Experiments with automatic software piracy detection utilising machine-learning classifiers for micro-signatures

Software piracy has been known as unauthorised reconstruction or illegal redistribution of a licenced software. Detecting pirated from base software is a major concern since pirated software can lead to significant financial losses as well as serious security vulnerabilities. To detect software piracy, we have recently proposed Metamorphic Analysis for Automatic Software Piracy Detection (MetaSPD) with a proof-of-concept evaluation. The core idea of MetaSPD was inspired from metamorphic malware detection due to its similarity of software piracy detection. MetaSPD works primarily based on mining the opcode graph of the base software to extract micro-signatures. Then, it leverages a classifier model to decide whether a given suspicious file is a pirated version of the base software. This paper extends our prior work in several respects. First, we present a retrospective appraisal of the main literature aiming at laying bare the status quo of software piracy detection and arguments on the current problems of the field to motivate our work. We then elaborate on MetaSPD itself and the constituent components. We provide two extensive experiments to evident the effectiveness of MetaSPD. The experiments have been carried out on two different datasets. Each dataset comprises 1300 morphed variants of the respective base software that act as pirated versions of that software. We conducted our experiments using three different classifiers. The paper is also enriched with a detailed discussion of the different properties and concerns of MetaSPD. The results corroborate that an attacker, who is using a pirated version of the given software, can hardly hide illegal usage of the software even by applying superabundant obfuscations to the code.