{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,7]],"date-time":"2025-11-07T09:29:36Z","timestamp":1762507776870},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030209506"},{"type":"electronic","value":"9783030209513"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-20951-3_12","type":"book-chapter","created":{"date-parts":[[2019,6,16]],"date-time":"2019-06-16T19:02:48Z","timestamp":1560711768000},"page":"121-140","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Reconstructing C2 Servers for Remote Access Trojans with Symbolic Execution"],"prefix":"10.1007","author":[{"given":"Luca","family":"Borzacchiello","sequence":"first","affiliation":[]},{"given":"Emilio","family":"Coppa","sequence":"additional","affiliation":[]},{"given":"Daniele Cono","family":"D\u2019Elia","sequence":"additional","affiliation":[]},{"given":"Camil","family":"Demetrescu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,5,19]]},"reference":[{"issue":"2","key":"12_CR1","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1016\/0890-5401(87)90052-6","volume":"75","author":"D Angluin","year":"1987","unstructured":"Angluin, D.: Learning regular sets from queries and counterexamples. Inf. Comput. 75(2), 87\u2013106 (1987). \n                    https:\/\/doi.org\/10.1016\/0890-5401(87)90052-6","journal-title":"Inf. Comput."},{"key":"12_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/978-3-319-60080-2_12","volume-title":"Cyber Security Cryptography and Machine Learning","author":"R Baldoni","year":"2017","unstructured":"Baldoni, R., Coppa, E., D\u2019Elia, D.C., Demetrescu, C.: Assisting malware analysis with symbolic execution: a case study. In: Dolev, S., Lodha, S. (eds.) CSCML 2017. LNCS, vol. 10332, pp. 171\u2013188. Springer, Cham (2017). \n                    https:\/\/doi.org\/10.1007\/978-3-319-60080-2_12"},{"issue":"3","key":"12_CR3","doi-asserted-by":"publisher","first-page":"50:1","DOI":"10.1145\/3182657","volume":"51","author":"R Baldoni","year":"2018","unstructured":"Baldoni, R., Coppa, E., D\u2019Elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. ACM Comput. Surv. 51(3), 50:1\u201350:39 (2018). \n                    https:\/\/doi.org\/10.1145\/3182657","journal-title":"ACM Comput. Surv."},{"doi-asserted-by":"publisher","unstructured":"Banescu, S., Collberg, C., Ganesh, V., Newsham, Z., Pretschner, A.: Code obfuscation against symbolic execution attacks. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, ACSAC 2016, pp. 189\u2013200 (2016). \n                    https:\/\/doi.org\/10.1145\/2991079.2991114","key":"12_CR4","DOI":"10.1145\/2991079.2991114"},{"unstructured":"Beddoe, M.A.: Network protocol analysis using bioinformatics algorithms. Toorcon (2004)","key":"12_CR5"},{"issue":"9","key":"12_CR6","doi-asserted-by":"publisher","first-page":"1457","DOI":"10.1016\/j.patcog.2004.03.027","volume":"38","author":"M Bugalho","year":"2005","unstructured":"Bugalho, M., Oliveira, A.L.: Inference of regular languages using state merging algorithms with search. Pattern Recogn. 38(9), 1457\u20131467 (2005). \n                    https:\/\/doi.org\/10.1016\/j.patcog.2004.03.027","journal-title":"Pattern Recogn."},{"issue":"1","key":"12_CR7","doi-asserted-by":"publisher","first-page":"2:1","DOI":"10.1145\/2110356.2110358","volume":"30","author":"V Chipounov","year":"2012","unstructured":"Chipounov, V., Kuznetsov, V., Candea, G.: The S2E platform: design, implementation, and applications. ACM Trans. Comput. Syst. (TOCS) 30(1), 2:1\u20132:49 (2012). \n                    https:\/\/doi.org\/10.1145\/2110356.2110358","journal-title":"ACM Trans. Comput. Syst. (TOCS)"},{"doi-asserted-by":"publisher","unstructured":"Cho, C.Y., Babi\u0107, D., Shin, E.C.R., Song, D.: Inference and analysis of formal models of botnet command and control protocols. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 426\u2013439. ACM (2010). \n                    https:\/\/doi.org\/10.1145\/1866307.1866355","key":"12_CR8","DOI":"10.1145\/1866307.1866355"},{"unstructured":"Cho, C.Y., Babi\u0107, D., Poosankam, P., Chen, K.Z., Wu, E.X., Song, D.: MACE: model-inference-assisted concolic exploration for protocol and vulnerability discovery. In: Proceedings of the 20th USENIX Conference on Security, pp. 10\u201310 (2011)","key":"12_CR9"},{"doi-asserted-by":"publisher","unstructured":"Comparetti, P.M., Wondracek, G., Kruegel, C., Kirda, E.: Prospex: protocol specification extraction. In: Proceedings of the 2009 30th IEEE Symposium on Security and Privacy, SP 2009 (2009). \n                    https:\/\/doi.org\/10.1109\/SP.2009.14","key":"12_CR10","DOI":"10.1109\/SP.2009.14"},{"doi-asserted-by":"publisher","unstructured":"Coppa, E., D\u2019Elia, D.C., Demetrescu, C.: Rethinking pointer reasoning in symbolic execution. In: Proceedings of the 32nd IEEE\/ACM International Conference on Automated Software Engineering, ASE 2017 (2017). \n                    https:\/\/doi.org\/10.1109\/ASE.2017.8115671","key":"12_CR11","DOI":"10.1109\/ASE.2017.8115671"},{"unstructured":"Cui, W., Kannan, J., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (2007). \n                    http:\/\/dl.acm.org\/citation.cfm?id=1362903.1362917","key":"12_CR12"},{"key":"12_CR13","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1007\/s11416-016-0289-8","volume":"14","author":"J Duch\u00eane","year":"2017","unstructured":"Duch\u00eane, J., Le Guernic, C., Alata, E., Nicomette, V., Kaaniche, M.: Stateof the art of network protocol reverse engineering tools. J. Comput. Virol. Hacking Tech. 14, 53\u201368 (2017). \n                    https:\/\/doi.org\/10.1007\/s11416-016-0289-8","journal-title":"J. Comput. Virol. Hacking Tech."