Go to DBLP homepageA Software Birthmark Based on Dynamic Opcode n-gram
Abstract: A kind of dynamic opcode n-gram software birthmark is proposed in this paper based on Myles' software birthmark (in which static opcode n-gram set is regarded as the software birthmark). The dynamic opcode n-gram set is regarded as the software birthmark which is extracted from the dynamic executable instruction sequence of the program. And the new birthmark can not only keep the advantages of feature n-gram set based on static opcode, but also possesses high robustness to code compression, encryption, packing. The algorithm which is to evaluate the similarity of the birthmarks of two programs is improved employing the theory of Probability and Statistic. As a result, the time complexity of the improved algorithm decreases to 0(n) from O(n2), while the space complexity keeps unchanged. Finally, the validity of the scheme is proved by experiments.
Loading