Abstract

This paper proposes dynamic software birthmarks which can be extracted during execution of Windows applications. Birthmarks are unique and native characteristics of software. For a pair of software p and q, if q has the same birthmarks as p’s, q is suspected as a copy of p. Our security analysis showed that the proposed birthmark has good tolerance against various kinds of program transformation attacks.