{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,19]],"date-time":"2025-03-19T16:32:42Z","timestamp":1742401962955},"publisher-location":"Berlin, Heidelberg","reference-count":43,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540317784"},{"type":"electronic","value":"9783540317791"}],"license":[{"start":{"date-parts":[[2006,1,1]],"date-time":"2006-01-01T00:00:00Z","timestamp":1136073600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11663812_15","type":"book-chapter","created":{"date-parts":[[2006,1,20]],"date-time":"2006-01-20T12:57:08Z","timestamp":1137761828000},"page":"284-308","source":"Crossref","is-referenced-by-count":36,"title":["A Fast Static Analysis Approach to Detect Exploit Code Inside Network Flows"],"prefix":"10.1007","author":[{"given":"Ramkumar","family":"Chinchani","sequence":"first","affiliation":[]},{"given":"Eric","family":"van den Berg","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"15_CR1","unstructured":"F-secure virus descriptions: Santy, http:\/\/www.fsecure.com\/v-descs\/santy_ashtml"},{"key":"15_CR2","unstructured":"IA-32 Intel Architecture Software Developer\u2019s Manual"},{"key":"15_CR3","unstructured":"Metasploit Project, http:\/\/www.metasploit.com\/"},{"key":"15_CR4","unstructured":"Slammer\/Sapphire Code Disassembly, http:\/\/www.immunitysec.com\/downloads\/disassembly.txt"},{"key":"15_CR5","unstructured":"The Twenty Most Critical Internet Security Vulnerabilities (Updated) The Experts Consensus, http:\/\/files.sans.org\/top20.pdf"},{"key":"15_CR6","unstructured":"VX heavens, http:\/\/vx.netlux.org"},{"key":"15_CR7","unstructured":"Tool Interface Standard (TIS), Executable and Linking Format (ELF) Specification, Version 1.2 (1995)"},{"key":"15_CR8","unstructured":"Microsoft Portable Executable and Common Object File Format Specification, Revision 6.0 (1999), http:\/\/www.microsoft.com\/whdc\/system\/platform\/firmware\/PECOFF.mspx"},{"issue":"7","key":"15_CR9","doi-asserted-by":"publisher","first-page":"811","DOI":"10.1002\/spe.4380250706","volume":"25","author":"C. Cifuentes","year":"1995","unstructured":"Cifuentes, C., Gough, K.: Decompilation of Binary Programs. Software Practice & Experience\u00a025(7), 811\u2013829 (1995)","journal-title":"Software Practice & Experience"},{"key":"15_CR10","unstructured":"Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 12th USENIX Security Symposium (Security 2003), August 2003, pp. 169\u2013186. USENIX Association (2003)"},{"key":"15_CR11","unstructured":"Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 12th USENIX Security Symposium, Security 2003 (2003)"},{"issue":"3","key":"15_CR12","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1109\/2.825697","volume":"33","author":"C. Cifuentes","year":"2000","unstructured":"Cifuentes, C., Emmerik, M.V.: UQBT: Adaptable binary translation at low cost. Computer\u00a033(3), 60\u201366 (2000)","journal-title":"Computer"},{"key":"15_CR13","unstructured":"Cowan, C., Pu, C., Maier, D., Hinton, H., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In: 7th USENIX Security Symposium, San Antonio, TX (January 1998)"},{"key":"15_CR14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/S0065-2458(08)60641-5","volume":"43","author":"D.W. Binkley","year":"1996","unstructured":"Binkley, D.W., Gallagher, K.B.: Program Slicing. Advances in Computers\u00a043, 1\u201350 (1996)","journal-title":"Advances in Computers"},{"key":"15_CR15","unstructured":"Feng, H.H., Giffin, J.T., Huang, Y., Jha, S., Lee, W., Miller, B.P.: Formalizing sensitivity in static analysis for intrusion detection. In: IEEE Symposium on Security and Privacy, p. 194 (2004)"},{"key":"15_CR16","unstructured":"Hittel, S.: Detection of jump-based ids-evasive noop sleds using snort (May 2002), http:\/\/aris.securityfocus.com\/rules\/020527-Analysis-Jump-NOOP.pdf"},{"issue":"3","key":"15_CR17","doi-asserted-by":"publisher","first-page":"345","DOI":"10.1145\/65979.65980","volume":"11","author":"S. Horwitz","year":"1989","unstructured":"Horwitz, S., Prins, J., Reps, T.: Integrating noninterfering versions of programs. ACM Trans. Program. Lang. Syst.