{"id":"https://openalex.org/W2063170733","doi":"https://doi.org/10.1145/2480362.2480666","title":"Measuring similarity of windows applications using static and dynamic birthmarks","display_name":"Measuring similarity of windows applications using static and dynamic birthmarks","publication_year":2013,"publication_date":"2013-03-18","ids":{"openalex":"https://openalex.org/W2063170733","doi":"https://doi.org/10.1145/2480362.2480666","mag":"2063170733"},"language":"en","primary_location":{"id":"doi:10.1145/2480362.2480666","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2480362.2480666","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th Annual ACM Symposium on Applied Computing","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100393157","display_name":"Dong-Jin Kim","orcid":"https://orcid.org/0000-0001-7231-7494"},"institutions":[{"id":"https://openalex.org/I89015989","display_name":"Dankook University","ror":"https://ror.org/058pdbn81","country_code":"KR","type":"education","lineage":["https://openalex.org/I89015989"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Dongjin Kim","raw_affiliation_strings":["Dankook University, Yongin, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Dankook University, Yongin, Korea","institution_ids":["https://openalex.org/I89015989"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024160126","display_name":"Yongman Han","orcid":null},"institutions":[{"id":"https://openalex.org/I89015989","display_name":"Dankook University","ror":"https://ror.org/058pdbn81","country_code":"KR","type":"education","lineage":["https://openalex.org/I89015989"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Yongman Han","raw_affiliation_strings":["Dankook University, Yongin, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Dankook University, Yongin, Korea","institution_ids":["https://openalex.org/I89015989"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064210973","display_name":"Seong-je Cho","orcid":"https://orcid.org/0000-0001-9917-0429"},"institutions":[{"id":"https://openalex.org/I89015989","display_name":"Dankook University","ror":"https://ror.org/058pdbn81","country_code":"KR","type":"education","lineage":["https://openalex.org/I89015989"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Seong-je Cho","raw_affiliation_strings":["Dankook University, Yongin, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Dankook University, Yongin, Korea","institution_ids":["https://openalex.org/I89015989"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5110795831","display_name":"Hae-Young Yoo","orcid":null},"institutions":[{"id":"https://openalex.org/I89015989","display_name":"Dankook University","ror":"https://ror.org/058pdbn81","country_code":"KR","type":"education","lineage":["https://openalex.org/I89015989"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Haeyoung Yoo","raw_affiliation_strings":["Dankook University, Yongin, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Dankook University, Yongin, Korea","institution_ids":["https://openalex.org/I89015989"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091253600","display_name":"Jinwoon Woo","orcid":null},"institutions":[{"id":"https://openalex.org/I89015989","display_name":"Dankook University","ror":"https://ror.org/058pdbn81","country_code":"KR","type":"education","lineage":["https://openalex.org/I89015989"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jinwoon Woo","raw_affiliation_strings":["Dankook University, Yongin, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Dankook University, Yongin, Korea","institution_ids":["https://openalex.org/I89015989"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058005616","display_name":"Yunmook Nah","orcid":null},"institutions":[{"id":"https://openalex.org/I89015989","display_name":"Dankook University","ror":"https://ror.org/058pdbn81","country_code":"KR","type":"education","lineage":["https://openalex.org/I89015989"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Yunmook Nah","raw_affiliation_strings":["Dankook University, Yongin, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Dankook University, Yongin, Korea","institution_ids":["https://openalex.org/I89015989"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101428284","display_name":"Minkyu Park","orcid":"https://orcid.org/0000-0002-1426-1944"},"institutions":[{"id":"https://openalex.org/I24062138","display_name":"Konkuk University","ror":"https://ror.org/025h1m602","country_code":"KR","type":"education","lineage":["https://openalex.org/I24062138"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Minkyu Park","raw_affiliation_strings":["Konkuk University, Chungbuk, Korea"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Konkuk University, Chungbuk, Korea","institution_ids":["https://openalex.org/I24062138"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5102840118","display_name":"Lawrence Chung","orcid":"https://orcid.org/0000-0003-3269-4097"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Lawrence Chung","raw_affiliation_strings":["University of Texas at Dallas, Texas"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Texas at Dallas, Texas","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":4.1809,"has_fulltext":false,"cited_by_count":8,"citation_normalized_percentile":{"value":0.94373535,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1628","last_page":"1633"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11986","display_name":"Scientific Computing and Data Management","score":0.9957000017166138,"subfield":{"id":"https://openalex.org/subfields/1802","display_name":"Information Systems and Management"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9955999851226807,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/birthmark","display_name":"Birthmark","score":0.8856524229049683},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8544607162475586},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.8043831586837769},{"id":"https://openalex.org/keywords/microsoft-windows","display_name":"Microsoft Windows","score":0.5994869470596313},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.5641891956329346},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.5391246676445007},{"id":"https://openalex.org/keywords/windows-vista","display_name":"Windows