{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,28]],"date-time":"2025-11-28T04:57:22Z","timestamp":1764305842512,"version":"3.46.0"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030610777"},{"type":"electronic","value":"9783030610784"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-61078-4_3","type":"book-chapter","created":{"date-parts":[[2020,11,27]],"date-time":"2020-11-27T18:02:30Z","timestamp":1606500150000},"page":"36-53","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["Detection of Metamorphic Malware Packers Using Multilayered LSTM Networks"],"prefix":"10.1007","author":[{"given":"Erik","family":"Bergenholtz","sequence":"first","affiliation":[]},{"given":"Emiliano","family":"Casalicchio","sequence":"additional","affiliation":[]},{"given":"Dragos","family":"Ilie","sequence":"additional","affiliation":[]},{"given":"Andrew","family":"Moss","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,11,28]]},"reference":[{"key":"3_CR1","unstructured":"Objdump. https:\/\/sourceware.org\/binutils\/docs\/binutils\/objdump.html. Accessed 16 Jan 2020"},{"key":"3_CR2","unstructured":"Radare2. https:\/\/www.radare.org\/r\/. Accessed 16 Jan 2020"},{"key":"3_CR3","unstructured":"Retargetable decompiler. https:\/\/retdec.com\/. Accessed 8 May 2019"},{"key":"3_CR4","unstructured":"Intel\u00ae 64 and IA-32 ArchitecturesSoftware Developer\u2019s Manual, May 2019"},{"key":"3_CR5","doi-asserted-by":"publisher","unstructured":"Ban, T., Isawa, R., Guo, S., Inoue, D., Nakao, K.: Application of string kernel based support vector machine for malware packer identification. In: The 2013 International Joint Conference on Neural Networks, IJCNN 2013, Dallas, TX, USA, 4\u20139 August 2013, pp. 1\u20138. IEEE (2013). https:\/\/doi.org\/10.1109\/IJCNN.2013.6707043","DOI":"10.1109\/IJCNN.2013.6707043"},{"key":"3_CR6","doi-asserted-by":"publisher","unstructured":"Ban, T., Isawa, R., Guo, S., Inoue, D., Nakao, K.: Efficient malware packer identification using support vector machines with spectrum kernel. In: Eighth Asia Joint Conference on Information Security, AsiaJCIS 2013, Seoul, Korea, 25\u201326 July 2013, pp. 69\u201376. IEEE (2013). https:\/\/doi.org\/10.1109\/ASIAJCIS.2013.18","DOI":"10.1109\/ASIAJCIS.2013.18"},{"key":"3_CR7","doi-asserted-by":"publisher","unstructured":"Bat-Erdene, M., Kim, T., Li, H., Lee, H.: Dynamic classification of packing algorithms for inspecting executables using entropy analysis. In: 8th International Conference on Malicious and Unwanted Software: \u201cThe Americas\u201d, MALWARE 2013, Fajardo, PR, USA, 22\u201324 October 2013, pp. 19\u201326. IEEE Computer Society (2013). https:\/\/doi.org\/10.1109\/MALWARE.2013.6703681","DOI":"10.1109\/MALWARE.2013.6703681"},{"issue":"3","key":"3_CR8","doi-asserted-by":"publisher","first-page":"125","DOI":"10.3390\/e19030125","volume":"19","author":"M Bat-Erdene","year":"2017","unstructured":"Bat-Erdene, M., Kim, T., Park, H., Lee, H.: Packer detection for multi-layer executables using entropy analysis. Entropy 19(3), 125 (2017). https:\/\/doi.org\/10.3390\/e19030125","journal-title":"Entropy"},{"issue":"3","key":"3_CR9","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/s10207-016-0330-4","volume":"16","author":"M Bat-Erdene","year":"2017","unstructured":"Bat-Erdene, M., Park, H., Li, H., Lee, H., Choi, M.-S.: Entropy analysis to classify unknown packing algorithms for malware detection. Int. J. Inf. Secur. 16(3), 227\u2013248 (2017). https:\/\/doi.org\/10.1007\/s10207-016-0330-4","journal-title":"Int. J. Inf. Secur."