Publication Type
Journal Article
Version
publishedVersion
Publication Date
10-2016
Abstract
Dynamic software fingerprinting has been an important tool in fighting against software theft and pirating by embedding unique fingerprints into software copies. However, existing work uses methods from dynamic software watermarking as direct solutions in which secret marks are inside rather independent code modules attached to the software. This results in an intrinsic weakness against targeted collusive attacks since differences among software copies correspond directly to the fingerprint-related components. In this paper, we suggest a novel mode of dynamic fingerprinting called integrated fingerprinting, of which the goal is to ensure all fingerprinted software copies possess identical behaviors at semantic level. We then provide the first implementation of integrated fingerprinting called Neuroprint on top of a control flow obfuscator that replaces program's conditional structures with neural networks trained to simulate their branching behaviors [1]. Leveraging the rich entropy in the outputs of these neural networks, Neuroprint embeds software fingerprints such that a one-time construction of the networks serves both purposes of obfuscation and fingerprinting. Evaluations show that due to the incomprehensibility of neural networks, it is infeasible to de-obfuscate the software transformed by Neuroprint or attack the fingerprint using even the latest program analysis techniques. Revealing information regarding the hidden fingerprints via collusive attacks on Neuroprint is difficult as well. Finally, Neuroprint also demonstrates negligible runtime overhead.
Keywords
Software fingerprinting, code obfuscation, neural network
Discipline
Information Security | Software Engineering
Research Areas
Cybersecurity
Publication
IEEE Transactions on Information Forensics and Security
Volume
11
Issue
10
First Page
2322
Last Page
2337
ISSN
1556-6013
Identifier
10.1109/TIFS.2016.2555287
Publisher
Institute of Electrical and Electronics Engineers (IEEE)
Citation
MA, Haoyu; LI, Ruiqi; YU, Xiaoxu; JIA, Chunfu; and GAO, Debin.
Integrated software fingerprinting via neural-network-based control flow obfuscation. (2016). IEEE Transactions on Information Forensics and Security. 11, (10), 2322-2337.
Available at: https://ink.library.smu.edu.sg/sis_research/3180
Copyright Owner and License
Authors
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
http://doi.org/10.1109/TIFS.2016.2555287