{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,1,14]],"date-time":"2025-01-14T16:40:02Z","timestamp":1736872802928,"version":"3.33.0"},"publisher-location":"Boston, MA","reference-count":37,"publisher":"Springer US","isbn-type":[{"type":"print","value":"9780387327204"},{"type":"electronic","value":"9780387445991"}],"license":[{"start":{"date-parts":[[2007,1,1]],"date-time":"2007-01-01T00:00:00Z","timestamp":1167609600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1007\/978-0-387-44599-1_1","type":"book-chapter","created":{"date-parts":[[2007,3,4]],"date-time":"2007-03-04T15:35:08Z","timestamp":1173022508000},"page":"3-15","source":"Crossref","is-referenced-by-count":3,"title":["Malware Evolution: A Snapshot of Threats and Countermeasures in 2005"],"prefix":"10.1007","author":[{"given":"Brian","family":"Witten","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Carey","family":"Nachenberg","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"1_CR1","unstructured":"AOLINCSA Online Safety Study, Conducted by America Online and the National Cyber Security Alliance, October 2004, http:Nww.staysafeonline.info\/pdf\/safety-study-vO4.pdf"},{"key":"1_CR2","doi-asserted-by":"crossref","unstructured":"G. Balakrishnan, et. al, \u201cModel checking x86 executables with Code-Surferlx86 and WPDS++,\u201d (tool-demonstration paper). In Proc. Computer-Aided Verification, 2005. http:\/\/ww.cs.wisc.edu\/wpis\/papers\/CAVOS-tool-demo.pdf","DOI":"10.1007\/11513988_17"},{"key":"1_CR3","unstructured":"G. Balakrishnan, et. al, \u201cWYSINWYX: What You See Is Not What You execute.\u201d To appear in Proc. IFIP Working Conference on Verified Software: Theories, Tools, Experiments, Zurich, Switzerland, Oct.10-1 3,2005. http:\/\/ww.cs.wisc.eddwpis\/papers\/wysinwyxO5.pdf"},{"key":"1_CR4","unstructured":"D. Bank, \u201cComputer Worm Is Turning Faster,\u201d The Wall Street Journal, May 27,2004."},{"key":"1_CR5","doi-asserted-by":"crossref","unstructured":"C. Cadar and D. Engler, \u201cExecution Generated Test Cases: How to Make Systems Code Crash Itself,\u201d CSTR-2005-04, http:\/\/www.stanford.edd-engler\/cstr-3.25.5.pdf","DOI":"10.1007\/11537328_2"},{"key":"1_CR6","doi-asserted-by":"crossref","unstructured":"M. Costa, et. al, \u201cVigilante: End-to-End Containment of Internet Worms,\u201d ACM SIGOPS Operating Systems Review, Volume 39, Issue 5 (December 2005), http:\/\/research.microsoR.com\/-manuelc\/MS_igilanteSOSP.pdf","DOI":"10.1145\/1095809.1095824"},{"key":"1_CR7","volume-title":"12th ACM Conference on Computer and Communications Security (CCS)","author":"J. Crandall","year":"2005","unstructured":"J. Crandall, et. al, \u201cOn Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits,\u201d 12th ACM Conference on Computer and Communications Security (CCS). Alexandria, Virginia. November 2005, http:\/\/wwwcsif.cs.ucdavis.edu\/-crandall\/ccsdacoda.pdf"},{"key":"1_CR8","unstructured":"J. Evers, \u201cDutch police nab suspected\u2019 bot herders,\u201d CNET, October 7, 2005,3:41 PM PDT"},{"key":"1_CR9","unstructured":"T. Fraser, \u201cAutomatic Discovery of Integrity Constraints in Binary Kernel Modules,\u201d UMIACS TR-2005-02, December 2004, http:\/\/www.missl.cs.umd.edd-tfraser\/TRs\/fraser-copilot-config.pdf"},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"P. Godefroid, et. al, \u201cDART: Directed Automated Random Testing,\u201d to appear in PLDIOS, http:\/\/cm.bell-labs.com\/who\/god\/public_pldi2005.pdf","DOI":"10.1145\/1064978.1065036"},{"key":"1_CR11","unstructured":"W. Halfond and A. Orso, \u201cAMNESIA: Analysis and Monitoring for NEutralizing SQLInjection Attacks,\u201d http:\/\/www.cc.gatech.edu\/grads\/w\/whaKond\/papershalfond.orso.ASE O5.pdf"},{"key":"1_CR12","first-page":"151","volume":"6","author":"S. A. Hofmeyr","year":"1998","unstructured":"S. A. Hofmeyr, et. al, \u201cIntrusion