},{"key":"3_CR10","doi-asserted-by":"crossref","unstructured":"Bergenholtz, E., Casalicchio, E., Ilie, D., Moss, A.: Appendices for: detection of metamorphic malware packers using multilayered LSTM networks (2020). https:\/\/github.com\/erikbergenholtz\/appendix_metamorphic_packers\/blob\/master\/appendix.pdf. Accessed 14 Apr 2020","DOI":"10.1007\/978-3-030-61078-4_3"},{"key":"3_CR11","unstructured":"Blazytko, T., Contag, M., Aschermann, C., Holz, T.: Syntia: syntesizing the semantics of obfuscated code. In: Proceedings of 26 USENIX Security Symposium. Vancouver, BC, Canada, August 2017"},{"key":"3_CR12","unstructured":"Brosch, T., Morgenstern, M.: Runtime packers: the hidden problem. Black Hat USA (2006)"},{"key":"3_CR13","doi-asserted-by":"publisher","unstructured":"Burgess, C.J., Kurugollu, F., Sezer, S., McLaughlin, K.: Detecting packed executables using steganalysis. In: 5th European Workshop on Visual Information Processing, EUVIP 2014, Villetaneuse, Paris, France, 10\u201312 December 2014, pp. 1\u20135. IEEE (2014). https:\/\/doi.org\/10.1109\/EUVIP.2014.7018361","DOI":"10.1109\/EUVIP.2014.7018361"},{"key":"3_CR14","unstructured":"Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations, January 1997. http:\/\/www.cs.auckland.ac.nz\/staff-cgi-bin\/mjd\/csTRcgi.pl?serial"},{"key":"3_CR15","unstructured":"The Mental Driller: Metamorphism in practice or \u201cHow I made MetaPHOR and what I\u2019ve learnt\u201d, February 2002. https:\/\/web.archive.org\/web\/20070602061547\/http:\/\/vx.netlux.org\/lib\/vmd01.html. Accessed 10 Dec 2019"},{"key":"3_CR16","doi-asserted-by":"publisher","unstructured":"Gupta, N., Naval, S., Laxmi, V., Gaur, M.S., Rajarajan, M.: P-SPADE: GPU accelerated malware packer detection. In: Miri, A., Hengartner, U., Huang, N., J\u00f8sang, A., Garc\u00eda-Alfaro, J. (eds.) 2014 Twelfth Annual International Conference on Privacy, Security and Trust, Toronto, ON, Canada, 23\u201324 July 2014, pp. 257\u2013263. IEEE Computer Society (2014). https:\/\/doi.org\/10.1109\/PST.2014.6890947","DOI":"10.1109\/PST.2014.6890947"},{"key":"3_CR17","unstructured":"holy\\_father: Morphine v2.7 (2004). https:\/\/github.com\/bowlofstew\/rootkit.com\/tree\/master\/hf\/Morphine27. Accessed 24 Oct 2018"},{"key":"3_CR18","doi-asserted-by":"publisher","unstructured":"Hubballi, N., Dogra, H.: Detecting packed executable file: supervised or anomaly detection method? In: 11th International Conference on Availability, Reliability and Security, ARES 2016, Salzburg, Austria, 31 August\u20132 September 2016, pp. 638\u2013643. IEEE Computer Society (2016). https:\/\/doi.org\/10.1109\/ARES.2016.18","DOI":"10.1109\/ARES.2016.18"},{"key":"3_CR19","doi-asserted-by":"publisher","unstructured":"Jeong, G., Choo, E., Lee, J., Bat-Erdene, M., Lee, H.: Generic unpacking using entropy analysis. In: 5th International Conference on Malicious and Unwanted Software, MALWARE 2010, Nancy, France, 19\u201320 October 2010, pp. 98\u2013105. IEEE Computer Society (2010). https:\/\/doi.org\/10.1109\/MALWARE.2010.5665789","DOI":"10.1109\/MALWARE.2010.5665789"},{"issue":"2","key":"3_CR20","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/s11416-015-0249-8","volume":"12","author":"K Kancherla","year":"2016","unstructured":"Kancherla, K., Donahue, J., Mukkamala, S.: Packer identification using byte plot and markov plot. J. Comput. Virol. Hacking Tech. 12(2), 101\u2013111 (2016). https:\/\/doi.org\/10.1007\/s11416-015-0249-8","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"3_CR21","unstructured":"K\u0159oustek, J., Matula, P., Kol\u00e1r, D., Zavoral, M.: Advanced preprocessing of binary executable files and its usage in retargetable decompilation. Int. J. Adv. Softw. 7(1), 112\u2013122 (2014)"},{"key":"3_CR22","series-title":"Advanced Sciences and Technologies for Security Applications","doi-asserted-by":"publisher","first-page":"197","DOI":"10.1007\/978-3-030-13057-2_9","volume-title":"Deep Learning Applications for Cyber Security","author":"WY Lee","year":"2019","unstructured":"Lee, W.Y., Saxe, J., Harang, R.: SeqDroid: obfuscated android malware detection using stacked convolutional and recurrent neural networks. In: Alazab, M., Tang, M.J. (eds.) Deep Learning Applications for Cyber Security. ASTSA, pp. 197\u2013210. