Software watermarking has received considerable attention and was adopted by the software development community as a technique to prevent or discourage software piracy and copyright infringement. A wide range of software watermarking techniques has been proposed among which the graph-based methods that encode watermarks as graph structures. Following up on our recently proposed methods for encoding watermark numbers w as reducible permutation flow-graphs F [π * ] through the use of self-inverting permutations π * , in this paper, we extend the types of flow-graphs available for software watermarking by proposing two different reducible permutation flow-graphs F1[π * ] and F2[π * ] incorporating important properties which are derived from the bitonic subsequences composing the self-inverting permutation π * . We show that a self-inverting permutation π * can be efficiently encoded into either F1[π * ] or F2[π * ] and also efficiently decoded from theses graph structures. The proposed flow-graphs F1[π * ] and F2[π * ] enrich the repository of graphs which can encode the same watermark number w and, thus, enable us to embed multiple copies of the same watermark w into an application program P . Moreover, the enrichment of that repository with new flow-graphs increases our ability to select a graph structure more similar to the structure of a given application program P thereby enhancing the resilience of our codec system to attacks.
In this paper we present a graph-based framework that, utilizing relations between groups of System-calls, detects whether an unknown software sample is malicious or benign, and classifies a malicious software to one of a set of known malware families. In our approach we propose a novel graph representation of dependency graphs by capturing their structural evolution over time constructing sequential graph instances, the so-called Temporal Graphs. The partitions of the temporal evolution of a graph defined by specific time-slots, results to different types of graphs representations based upon the information we capture across the capturing of its evolution. The proposed graph-based framework utilizes the proposed types of temporal graphs computing similarity metrics over various graph characteristics in order to conduct the malware detection and classification procedures. Finally, we evaluate the detection rates and the classification ability of our proposed graph-based framework conducting a series of experiments over a set of known malware samples pre-classified into malware families.
Consider a graph G which belongs to a graph class C. We are interested in connecting a node w∉V(G) to G by a single edge uw where u∈V(G); we call such an edge a tail. As the graph resulting from G after the addition of the tail, denoted G+uw, need not belong to the class C, we want to compute the number of non-edges of G in a minimum C-completion of G+uw, i.e., the minimum number of non-edges (excluding the tail uw) to be added to G+uw so that the resulting graph belongs to C. In this paper, we study this problem for the classes of split, quasi-threshold, threshold and P4-sparse graphs and we present linear-time algorithms by exploiting the structure of split graphs and the tree representation of quasi-threshold, threshold and P4-sparse graphs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.