From research surveys, it has been reported that on a global scale, an estimated one-third of PC software currently in use is counterfeit. In addition, the sources of this pirated software include peer-to-peer networks, auction sites, websites among others. Presently, this software piracy can be solved or mitigated by use of software filtering systems. Such systems employ automated techniques to identify and filter out illegal copies of software for the purpose of inhibiting its transmission through networks. These systems determine whether the suspicious program is legal or not by comparing it with authentic programs in a database. Unfortunately, during this similarity determination process, comparison overhead at times may run very high since the suspicious program has to be compared with all the software in the database. Consequently, this is time consuming and tedious which therefore calls for the need to improve the comparison technique employed.
Dankook University researchers in Korea: Ms Yesol Kim, Professor Seong-je Cho, Professor Sangchul Han and Professor Ilsun You developed a novel alternative software classification scheme for efficient software filtering systems, mainly focusing on executable files for Microsoft Windows platforms which are usually the prime targets of piracy. The researchers also anticipated that their scheme would be able to extract software characteristics that reflects a program’s functionality from a binary executable file and utilizes the characteristics to classify the program. Their work is published in the research journal, Soft Computing.
Briefly, the research method employed entailed the use of two proposed techniques as advanced by the researchers. The techniques were based on the fact that any programs’ functionality can be obtained from binary executables. The first technique focused on extracting strings from Graphic User Interface-related resources of a program and computing the relevance of the program to each category based on the pre-computed score of the strings. The second technique operated by extracting API call frequency from a program’s execution codes. It also used Random Forest technique to classify the program. Eventually, they verified the effectiveness of their software classification scheme by carrying out experiments and performance evaluations.
The authors observed that the novel software classification scheme could efficiently classify the PE format executable programs. Moreover, it was seen that the scheme achieved a very low time overhead. Unfortunately, the team realized that the scheme was incapable of handling illegal binaries that were hacked with code obfuscation techniques like packing and encryption.
The Dankook University scientists have successfully presented two characteristic-based software classification methods which can be used for software filtering systems. In this work, the software characteristics employed reflect the program’s functionality which can be obtained from binary executables. Altogether, this work has shown and proven that the proposed software categorization scheme can classify programs efficiently and can also lessen the comparison overhead considerably despite the encountered setback.
Yesol Kim, Seong-je Cho, Sangchul Han, Ilsun You. A software classification scheme using binary-level characteristics for efficient software filtering. Soft Comput (2018) 22:595–606.
Go To Soft Computing