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-13057-2_9"},{"key":"3_CR23","unstructured":"Morgenstern, M., Pilz, H.: Useful and useless statistics about viruses and anti-virus programs. In: Proceedings of the CARO Workshop (2010)"},{"key":"3_CR24","doi-asserted-by":"publisher","unstructured":"Naval, S., Laxmi, V., Gaur, M.S., Vinod, P.: SPADE: Signature based PAcker DEtection. In: Chandrasekhar, R., Tanenbaum, A.S., Rangan, P.V. (eds.) First International Conference on Security of Internet of Things, SECURIT 2012, Kollam, India, 17\u201319 August 2012. pp. 96\u2013101. ACM (2012). https:\/\/doi.org\/10.1145\/2490428.2490442","DOI":"10.1145\/2490428.2490442"},{"key":"3_CR25","unstructured":"Rolles, R.: Unpacking virtualization obfuscators. In: Proceedings of USENIX WOOT. Montreal, Canada, August 2009"},{"key":"3_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"370","DOI":"10.1007\/978-3-642-14081-5_23","volume-title":"Information Security and Privacy","author":"L Sun","year":"2010","unstructured":"Sun, L., Versteeg, S., Bozta\u015f, S., Yann, T.: Pattern recognition techniques for the classification of malware packers. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 370\u2013390. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14081-5_23"},{"key":"3_CR27","volume-title":"The Art of Computer Virus Research and Defense","author":"P Szor","year":"2005","unstructured":"Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley, Boston, Massachusetts (2005)"},{"key":"3_CR28","doi-asserted-by":"publisher","unstructured":"Ugarte-Pedrero, X., Balzarotti, D., Santos, I., Bringas, P.G.: SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, 17\u201321 May 2015, pp. 659\u2013673. IEEE Computer Society (2015). https:\/\/doi.org\/10.1109\/SP.2015.46","DOI":"10.1109\/SP.2015.46"},{"issue":"1","key":"3_CR29","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/s00521-014-1558-4","volume":"27","author":"P Xie","year":"2014","unstructured":"Xie, P., Liu, X., Yin, J., Wang, Y.: Absent extreme learning machine algorithm with application to packed executable identification. Neural Comput. Appl. 27(1), 93\u2013100 (2014). https:\/\/doi.org\/10.1007\/s00521-014-1558-4","journal-title":"Neural Comput. Appl."},{"issue":"5","key":"3_CR30","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1109\/MSP.2008.126","volume":"6","author":"W Yan","year":"2008","unstructured":"Yan, W., Zhang, Z., Ansari, N.: Revealing packed malware. IEEE Secur. Priv. 6(5), 65\u201369 (2008). https:\/\/doi.org\/10.1109\/MSP.2008.126","journal-title":"IEEE Secur. Priv."}],"container-title":["Lecture Notes in Computer Science","Information and Communications Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-61078-4_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,28]],"date-time":"2025-11-28T01:02:38Z","timestamp":1764291758000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-61078-4_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030610777","9783030610784"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-61078-4_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"28 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information and Communications Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 August 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 August 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icics2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/icics2020.compute.dtu.dk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"139","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3.5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}