To increase the difficulty of software reverse analysis and improve software security, a software protection method based on monitoring attack threats was proposed. By deploying the threat-monitoring net, a variety of threats in software execution process could be real-time detected and resolved, so that the software is in a relatively safe environment and difficult to be reversely analyzed. There are three main research aspects in this protection scheme:1) Attack threat description. The potential attack threats were analyzed and then they were described with a triple . 2) Deployment of threat-monitoring net. The node base was constructed after analyzing the feature of each threat and designing the corresponding detection methods. The reasonable deployment scheme based on characteristics of nodes was selected, and these nodes were deployed effectively into different places of software. 3) Prototype system implementation and experimental design. According to the idea of this protection scheme, a prototype system was implemented, and a group of test cases was protected with the system to collect the experimental data. The evaluation on the aspects of performance consumption and security was made. The final result shows the proposed method is feasible and effective to protect software.