Replacement attacks on behavior based software birthmark

Zhi Xin, Huiyu Chen, Xinche Wang, Peng Liu, Sencun Zhu, Bing Mao, Li Xie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Scopus citations


Software birthmarks utilize certain specific program characteristics to validate the origin of software, so it can be applied to detect software piracy. One state-of-the-art technology on software birthmark adopts dynamic system call dependence graphs as the unique signature of a program, which cannot be cluttered by existing obfuscation techniques and is also immune to the no-ops system call insertion attack. In this paper, we analyze its weaknesses and construct replacement attacks with the help of semantics-equivalent system calls to unlock the high frequent dependency between the system calls in an original system call dependence graph. Our results show that the proposed replacement attacks can destroy the original birthmark successfully.

Original languageEnglish (US)
Title of host publicationInformation Security - 14th International Conference, ISC 2011, Proceedings
Number of pages16
StatePublished - 2011
Event14th International Conference on Information Security, ISC 2011 - Xi'an, China
Duration: Oct 26 2011Oct 29 2011

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7001 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other14th International Conference on Information Security, ISC 2011

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Replacement attacks on behavior based software birthmark'. Together they form a unique fingerprint.

Cite this