Detection using Sequences of System Calls,\u201d Journal of Computer Security Vol. 6, pp. 151\u2013180 (1998). http:\/\/cs.unm.edu\/-forrest\/publications\/int_decssc.pdf","journal-title":"Intrusion Detection using Sequences of System Calls"},{"key":"1_CR13","unstructured":"M. W. Jon and J. A. Rochlis, \u201cWith Microscope and Tweezers: An Analysis of the Internet Virus of November 1988,\u201d http:\/\/web.rnit.eddeichin\/www\/virus\/main.html"},{"key":"1_CR14","first-page":"178","volume-title":"Proceedings of teh 4th Virus Bulletin International Conference","author":"J. O. Kephart","year":"1994","unstructured":"J. O. Kephart and W. C. Arnold, \u201cAutomatic Extraction of Computer Virus Signatures,\u201cIn Proceedings of teh 4th Virus Bulletin International Conference, R. Ford, ed., Virus Bulletin Ltd., Abingdon, England, 1994, PP. 178\u2013184, http:\/\/www.research.ibm.com\/antivirus\/SciPapers\/Kepha_B94\/vb94.html"},{"key":"1_CR15","unstructured":"C. Kreibich and J. Crowcroft, \u201cHoneycomb: Creating Intrusion Detection Signatures Using Honeypots,\u201d In Proceedings of the USENIXIACM Workshop on Hot Topics in Networking, Nov. 2003. http:\/\/citeseer.ist.psu.edu\/cache\/papers\/cs\/30348\/http:zSzzSznms.lcs.m it.eduzSzHotNets-IIzSzpaperszSzhoneycomb.pdfkeibichO3 honey com b.pdf"},{"key":"1_CR16","doi-asserted-by":"crossref","unstructured":"C. Kruegel, et. al, \u201cDetecting Kernel-Level Rootkits Through Binary Analysis,\u201d Proceedings of the Annual Computer Security Applications Conference (ACSAC) 91\u2013100 Tucson, AZ December 2004, http:\/\/www.cs.ucsb.edu\/-vigna\/publications.html","DOI":"10.1109\/CSAC.2004.19"},{"key":"1_CR17","unstructured":"C. Kruegel, et. al, \u201cAutomating Mimicry Attacks Using Static Binary Analysis,\u201d Proceedings of the USENIX Security Symposium Baltimore, MD August 2005, http:\/\/www.cs.ucsb.edu\/-vigna\/pub\/2005_kmegel_kirda_robe_son_m utz-vigna-USENIX05.pdf"},{"key":"1_CR18","unstructured":"L. Mearian, \u201cSystem break-in nets hackers 8 million credit card numbers,\u201d COMPUTERWORLD, February 24, 2003, http:\/\/www.computenvorld.com\/securitytopics\/security\/story\/O,10801,78747,00.html"},{"key":"1_CR19","unstructured":"D. Moore and C. Shannon, \u201cThe Spread of the Code-Red Worm (CRV2),\u201d http:\/\/www.caida.org\/analysis\/security\/code-red\/coderedv2_analysis.x ml"},{"key":"1_CR20","unstructured":"C. Nachenberg, \u201cGeneric Exploit Blocking,\u201d Virus Bulletin, February, 2005"},{"key":"1_CR21","unstructured":"J. Newsome, et. al, \u201cAutomatically Generating Signatures for Polymorphic Worms,\u201d in the Proceedings of the IEEE Symposium on Security and Privacy (Oakland 2005), Oakland, CA, May, 2005. http:\/\/www.cs.ucl.ac.uk_staff\/B.Karp\/polygraph-oakland2005.pdf"},{"key":"1_CR22","unstructured":"J. Newsome and D. Song, \u201cDynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software,\u201d In Proceedings of the 12th Annual Network and Distributed System Security Symposium (NDSS\u2019 05), February 2005. http:\/\/www.ece.cmu.edu\/-jnewsome\/docs\/taintcheck.pdf"},{"key":"1_CR23","unstructured":"N. L. Petroni, Jr., et. al, \u201cCopilot-a Coprocessor-based Kernel Runtime Integrity Monitor,\u201d 13th Usenix Security Symposium 2004, http:\/\/www.jesusmolina.com\/docs\/copilot.pdf"},{"key":"1_CR24","unstructured":"J. Roculan, et. al, \u201cDeepSight\u2122 Threat Management System Threat Analysis: SQLExp SQL Server Worm,\u201d http:\/\/securityresponse.symantec.com\/avcenter\/Analysis-SQLExp.pdf, January 25,2003"},{"key":"1_CR25","doi-asserted-by":"crossref","unstructured":"S. Sidiroglou, et. al, \u201cAn Emailworm Vaccine Architecture,\u201d In Proceedings of the 1st Information Security Practice and Experience Conference (ISPEC), pp. 97\u2013108. April 2005, Singapore. http:\/\/www 