In this paper, we analyze a method for detecting software piracy. A metamorphic generator is used to create morphed copies of a base piece of software. A hidden Markov model is trained on the opcode sequences extracted from these morphed copies and the resulting trained model is used to score suspect software to determine its similarity to the base software. A high score indicates that the suspect software may be a modified version of the base software, suggesting that further investigation is warranted. In contrast, a low score indicates that the suspect software differs significantly from the base software. We show that our approach is robust, in the sense that the base software must be extensively modified before it is not detected.
- Hidden Markov models,
Available at: http://works.bepress.com/mark_stamp/17/