\u00a011(3), 345\u2013387 (1989)","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"15_CR18","unstructured":"Jones, R., Kelly, P.: Bounds Checking for C, http:\/\/www-ala.doc.ic.ac.uk\/phjk\/BoundsChecking.html"},{"key":"15_CR19","unstructured":"Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: IEEE Symposium on Security and Privacy (May 2004)"},{"issue":"3","key":"15_CR20","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1016\/0164-1212(94)00099-9","volume":"31","author":"M. Kamkar","year":"1995","unstructured":"Kamkar, M.: An overview and comparative classification of program slicing techniques. J. Syst. Softw.\u00a031(3), 197\u2013214 (1995)","journal-title":"J. Syst. Softw."},{"key":"15_CR21","unstructured":"Kim, H.-A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of the 13th USENIX Security Symposium, Security 2004 (2004)"},{"key":"15_CR22","unstructured":"Kolesnikov, O., Dagon, D., Lee, W.: Advanced polymorphic worms: Evading ids by blending in with normal traffic. Technical Report GIT-CC-04-15, College of Computing, Georgia Institute of Technology (2004)"},{"issue":"1","key":"15_CR23","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MSECP.2004.1264861","volume":"2","author":"N. Krawetz","year":"2004","unstructured":"Krawetz, N.: The Honeynet files: Anti-honeypot technology. IEEE Security and Privacy\u00a02(1), 76\u201379 (2004)","journal-title":"IEEE Security and Privacy"},{"key":"15_CR24","unstructured":"Kruegel, C., Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: Proceedings of the 13th USENIX Security 2004, Security 2004 (2004)"},{"issue":"4","key":"15_CR25","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1145\/161494.161501","volume":"1","author":"W. Landi","year":"1992","unstructured":"Landi, W.: Undecidability of Static Analysis. ACM Letters on Programming Languages and Systems\u00a01(4), 323\u2013337 (1992)","journal-title":"ACM Letters on Programming Languages and Systems"},{"key":"15_CR26","doi-asserted-by":"crossref","unstructured":"Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static analysis. In: 10th ACM Conference of Computer and Communications Security, CCS (2003)","DOI":"10.1145\/948109.948149"},{"key":"15_CR27","unstructured":"LURHQ Threat Intelligence Group. Phatbot trojan analysis, http:\/\/www.lurhq.com\/phatbot.html"},{"key":"15_CR28","unstructured":"Weiser, M.: Program Slicing: Formal, Psychological and Practical Investigations of an Automatic Program Abstraction Method. PhD thesis, The University of Michigan, Ann Arbor, Michigan (1979)"},{"issue":"4","key":"15_CR29","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1109\/MSECP.2003.1219056","volume":"1","author":"D. Moore","year":"2003","unstructured":"Moore, D., Paxson, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the slammer worm. IEEE Security and Privacy\u00a01(4), 33\u201339 (2003)","journal-title":"IEEE Security and Privacy"},{"issue":"5","key":"15_CR30","doi-asserted-by":"publisher","first-page":"177","DOI":"10.1145\/390011.808263","volume":"19","author":"K.J. Ottenstein","year":"1984","unstructured":"Ottenstein, K.J., Ottenstein, L.M.: The program dependence graph in a software development environment. SIGPLAN Not.\u00a019(5), 177\u2013184 (1984)","journal-title":"SIGPLAN Not."