Focusing on the issue that only one instruction substitution with 5 operators and 13 substitution schemes is supported in Obfuscator Low Level Virtual Machine （OLLVM） at the instruction obfuscation level， an improved instruction obfuscation framework InsObf was proposed. InsObf， including junk code insertion and instruction substitution， was able to enhance the obfuscation effect at the instruction level based on OLLVM. For junk code insertion， firstly， the dependency of the instruction inside the basic block was analyzed， and then two kinds of junk code， multiple jump and bogus loop， were inserted to disrupt the structure of the basic block. For instruction substitution， based on OLLVM， it was expanded to 13 operators， with 52 instruction substitution schemes. The framework prototype was implemented on Low Level Virtual Machine （LLVM）. Experimental results show that compared to OLLVM， InsObf has the cyclomatic complexity and resilience increased by almost four times， with a time cost of about 10 percentage points and a space cost of about 20 percentage points higher. Moreover， InsObf can provide higher code complexity compared to Armariris and Hikari， which are also improved on the basis of OLLVM， at the same order of magnitude of time and space costs. Therefore， InsObf can provide effective protection at the instruction level.

Most of the existing code obfuscation solutions are limited to a specific programming language or a platform， which are not widespread and general. Moreover， control flow obfuscation and data obfuscation introduce additional overhead. Aiming at the above problems， an identifier obfuscation method was proposed based on Low Level Virtual Machine （LLVM）. Four identifier obfuscation algorithms were implemented in the method， including random identifier algorithm， overload induction algorithm， abnormal identifier algorithm， and high-frequency word replacement algorithm. At the same time， a new hybrid obfuscation algorithm was designed by combining these algorithms. In the proposed method， firstly， in the intermediate files compiled by the front-ends， the function names， which met the obfuscation criteria， were selected. Secondly， these function names were processed by using specific obfuscation algorithms. Finally， the obfuscated files were transformed into binary files by using specific compilation back-ends. The identifier obfuscation method based on LLVM is suitable for the languages supported by LLVM and does not affect the normal functions of the program. For different programming languages， the time overhead is within 20% and the space overhead hardly increases. At the same time， the average confusion ratio of the program is 77.5%， and compared with the single replacement algorithm and overload algorithm， the proposed mixed identifier algorithm can provide stronger concealment in theoretical analysis. Experimental results show that the proposed method has the characteristics of low-performance overhead， strong concealment， and wide versatility.