{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T01:01:40Z","timestamp":1780016500019,"version":"3.53.1"},"publisher-location":"Cham","reference-count":32,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030763510","type":"print"},{"value":"9783030763527","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-76352-7_54","type":"book-chapter","created":{"date-parts":[[2021,5,29]],"date-time":"2021-05-29T02:07:29Z","timestamp":1622254049000},"page":"627-641","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Efficient Threat Hunting Methodology for Analyzing Malicious Binaries in Windows Platform"],"prefix":"10.1007","author":[{"given":"Ahmed M.","family":"Elmisery","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mirela","family":"Sertovic","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mamoun","family":"Qasem","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,5,30]]},"reference":[{"key":"54_CR1","doi-asserted-by":"crossref","unstructured":"Dowdy, J.: The cyber-security threat to us growth and prosperity. In: Cyberspace: A New Domain for National Security (2012)","DOI":"10.2307\/j.ctt19x3h93.10"},{"key":"54_CR2","doi-asserted-by":"publisher","first-page":"35","DOI":"10.1016\/j.cose.2014.09.006","volume":"48","author":"I Friedberg","year":"2015","unstructured":"Friedberg, I., Skopik, F., Settanni, G., Fiedler, R.: Combating advanced persistent threats: from network event correlation to incident detection. Comput. Secur. 48, 35\u201357 (2015)","journal-title":"Comput. Secur."},{"key":"54_CR3","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101568","volume":"87","author":"LY Connolly","year":"2019","unstructured":"Connolly, L.Y., Wall, D.S.: The rise of crypto-ransomware in a changing cybercrime landscape: taxonomising countermeasures. Comput. Secur. 87, (2019)","journal-title":"Comput. Secur."},{"key":"54_CR4","unstructured":"Lord, N.: What is threat hunting? The emerging focus in threat detection. In: Digital Guardian (2018)"},{"key":"54_CR5","unstructured":"Sqrrl. Cyber Threat Hunting. www.sqrrl.com"},{"key":"54_CR6","doi-asserted-by":"crossref","unstructured":"Bhatt, P., Yano, E.T., Gustavsson, P.: Towards a framework to detect multi-stage advanced persistent threats attacks. In: 2014 IEEE 8th International Symposium on Service Oriented System Engineering, pp. 390\u2013395 (2014)","DOI":"10.1109\/SOSE.2014.53"},{"key":"54_CR7","doi-asserted-by":"publisher","DOI":"10.7717\/peerj-cs.25","volume":"1","author":"N Scarabeo","year":"2015","unstructured":"Scarabeo, N., Fung, B.C., Khokhar, R.H.: Mining known attack patterns from security-related events. Peer J. Comput. Sci. 1, (2015)","journal-title":"Peer J. Comput. Sci."},{"key":"54_CR8","doi-asserted-by":"crossref","unstructured":"Mahyari, A.G., Aviyente, S.: A multi-scale energy detector for anomaly detection in dynamic networks. In: 2013 Asilomar Conference on Signals, Systems and Computers, pp. 962\u2013965. IEEE (2013)","DOI":"10.1109\/ACSSC.2013.6810432"},{"key":"54_CR9","unstructured":"Miller, B.A., Beard, M.S., Bliss, N.T.: Eigenspace analysis for threat detection in social networks. In: 14th International Conference on Information Fusion, pp. 1\u20137. IEEE (2011)"},{"issue":"1","key":"54_CR10","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/s00521-014-1701-2","volume":"26","author":"AK Bhardwaj","year":"2015","unstructured":"Bhardwaj, A.K., Singh, M.: Data mining-based integrated network traffic visualization framework for threat detection. Neural Comput. Appl. 26(1), 117\u2013130 (2015)","journal-title":"Neural Comput. Appl."},{"key":"54_CR11","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: clustering analysis of network traffic for protocol-and structure-independent botnet detection (2008)"},{"key":"54_CR12","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/978-981-15-2693-0_8","volume-title":"Advances in Cyber Security (ACeS 2019) Communications in Computer and Information Science","author":"AM Elmisery","year":"2020","unstructured":"Elmisery, A.M., Sertovic, M.: Privacy preserving threat hunting in smart home environments. In: Anbar, M., Abdullah, N., Manickam, S. (eds.) Advances in Cyber Security (ACeS 2019) Communications in Computer and Information Science, vol. 1132, pp. 104\u2013120. Springer, Singapore (2020). https:\/\/doi.org\/10.1007\/978-981-15-2693-0_8"},{"key":"54_CR13","unstructured":"Elmisery, A.M., Botvich, D.: Privacy aware recommender service using multi-agent middleware-an IPTV network scenario. Informatica 36(1) (2012)"},{"key":"54_CR14","doi-asserted-by":"publisher","first-page":"8418","DOI":"10.1109\/ACCESS.2016.2631546","volume":"4","author":"AM Elmisery","year":"2016","unstructured":"Elmisery, A.M., Rho, S., Botvich, D.: A fog based middleware for automated compliance with OECD privacy principles in internet of healthcare things. IEEE Access 4, 8418\u20138441 (2016)","journal-title":"IEEE Access"},{"issue":"22","key":"54_CR15","doi-asserted-by":"publisher","first-page":"14927","DOI":"10.1007\/s11042-014-2271-0","volume":"75","author":"AM Elmisery","year":"2016","unstructured":"Elmisery, A.M., Rho, S., Botvich, D.: Collaborative privacy framework for minimizing privacy risks in an IPTV social recommender service. Multimedia Tools Appl. 75(22), 14927\u201314957 (2016)","journal-title":"Multimedia Tools Appl."