1.cs.columbia.edu\/-angelosPapers\/2005\/email-worm.pdf","DOI":"10.1007\/978-3-540-31979-5_9"},{"issue":"6","key":"1_CR26","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1109\/MSP.2005.144","volume":"3","author":"S. Sidiroglou","year":"2005","unstructured":"S. Sidiroglou and A. Keromytis, \u201cCountering Network Worms Through Automatic Patch Generation,\u201d In IEEE Security & Privacy, vol. 3, no. 6, PP. 52\u201360, November\/December 2005, http:\/\/www1.cs.columbia.edu\/-angelos\/Papers\/2005\/j6ker3.pdf","journal-title":"In IEEE Security & Privacy"},{"key":"1_CR27","unstructured":"S. Singh, \u201cAutomated Worm Fingerprinting,\u201d Proceedings of the ACMIUSENIX Symposium on Operating System Design and Implementation, San Francisco, CA, December 2004. http:\/\/www.cs.ucsd.edu\/-savage\/papers\/OSDIO4.pdf"},{"key":"1_CR28","unstructured":"S. Sparks and J. Butler, \u201cShadow Walker-Raising The Bar For Rootkit Detection,\u201d DefCon 13, July 29-31, 2005, http:\/\/ww.blackhat.codpresentations\/bh-jp-05\/bh-jp-05-sparks-butle r.pdf"},{"key":"1_CR29","unstructured":"S. Staniford, et. al, \u201cHow to Own the Internet in Your Spare Time,\u201d Proceedings of the 1 lth USENIX Security Symposium (Security\u2019 02) http:\/\/www.cs.berkeley.edu\/-nweaver\/cdc.web\/cdc.web.pdf"},{"key":"1_CR30","unstructured":"Symantec Internet Security Threat Report, Volume VII, Published March 2005"},{"key":"1_CR31","unstructured":"Symantec Internet Security Threat Report, Volume VIII, Published September 2005"},{"key":"1_CR32","unstructured":"J. Swartz, \u201c40 million credit card holders may be at risk,\u201d USA TODAY, June 19, 2005, http:\/\/www.usatoday.com\/money\/perfi\/general\/2005-0 19-breach-usat-x.htm"},{"key":"1_CR33","doi-asserted-by":"crossref","unstructured":"F. Valeur, et. al, \u201cA Learning-Based Approach to the Detection of SQL Attacks,\u201c Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) Vienna, Austria July 2005, http:\/\/www.cs.ucsb.edu\/-vigna\/publications.html","DOI":"10.1007\/11506881_8"},{"key":"1_CR34","doi-asserted-by":"crossref","unstructured":"H. J. Wang, C. Guo, D. R. Simon, and A. Zugenmaier. Shield: Vulnerability-Driven Network Filters for Preventing Known Vulnerability Exploits. Proceedings of the ACM SIGCOMM Conference, Aug. 2004. http:\/\/citeseer.ist.psu.edu\/cache\/papers\/cs2\/162\/http:zSzzSzresearch.mi crosofi. comzSzresearchzSzshieldzSzpaperszSzshieldSigcommO4.pdf\/wan g04shield.pdf","DOI":"10.1145\/1030194.1015489"},{"key":"1_CR35","unstructured":"K. Wang, et. al, \u201cAnomalous Payload-based Worm Detection and Signature Generation,\u201d In Proceedings of the Eighth International Symposium on Recent Advances in Intrusion Detection, September 2005, http:\/\/worminator.cs.columbia.edu\/papers\/2005\/raid-cut4.pdf"},{"key":"1_CR36","unstructured":"Y.-M. Wang, et. al, \u201cAutomated Web Patrol with Strider HoneyMonkeys: Finding Web Sites That Exploit Browser Vulnerabilities\u201d MSR-TR-2005-72, August 2005 fip:\/\/fip.research.microsoR.comlpub\/tr\/TR-2005-72.pdf"},{"key":"1_CR37","unstructured":"M. Williamson, et. al, \u201cVirus Throttling,\u201d HPL-2003-69 20030430, Virus Bulletin, March 2003, http:\/\/www.hpl.hp.com_techreports\/2003\/HPL-2003-69.htm1"}],"container-title":["Advances in Information Security","Malware Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-0-387-44599-1_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,14]],"date-time":"2025-01-14T15:31:31Z","timestamp":1736868691000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-0-387-44599-1_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007]]},"ISBN":["9780387327204","9780387445991"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-0-387-44599-1_1","relation":{},"ISSN":["1568-2633"],"issn-type":[{"type":"print","value":"1568-2633"}],"subject":[],"published":{"date-parts":[[2007]]}}}