HIDDEN MARKOV MODELS FOR SOFTWARE PIRACY DETECTION

The unauthorized copying of software is often referred to as software piracy. Soft- ware piracy causes billions of dollars of annual losses for companies and governments worldwide. In this project, we analyze a method for detecting software piracy. A meta- morphic generator is used to create morphed copies of a base piece of software. A hidden Markov Model is trained on the opcode sequences extracted from these mor- phed copies. The trained model is then used to score suspect software to determine its similarity to the base software. A high score indicates that the suspect software may be a modified version of the base software and, therefore, further investigation is warranted. In contrast, a low score indicates that the suspect software differs sig- nificantly from the base software. We show that our approach is robust, in the sense that the base software must be extensively modified before it is not detected

Robust Watermarking using Hidden Markov Models

Software piracy is the unauthorized copying or distribution of software. It is a growing problem that results in annual losses in the billions of dollars. Prevention is a difficult problem since digital documents are easy to copy and distribute. Watermarking is a possible defense against software piracy. A software watermark consists of information embedded in the software, which allows it to be identified. A watermark can act as a deterrent to unauthorized copying, since it can be used to provide evidence for legal action against those responsible for piracy.In this project, we present a novel software watermarking scheme that is inspired by the success of previous research focused on detecting metamorphic viruses. We use a trained hidden Markov model (HMM) to detect a specific copy of software. We give experimental results that show our scheme is robust. That is, we can identify the original software even after it has been extensively modified, as might occur as part of an attack on the watermarking scheme

Metamorphic Code Generation from LLVM IR Bytecode

Metamorphic software changes its internal structure across generations with its functionality remaining unchanged. Metamorphism has been employed by malware writers as a means of evading signature detection and other advanced detection strate- gies. However, code morphing also has potential security benefits, since it increases the “genetic diversity” of software. In this research, we have created a metamorphic code generator within the LLVM compiler framework. LLVM is a three-phase compiler that supports multiple source languages and target architectures. It uses a common intermediate representation (IR) bytecode in its optimizer. Consequently, any supported high-level programming language can be transformed to this IR bytecode as part of the LLVM compila- tion process. Our metamorphic generator functions at the IR bytecode level, which provides many advantages over previously developed metamorphic generators. The morphing techniques that we employ include dead code insertion—where the dead code is actually executed within the morphed code—and subroutine permutation. We have tested the effectiveness of our code morphing using hidden Markov model analysis

Malware Detection Using Dynamic Analysis

In this research, we explore the field of dynamic analysis which has shown promis- ing results in the field of malware detection. Here, we extract dynamic software birth- marks during malware execution and apply machine learning based detection tech- niques to the resulting feature set. Specifically, we consider Hidden Markov Models and Profile Hidden Markov Models. To determine the effectiveness of this dynamic analysis approach, we compare our detection results to the results obtained by using static analysis. We show that in some cases, significantly stronger results can be obtained using our dynamic approach

Hunting for Pirated Software Using Metamorphic Analysis

In this paper, we consider the problem of detecting software that has been pirated and modified. We analyze a variety of detection techniques that have been previously studied in the context of malware detection. For each technique, we empirically determine the detection rate as a function of the degree of modification of the original code. We show that the code must be greatly modified before we fail to reliably distinguish it, and we show that our results offer a significant improvement over previous related work. Our approach can be applied retroactively to any existing software and hence, it is both practical and effective

Continuous Wavelet Transform and Hidden Markov Model Based Target Detection

Standard tracking filters perform target detection process by comparing the sensor output signal with a predefined threshold. However, selecting the detection threshold is of great importance and a wrongly selected threshold causes two major problems. The first problem occurs when the selected threshold is too low which results in increased false alarm rate. The second problem arises when the selected threshold is too high resulting in missed detection. Track-before-detect (TBD) techniques eliminate the need for a detection threshold and provide detecting and tracking targets with lower signal-to-noise ratios than standard methods. Although TBD techniques eliminate the need for detection threshold at sensor’s signal processing stage, they often use tuning thresholds at the output of the filtering stage. This paper presents a Continuous Wavelet Transform (CWT) and Hidden Markov Model (HMM) based target detection method for employing with TBD techniques which does not employ any thresholding

Software Piracy Root Detection Framework Using SVM Based On Watermarking

Software root piracy detection is tool to use for detect the owner of java software project or unauthorized copy of jar file. Existing system content the licensing mechanism for protecting our software from piracy but by skipping license or cracking that key piracy is done. The proposed system java based piracy detection software tool to overcome from this problem of piracy and find the offender. Proposed system use ‘Watermarking’ is a technique which attempts to protect the software by adding copyright notices or unique identifiers into software to prove ownership. We evaluate the existing Java watermarking systems and algorithms by using them to watermark byte code files. We develop the piracy root detection mechanism in this system. The advantage of this technique is that software watermarking is handled as the knowledge embedded into support vector machine and is closely associated with the program logic. It makes watermark more impossible to be destroyed and removed. We have to apply the watermarking content to the jar files of java software in this system the invisible watermarking is use. The results of the experiment further indicate that the proposed technique is a lightweight and effective software watermarking scheme

A survey on security analysis of machine learning-oriented hardware and software intellectual property

Intellectual Property (IP) includes ideas, innovations, methodologies, works of authorship (viz., literary and artistic works), emblems, brands, images, etc. This property is intangible since it is pertinent to the human intellect. Therefore, IP entities are indisputably vulnerable to infringements and modifications without the owner’s consent. IP protection regulations have been deployed and are still in practice, including patents, copyrights, contracts, trademarks, trade secrets, etc., to address these challenges. Unfortunately, these protections are insufficient to keep IP entities from being changed or stolen without permission. As for this, some IPs require hardware IP protection mechanisms, and others require software IP protection techniques. To secure these IPs, researchers have explored the domain of Intellectual Property Protection (IPP) using different approaches. In this paper, we discuss the existing IP rights and concurrent breakthroughs in the field of IPP research; provide discussions on hardware IP and software IP attacks and defense techniques; summarize different applications of IP protection; and lastly, identify the challenges and future research prospects in hardware and software IP security

Hidden Markov Models for Malware Classification

Malware is a software which is developed for malicious intent. Malware is a rapidly evolving threat to the computing community. Although many techniques for malware classification have been proposed, there is still the lack of a comprehensible and useful taxonomy to classify malware samples. Previous research has shown that hidden Markov model (HMM) analysis is useful for detecting certain types of malware. In this research, we consider the related problem of malware classification based on HMMs. We train HMMs for a variety of malware generators and a variety of compilers. More than 9000 malware samples are then scored against each of these models and the malware samples are separated into clusters based on the resulting scores. We analyze the clusters and show that they correspond to certain characteristics of malware. These results indicate that HMMs are an effective tool for the challenging task of automatically classifying malware