level characteristics for efficient software filtering 2

About the author

Yesol Kim received the Bachelor’s degree in Computer Engineering from Dankook University in 2014, and the Master’s degree in Computer Science and Engineering from Dankook University in 2015, respectively. Her research interests are computer security and machine learning, especially interested in software protection technologies through software similarity analysis and software classification techniques. She has mainly studied on extracting and analyzing software birthmarks and features through static/dynamic analysis, and written several papers on those topics.

About the author

Seong-je Cho received the B.E., M.E. and Ph.D. degrees in Computer Engineering from Seoul National University in 1989, 1991 and 1996, respectively. In 1997, he joined the faculty of Dankook University, Korea, where he is currently a Professor in Department of Computer Science & Engineering (Graduate school) and Department of Software Science (Undergraduate school). His current research interests include computer security, mobile app security, operating systems, and software intellectual property protection.

He was a visiting research professor at Department of EECS, University of California, Irvine, USA in 2001, and at Department of Electrical and Computer Engineering, University of Cincinnati, USA in 2009 respectively. He is an author of over 70 papers in refereed international journals and international conference proceedings. He was an honoree for Asia-Pacific Information Security Leadership Achievements (ISLA) in 2015, recognized by International information system security certification consortium ((ISC)2). Dr. Cho was a Track Chair for IoT Track (previously, Smart Grid and Smart Technologies Track) in the ACM International Symposium on Applied Computing (ACM SAC) in 2015-2018. He also served Program Committees of over 20 international conferences including IEEE ISORC, IEEE TENCON, ACM RACS, and WISA.

He is now the editor-in-chief of the “Software and Applications” section of Journal of Korean Institute of Information Scientists and Engineering (KIISE). He is a member of the ACM. 

About the author

Sangchul Han received a B.S. degree in Computer Science from Yonsei University in 1998, an M.E. degree in Computer Engineering from Seoul National University in 2000, and a Ph.D. degree in System Software from Seoul National University in 2007. He is currently a professor in the Dept. of Software Technology in the Division of ICT Convergence Engineering at Konkuk University, Chungju, Korea. He has previously been a researcher at Samsung Electronics Software Research Center, Suwon, Korea.

His research interests are in the area of computer security, focusing on software protection techniques using machine learning or feature based software classification, static and dynamic mobile software analysis, Android application code packing, firmware vulnerability analysis of wearable devices, anti-reverse engineering technique for Android applications and software birthmark. He is also interested in embedded systems, focusing on real-time multiprocessor scheduling and low power techniques using dynamic voltage scaling. He has published over 50 peer-reviewed research papers.

About the author

IET Fellow/ IEEE Senior Member
IFIP WG8.4 member (http://ifip84.sba-research.org/)
Department Chair/ Associate Professor
Dept. of Information Security Engineering
Soonchunhyang University
Republic of Korea (South Korea)
E-mail: isyou at sch.ac.kr or [email protected]

Dr. Ilsun YOU received the MS and PhD degrees in computer science from Dankook University, Seoul, Korea, in 1997 and 2002, respectively. He received the second PhD degree from Kyushu University, Japan, in 2012. From 1997 to 2004, he was at the THINmultimedia Inc., Internet Security Co., Ltd. and Hanjo Engineering Co., Ltd. as a research engineer. Now, he is an associate professor at Department of Information Security Engineering, Soonchunhyang University. He has served or is currently serving as a main organizer of international conferences and workshops such as MIST, MobiSec, MobiWorld, and so forth. Dr. YOU is the EiC of Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA).

He is in the Editorial Board for Information Sciences (INS), Journal of Network and Computer Applications (JNCA), IEEE Access, Intelligent Automation & Soft Computing (AutoSoft), International Journal of Ad Hoc and Ubiquitous Computing (IJAHUC), Computing and Informatics (CAI), and Journal of High Speed Networks (JHSN).

His main research interests include internet security, authentication, access control, and formal security analysis. He is a Fellow of the IET and a Senior member of the IEEE.


Yesol Kim, Seong-je Cho, Sangchul Han, Ilsun You. A software classification scheme using binary-level characteristics for efficient software filtering. Soft Comput (2018) 22:595–606.


Go To Soft Computing

Check Also

Tension structure of anticlastic membranes with barrel vaulted arches - Advances in Engineering

Tension structure of anticlastic membranes with barrel vaulted arches