摘要:The software birthmarking technique has traditionally been studies in fields such as software piracy, code theft, and copyright infringement. In this paper, we propose a static software birthmark technique that is combined by the structure–based and API–based. Our proposed software birthmark technique is based on procedures that contain the call sequence, including the interprocedural and APIs in the distributed softwares with native code. The procedure birthmark is translated to the ordered tree by call-chain of interprocedural analysis. Finally, the software birthmark generates a list of pq-gram with the ordered trees translated from each procedure. Our experiment performed with variant malwares. These malware are shown that can be distinguished from one another in our method.