Vista","score":0.518856406211853},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.48657238483428955},{"id":"https://openalex.org/keywords/optimizing-compiler","display_name":"Optimizing compiler","score":0.44928693771362305},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.41943103075027466},{"id":"https://openalex.org/keywords/profiling","display_name":"Profiling (computer programming)","score":0.4167560935020447},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.39245712757110596}],"concepts":[{"id":"https://openalex.org/C2776826570","wikidata":"https://www.wikidata.org/wiki/Q3513591","display_name":"Birthmark","level":2,"score":0.8856524229049683},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8544607162475586},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.8043831586837769},{"id":"https://openalex.org/C508378895","wikidata":"https://www.wikidata.org/wiki/Q1406","display_name":"Microsoft Windows","level":3,"score":0.5994869470596313},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.5641891956329346},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.5391246676445007},{"id":"https://openalex.org/C527868296","wikidata":"https://www.wikidata.org/wiki/Q11230","display_name":"Windows Vista","level":4,"score":0.518856406211853},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.48657238483428955},{"id":"https://openalex.org/C190902152","wikidata":"https://www.wikidata.org/wiki/Q1325106","display_name":"Optimizing compiler","level":3,"score":0.44928693771362305},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.41943103075027466},{"id":"https://openalex.org/C187191949","wikidata":"https://www.wikidata.org/wiki/Q1138496","display_name":"Profiling (computer programming)","level":2,"score":0.4167560935020447},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.39245712757110596},{"id":"https://openalex.org/C54355233","wikidata":"https://www.wikidata.org/wiki/Q7162","display_name":"Genetics","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2480362.2480666","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2480362.2480666","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 28th Annual ACM Symposium on Applied Computing","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.49000000953674316,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320322349","display_name":"Ministry of Education, Science and Technology","ror":"https://ror.org/01p262204"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W64563084","https://openalex.org/W150085617","https://openalex.org/W1500616534","https://openalex.org/W1556771786","https://openalex.org/W1863385414","https://openalex.org/W1995739251","https://openalex.org/W2020125353","https://openalex.org/W2040546864","https://openalex.org/W2102395873","https://openalex.org/W2111295912","https://openalex.org/W2114353347","https://openalex.org/W2117583561","https://openalex.org/W2150180300","https://openalex.org/W2161443453","https://openalex.org/W2397389693"],"related_works":["https://openalex.org/W2462491885","https://openalex.org/W4256444941","https://openalex.org/W2019854082","https://openalex.org/W2339609355","https://openalex.org/W26165096","https://openalex.org/W2495294848","https://openalex.org/W2482084385","https://openalex.org/W2281065640","https://openalex.org/W2490113473","https://openalex.org/W232475811"],"abstract_inverted_index":{"A":[0,42,129,152],"software":[1,26,44],"birthmark":[2,27,45,131,154],"is":[3,34,46,155],"unique,":[4],"as":[5,91,93,111,254],"certain":[6],"native":[7],"characteristics":[8],"of":[9,72,88,96,133,139,158,175,182,190],"a":[10,24,64,112,140,168,212],"program,":[11,142],"hence":[12],"can":[13,144,164,246],"be":[14,145,165],"used":[15],"to":[16,37,48,68,124],"measure":[17,69,248],"the":[18,55,70,86,94,117,134,149,156,173,176,180,183,195,202,223,230,236,249],"similarity":[19,71,224,250],"between":[20,114,225,251],"programs.":[21],"In":[22,59],"general,":[23],"static":[25,78,130,196],"does":[28],"not":[29],"need":[30],"program":[31,57],"execution,":[32],"but":[33,51],"more":[35],"vulnerable":[36],"attacks":[38],"by":[39,147,167,211],"semantic-preserving":[40],"transformations.":[41],"dynamic":[43,80,153,198],"applicable":[47],"packed":[49,206],"executables,":[50],"cannot":[52],"cover":[53],"all":[54],"possible":[56],"paths.":[58],"this":[60],"paper,":[61],"we":[62,186,204],"propose":[63],"novel":[65],"effective":[66],"technique":[67],"Microsoft":[73],"Windows":[74,106,191,227,252],"applications":[75,115,192,228],"using":[76,193],"both":[77,194],"and":[79,109,116,126,197,234],"birthmarks,":[81],"which":[82,143,163],"are":[83,103,122],"based":[84],"on":[85],"list":[87],"system":[89,97,101,107,135,159],"APIs":[90,102],"well":[92],"frequency":[95,138,157],"API":[98,136,160],"calls.":[99],"Because":[100],"located":[104],"in":[105],"directories":[108],"act":[110],"bridge":[113],"operating":[118],"system,":[119],"our":[120,244],"birthmarks":[121,245],"resilient":[123],"obfuscations":[125],"compiler":[127],"optimizations.":[128],"consists":[132],"call":[137],"target":[141,226],"extracted":[146,166],"scanning":[148],"executable":[150],"file.":[151],"function":[161],"calls,":[162],"binary":[169,213],"instrumentation":[170],"tool":[171],"during":[172],"execution":[174],"program.":[177],"To":[178,200],"evaluate":[179],"effectiveness":[181],"proposed":[184],"technique,":[185],"compare":[187,205],"various":[188],"types":[189],"birthmarks.":[199],"demonstrate":[201],"robustness,":[203],"executables":[207],"that":[208,243],"were":[209],"compressed":[210],"packing":[214],"tool.":[215],"We":[216],"carry":[217],"out":[218],"additional":[219],"experiments":[220],"for":[221],"measuring":[222],"at":[229],"source":[231],"code":[232],"level":[233],"verify":[235],"evaluation":[237],"results.":[238],"The":[239],"experimental":[240],"results":[241],"show":[242],"effectively":[247],"applications,":[253],"intended.":[255]},"counts_by_year":[{"year":2023,"cited_by_count":1},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":2},{"year":2014,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}