Article
Hidden Markov Models for Software Piracy Detection
Information Security Journal: A Global Perspective
(2013)
Abstract
In this paper, we analyze a method for detecting software piracy. A metamorphic generator is used to create morphed copies of a base piece of software. A hidden Markov model is trained on the opcode sequences extracted from these morphed copies and the resulting trained model is used to score suspect software to determine its similarity to the base software. A high score indicates that the suspect software may be a modified version of the base software, suggesting that further investigation is warranted. In contrast, a low score indicates that the suspect software differs significantly from the base software. We show that our approach is robust, in the sense that the base software must be extensively modified before it is not detected.
Keywords
- Hidden Markov models,
- Piracy,
- software,
- metamorphic,
- malware
Disciplines
Publication Date
2013
Publisher Statement
SJSU users: use the following link to login and access the article via SJSU databases
Citation Information
Shabana Kazi and Mark Stamp. "Hidden Markov Models for Software Piracy Detection" Information Security Journal: A Global Perspective Vol. 22 Iss. 3 (2013) Available at: http://works.bepress.com/mark_stamp/17/