{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T19:16:34Z","timestamp":1777662994564,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":23,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540360148","type":"print"},{"value":"9783540360179","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006]]},"DOI":"10.1007\/11790754_8","type":"book-chapter","created":{"date-parts":[[2006,11,27]],"date-time":"2006-11-27T13:02:37Z","timestamp":1164632557000},"page":"129-143","source":"Crossref","is-referenced-by-count":133,"title":["Detecting Self-mutating Malware Using Control-Flow Graph Matching"],"prefix":"10.1007","author":[{"given":"Danilo","family":"Bruschi","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lorenzo","family":"Martignoni","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mattia","family":"Monga","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"8_CR1","unstructured":"Boomerang, \n \n http:\/\/boomerang.sourceforge.net"},{"key":"8_CR2","unstructured":"MetaPHOR, \n \n http:\/\/securityresponse.symantec.com\/avcenter\/venc\/data\/w32.simile.html"},{"key":"8_CR3","volume-title":"Compilers: Principles, Techniques and Tools","author":"A.V. Aho","year":"1986","unstructured":"Aho, A.V., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques and Tools. Addison-Wesley, Reading (1986)"},{"key":"8_CR4","unstructured":"C. Associates. Security advisor center glossary, \n \n http:\/\/www3.ca.com\/securityadvisor\/glossary.aspx"},{"key":"8_CR5","volume-title":"Proceedings of the International Symposium of Secure Software Engineering","author":"D. Bruschi","year":"2006","unstructured":"Bruschi, D., Martignoni, L., Monga, M.: Using code normalization for fighting self-mutating malware. In: Proceedings of the International Symposium of Secure Software Engineering, Arlington, VA. IEEE Computer Society, Los Alamitos (2006)"},{"key":"8_CR6","unstructured":"Chess, D.M., White, S.R.: An undetectable computer virus. In: Proceedings of Virus Bulletin Conference (September 2000)"},{"key":"8_CR7","unstructured":"Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of USENIX Security Symposium (August 2003)"},{"key":"8_CR8","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1145\/1007512.1007518","volume-title":"Proceedings of the 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2004)","author":"M. Christodorescu","year":"2004","unstructured":"Christodorescu, M., Jha, S.: Testing malware detectors. In: Proceedings of the 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2004), Boston, MA, USA, pp. 34\u201344. ACM Press, New York (2004)"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy (Oakland 2005), Oakland, CA, USA (May 2005)","DOI":"10.1109\/SP.2005.20"},{"key":"8_CR10","volume-title":"A Short Course on Computer Viruses","author":"F.B. Cohen","year":"1994","unstructured":"Cohen, F.B.: A Short Course on Computer Viruses. Wiley Professional Computing, Chichester (1994)"},{"key":"8_CR11","unstructured":"Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report 148, Department of Computer Science, University of Auckland (July 1997)"},{"issue":"2","key":"8_CR12","doi-asserted-by":"publisher","first-page":"378","DOI":"10.1145\/349214.349233","volume":"22","author":"S.K. Debray","year":"2000","unstructured":"Debray, S.K., Evans, W., Muth, R., Sutter, B.D.: Compiler techniques for code compaction. ACM Trans. Program. Lang. Syst.\u00a022(2), 378\u2013415 (2000)","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"8_CR13","unstructured":"Ferrie, P., Sz\u00f6r, P.: Zmist opportunities. Virus Bullettin (March 2001)"},{"key":"8_CR14","unstructured":"Foggia, P.: The VFLib graph matching library, version 2.0, \n \n http:\/\/amalfi.dis.unina.it\/graph\/db\/vflib-2.0\/"},{"key":"8_CR15","unstructured":"Kapoor, A.: An approach towards disassembly of malicious binaries. Master\u2019s thesis, University of Louisiana at Lafayette (2004)"},{"key":"8_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/11663812_11","volume-title":"Recent Advances in Intrusion Detection","author":"C. Kr\u00fcgel","year":"2006","unstructured":"Kr\u00fcgel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 207\u2013226. Springer, Heidelberg (2006)"},{"key":"8_CR17","unstructured":"Kruegel, C., Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: Proceedings of USENIX Security 2004, San Diego, CA, pp. 255\u2013270 (August 2004)"},{"issue":"11","key":"8_CR18","doi-asserted-by":"publisher","first-page":"955","DOI":"10.1109\/TSE.2005.120","volume":"31","author":"A. Lakhotia","year":"2005","unstructured":"Lakhotia, A., Kumar, E.U., Venable, M.: A method for detecting obfuscated calls in malicious binaries. IEEE Transactions on Software Engineering\u00a031(11), 955\u2013968 (2005)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"8_CR19","doi-asserted-by":"publisher","first-page":"290","DOI":"10.1145\/948109.948149","volume-title":"CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security","author":"C. Linn","year":"2003","unstructured":"Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 290\u2013299. ACM Press, New York (2003)"},{"key":"8_CR20","volume-title":"Advanced compiler design and implementation","author":"S.S. Muchnick","year":"1997","unstructured":"Muchnick, S.S.: Advanced compiler design and implementation. Morgan Kaufmann Publishers Inc., San Francisco (1997)"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Newsome, J., Karp, B., Song, D.X.: Polygraph: Automatically generating signatures for polymorphic worms. In: IEEE Symposium on Security and Privacy, pp. 226\u2013241 (2005)","DOI":"10.1109\/SP.2005.15"},{"key":"8_CR22","unstructured":"Pearce, S.: Viral polymorphism. Sans Institute (2003)"},{"key":"8_CR23","unstructured":"Sz\u00f6r, P., Ferrie, P.: Hunting for metamorphic. In: Proceedings of Virus Bulletin Conference (September 2001)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware & Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11790754_8.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T07:23:15Z","timestamp":1619508195000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11790754_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006]]},"ISBN":["9783540360148","9783540360179"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/11790754_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2006]]}}}