Integrated software fingerprinting via neural-network-based control flow obfuscation

Author

Haoyu MA, Nankai University
Ruiqi LI, Nankai University
Xiaoxu YU, Nankai University
Chunfu JIA, Nankai University
Debin GAO, Singapore Management UniversityFollow

Publication Type

Journal Article

Version

publishedVersion

Publication Date

10-2016

Abstract

Dynamic software fingerprinting has been an important tool in fighting against software theft and pirating by embedding unique fingerprints into software copies. However, existing work uses methods from dynamic software watermarking as direct solutions in which secret marks are inside rather independent code modules attached to the software. This results in an intrinsic weakness against targeted collusive attacks since differences among software copies correspond directly to the fingerprint-related components. In this paper, we suggest a novel mode of dynamic fingerprinting called integrated fingerprinting, of which the goal is to ensure all fingerprinted software copies possess identical behaviors at semantic level. We then provide the first implementation of integrated fingerprinting called Neuroprint on top of a control flow obfuscator that replaces program's conditional structures with neural networks trained to simulate their branching behaviors [1]. Leveraging the rich entropy in the outputs of these neural networks, Neuroprint embeds software fingerprints such that a one-time construction of the networks serves both purposes of obfuscation and fingerprinting. Evaluations show that due to the incomprehensibility of neural networks, it is infeasible to de-obfuscate the software transformed by Neuroprint or attack the fingerprint using even the latest program analysis techniques. Revealing information regarding the hidden fingerprints via collusive attacks on Neuroprint is difficult as well. Finally, Neuroprint also demonstrates negligible runtime overhead.

Keywords

Software fingerprinting, code obfuscation, neural network

Discipline

Information Security | Software Engineering

Research Areas

Cybersecurity

Publication

IEEE Transactions on Information Forensics and Security

Volume

11

Issue

10

First Page

2322

Last Page

2337

ISSN

1556-6013

Identifier

10.1109/TIFS.2016.2555287

Publisher

Institute of Electrical and Electronics Engineers (IEEE)

Citation

MA, Haoyu; LI, Ruiqi; YU, Xiaoxu; JIA, Chunfu; and GAO, Debin. Integrated software fingerprinting via neural-network-based control flow obfuscation. (2016). IEEE Transactions on Information Forensics and Security. 11, (10), 2322-2337.
Available at: https://ink.library.smu.edu.sg/sis_research/3180

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

http://doi.org/10.1109/TIFS.2016.2555287