},{"issue":"2","key":"54_CR16","first-page":"10","volume":"2","author":"AM Elmisery","year":"2011","unstructured":"Elmisery, A.M., Botvich, D.: Enhanced middleware for collaborative privacy in IPTV recommender services. J. Converg. 2(2), 10 (2011)","journal-title":"J. Converg."},{"key":"54_CR17","series-title":"Lecture Notes in Electrical Engineering","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1007\/978-94-007-5699-1_32","volume-title":"Computer Science and its Applications","author":"AM Elmisery","year":"2012","unstructured":"Elmisery, A.M., Doolin, K., Roussaki, I., Botvich, D.: Enhanced middleware for collaborative privacy in community based recommendations services. In: Yeo, S.S., Pan, Y., Lee, Y., Chang, H. (eds.) Computer Science and its Applications. Lecture Notes in Electrical Engineering, vol. 203, pp. 313\u2013328. Springer, Dordrecht (2012)"},{"key":"54_CR18","doi-asserted-by":"publisher","first-page":"144925","DOI":"10.1109\/ACCESS.2019.2945839","volume":"7","author":"E Berrueta Irigoyen","year":"2019","unstructured":"Berrueta Irigoyen, E., Morat\u00f3 Os\u00e9s, D., Lizarrondo, M., Izal Azc\u00e1rate, M.: A survey on detection techniques for cryptographic ransomware. IEEE Access 7, 144925\u2013144944 (2019)","journal-title":"IEEE Access"},{"key":"54_CR19","unstructured":"Akbanov, V.G., Vassilakis, I.D. Moscholios, Logothetis, M.D.: Static and dynamic analysis of WannaCry ransmware"},{"key":"54_CR20","doi-asserted-by":"crossref","unstructured":"Aman, W.: A framework for analysis and comparison of dynamic malware analysis tools. Int. J. Netw. Secur. Its Appl. 6(5), 63\u201374 (2014). arXiv preprint arXiv:1410.2131","DOI":"10.5121\/ijnsa.2014.6505"},{"issue":"2","key":"54_CR21","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1049\/sej.1995.0010","volume":"10","author":"BA Wichmann","year":"1995","unstructured":"Wichmann, B.A., Canning, A., Clutterbuck, D., Winsborrow, L., Ward, N., Marsh, D.: Industrial perspective on static analysis. Softw. Eng. J. 10(2), 69\u201375 (1995)","journal-title":"Softw. Eng. J."},{"key":"54_CR22","doi-asserted-by":"crossref","unstructured":"Firdausi, I., Erwin, A., Nugroho, A.S.: Analysis of machine learning techniques used in behavior-based malware detection. In: 2010 Second International Conference on Advances in Computing, Control, and Telecommunication Technologies, pp. 201\u2013203. IEEE (2010)","DOI":"10.1109\/ACT.2010.33"},{"key":"54_CR23","unstructured":"Snaker (ed.): Softpedia (2008). https:\/\/www.softpedia.com\/get\/Programming\/Packers-Crypters-Protectors\/PEiD-updated.shtml"},{"key":"54_CR24","unstructured":"Petoolse (ed.): Github (2018). https:\/\/github.com\/petoolse\/petools"},{"key":"54_CR25","unstructured":"Miller, S. (ed.): Dependency walker (2015). http:\/\/www.dependencywalker.com"},{"key":"54_CR26","unstructured":"Microsoft (ed.): Process explorer (2019). https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/process-explorer"},{"key":"54_CR27","unstructured":"Microsoft (ed.): Process monitor. https:\/\/docs.microsoft.com\/en-us\/sysinternals\/downloads\/procmon"},{"key":"54_CR28","unstructured":"Wojner, C. (ed.): ProcDOT, a new way of visual malware analysis. Austrian National CERT (2015). https:\/\/www.procdot.com\/"},{"key":"54_CR29","unstructured":"Maddes, X. (ed.): Regshot download (2018). https:\/\/sourceforge.net\/projects\/regshot\/"},{"key":"54_CR30","unstructured":"Hungenberg, T., Eckert, M. (ed.): INetSim: internet services simulation suite (2013)"},{"key":"54_CR31","unstructured":"Wireshark, F.: Wireshark-Go Deep, vol. 15. Retrieved Oct 2011"},{"key":"54_CR32","unstructured":"Sistemas, H. (ed.): VirusTotal (2004). https:\/\/www.virustotal.com\/gui\/"}],"container-title":["Lecture Notes in Computer Science","Service-Oriented Computing \u2013 ICSOC 2020 Workshops"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-76352-7_54","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,29]],"date-time":"2026-05-29T00:03:15Z","timestamp":1780012995000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-76352-7_54"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030763510","9783030763527"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-76352-7_54","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"30 May 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICSOC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Service-Oriented Computing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Dubai","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Arab Emirates","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 December 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 December 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icsoc2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/icsoc2020.connect.rs\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Conftool","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"137","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"23","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"16","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"In addition, 3 industry papers are included. Due to the COVID-19 pandemic, the conference took place virtually. For the workshops 34 full and 21 short papers were accepted from a total of 125 submissions.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}