},{"doi-asserted-by":"publisher","unstructured":"Jiang, D., Omote, K.: An approach to detect remote access trojan in the early stage of communication. In: 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, pp. 706\u2013713, March 2015. \n                    https:\/\/doi.org\/10.1109\/AINA.2015.257","key":"12_CR14","DOI":"10.1109\/AINA.2015.257"},{"unstructured":"Lin, Z., Jiang, X., Xu, D., Zhang, X.: Automatic protocol format reverse engineering through context-aware monitored execution. In: 15th Symposium on Network And Distributed System Sexurity (NDSS) (2008)","key":"12_CR15"},{"unstructured":"Computer Incident Response Center Luxembourg: TR-23 Analysis - NetWiredRC malware (2014). \n                    https:\/\/www.circl.lu\/pub\/tr-23\/","key":"12_CR16"},{"unstructured":"SecureWorks: NetWire RAT Steals Payment Card Data (2016). \n                    https:\/\/www.secureworks.com\/blog\/netwire-rat-steals-payment-card-data","key":"12_CR17"},{"key":"12_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-319-93411-2_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"G Severi","year":"2018","unstructured":"Severi, G., Leek, T., Dolan-Gavitt, B.: Malrec: compact full-trace malware recording for retrospective deep analysis. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 3\u201323. Springer, Cham (2018). \n                    https:\/\/doi.org\/10.1007\/978-3-319-93411-2_1"},{"doi-asserted-by":"publisher","unstructured":"Shoshitaishvili, Y., Wang, R., Hauser, C., Kruegel, C., Vigna, G.: Firmalice - automatic detection of authentication bypass vulnerabilities in binary firmware. In: Proceedings of the 2015 Network and Distributed System Security Symposium, NDSS 2015 (2015). \n                    https:\/\/doi.org\/10.14722\/ndss.2015.23294","key":"12_CR19","DOI":"10.14722\/ndss.2015.23294"},{"doi-asserted-by":"publisher","unstructured":"Shoshitaishvili, Y., et al.: SoK: (state of) the art of war: offensive techniques in binary analysis. In: IEEE Symposium on Security and Privacy, SP 2016, pp. 138\u2013157 (2016). \n                    https:\/\/doi.org\/10.1109\/SP.2016.17","key":"12_CR20","DOI":"10.1109\/SP.2016.17"},{"key":"12_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-89862-7_1","volume-title":"Information Systems Security","author":"D Song","year":"2008","unstructured":"Song, D., et al.: BitBlaze: a new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1\u201325. Springer, Heidelberg (2008). \n                    https:\/\/doi.org\/10.1007\/978-3-540-89862-7_1"},{"doi-asserted-by":"publisher","unstructured":"Stephens, N., et al.: Driller: augmenting fuzzing through selective symbolic execution. In: Proceedings of the 2016 Network and Distributed System Security Symposium, NDSS 2016 (2016). \n                    https:\/\/doi.org\/10.14722\/ndss.2016.23368","key":"12_CR22","DOI":"10.14722\/ndss.2016.23368"},{"unstructured":"Villeneuve, N., Sancho, D.: The \u201cLurid\u201d Downloader. Trend Micro Incorporated (2011). \n                    http:\/\/la.trendmicro.com\/media\/misc\/lurid-downloader-enfal-report-en.pdf","key":"12_CR23"},{"doi-asserted-by":"publisher","unstructured":"Yadegari, B., Debray, S.: Symbolic execution of obfuscated code. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 (2015). \n                    https:\/\/doi.org\/10.1145\/2810103.2813663","key":"12_CR24","DOI":"10.1145\/2810103.2813663"}],"container-title":["Lecture Notes in Computer Science","Cyber Security Cryptography and Machine Learning"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-20951-3_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,16]],"date-time":"2019-06-16T19:07:09Z","timestamp":1560712029000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-20951-3_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030209506","9783030209513"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-20951-3_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"19 May 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CSCML","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Cyber Security Cryptography and Machine Learning","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Beer-Sheva","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Israel","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 June 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 June 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"cscml2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.cs.bgu.ac.il\/~fradmin\/cscml19\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Open","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"36","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"18","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"10","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"50% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"n\/a","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}