Replacement attacks: Automatically evading behavior-based software birthmark

Zhi Xin, Huiyu Chen, Xinche Wang, Peng Liu, Sencun Zhu, Bing Mao, Li Xie

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


Software birthmarks utilize certain specific program characteristics to validate the origin of software, so it can be applied to detect software piracy. One state-of-the-art technology on software birthmark adopts dynamic system call dependence graphs as the unique signature of a program, which cannot be cluttered by existing obfuscation techniques and is also immune to the no-ops system call insertion attack. In this paper, we analyze its weaknesses and construct replacement attacks with the help of semantics equivalent system calls to unlock the high frequency dependencies between the system calls in the victim's original system call dependence graph. Our results show that the proposed replacement attacks can destroy the original birthmark successfully.

Original languageEnglish (US)
Pages (from-to)293-304
Number of pages12
JournalInternational Journal of Information Security
Issue number5
StatePublished - Oct 2012

All Science Journal Classification (ASJC) codes

  • Software
  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'Replacement attacks: Automatically evading behavior-based software birthmark'. Together they form a unique fingerprint.

Cite this