},{"key":"15_CR31","unstructured":"Pasupulati, A., Coit, J., Levitt, K., Wu, S., Li, S., Kuo, R., Fan, K.: Buttercup: On network-based detection of polymorphic buffer overflow vulnerabilities. In: 9th IEEE\/IFIP Network Operation and Management Symposium (NOMS 2004), May 2004, Seoul, S. Korea (2004) (to appear)"},{"issue":"5","key":"15_CR32","doi-asserted-by":"publisher","first-page":"1467","DOI":"10.1145\/186025.186041","volume":"16","author":"G. Ramalingam","year":"1994","unstructured":"Ramalingam, G.: The Undecidability of Aliasing. ACM Transactions on Programming Languages and Systems\u00a016(5), 1467\u20131471 (1994)","journal-title":"ACM Transactions on Programming Languages and Systems"},{"key":"15_CR33","unstructured":"Staniford, S., Paxson, V., Weaver, N.: How to own the internet in your spare time (2002)"},{"key":"15_CR34","unstructured":"Tip, F.: A survey of program slicing techniques. Technical Report CS-R9438, CWI (Centre for Mathematics and Computer Science), Amsterdam, The Netherlands (1994)"},{"key":"15_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1007\/3-540-36084-0_15","volume-title":"Recent Advances in Intrusion Detection","author":"T. Toth","year":"2002","unstructured":"Toth, T., Kr\u00fcgel, C.: Accurate buffer overflow detection via abstract payload execution. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, pp. 274\u2013291. Springer, Heidelberg (2002)"},{"key":"15_CR36","doi-asserted-by":"crossref","unstructured":"Twycross, J., Williamson, M.M.: Implementing and testing a virus throttle. In: Proceedings of the 12th Usenix Security Symposium, Security 2003 (2003)","DOI":"10.1109\/CSAC.2003.1254312"},{"key":"15_CR37","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1109\/SECPRI.2001.924296","volume-title":"SP 2001: Proceedings of the IEEE Symposium on Security and Privacy","author":"D. Wagner","year":"2001","unstructured":"Wagner, D., Dean, D.: Intrusion detection via static analysis. In: SP 2001: Proceedings of the IEEE Symposium on Security and Privacy, p. 156. IEEE Computer Society, Los Alamitos (2001)"},{"key":"15_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1007\/978-3-540-30143-1_11","volume-title":"Recent Advances in Intrusion Detection","author":"K. Wang","year":"2004","unstructured":"Wang, K., Stolfo, S.J.: Anomalous payload-based network intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 203\u2013222. Springer, Heidelberg (2004)"},{"key":"15_CR39","doi-asserted-by":"crossref","unstructured":"Weaver, N., Paxson, V., Staniford, S., Cunningham, R.: A taxonomy of computer worms. In: First ACM Workshop on Rapid Malcode, WORM (2003)","DOI":"10.1145\/948187.948190"},{"key":"15_CR40","unstructured":"Weaver, N., Staniford, S., Paxson, V.: Very fast containment of scanning worms. In: USENIX Security Symposium, pp. 29\u201344 (2004)"},{"key":"15_CR41","unstructured":"Weaver, N., Staniford, S., Paxson, V.: Very fast containment of scanning worms. In: USENIX Security Symposium, pp. 29\u201344 (2004)"},{"key":"15_CR42","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1145\/948109.948136","volume-title":"CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security","author":"C.C. Zou","year":"2003","unstructured":"Zou, C.C., Gao, L., Gong, W., Towsley, D.: Monitoring and early warning for internet worms. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 190\u2013199. ACM Press, New York (2003)"},{"key":"15_CR43","doi-asserted-by":"publisher","first-page":"138","DOI":"10.1145\/586110.586130","volume-title":"Proceedings of the 9th ACM conference on Computer and communications security","author":"C.C. Zou","year":"2002","unstructured":"Zou, C.C., Gong, W., Towsley, D.: Code red worm propagation modeling and analysis. In: Proceedings of the 9th ACM conference on Computer and communications security, pp. 138\u2013147. ACM Press, New York (2002)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11663812_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,12]],"date-time":"2020-04-12T06:22:58Z","timestamp":1586672578000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11663812_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540317784","9783540317791"],"references-count":43,"URL":"https:\/\/doi.org\/10.1007\/11663812_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2006]]}}}