부산대학교 도서관

Analysing software similarity is actively utilized for various purposes such as plagiarism detection, malware classification and software refactoring. In this study, we observe that the runtime behavior of stack, which manipulates arguments and local variables during function calls, is one of the viable indicators to identify similar software and to detect plagiarized programs. This observation drives us to design a novel software similarity analysis scheme that has the following two strong points. First, it examines the stack usage patterns collected during the execution of binary codes, without requiring source codes. Therefore, it can be used for the software theft trial case where involved companies or individuals are not willing to uncover their source codes. Second, the stack usage patterns are invulnerable to syntactic alterations such as renaming, statements reordering and control flow restructuring. The proposed scheme provides four functionalities; trace collection, dynamic call sequence graph generation, stack usage pattern refinement, and similarity comparison. Real implementation based experimental results show that our proposal identifies similar software appropriately, reporting similarity scores comparable to MOSS (Measure Of Software Similarity). In addition, it has a capability to discover whether binaries use the same core logics.