{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T03:14:08Z","timestamp":1743045248259,"version":"3.40.3"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030861292"},{"type":"electronic","value":"9783030861308"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-86130-8_12","type":"book-chapter","created":{"date-parts":[[2021,9,8]],"date-time":"2021-09-08T08:12:16Z","timestamp":1631088736000},"page":"147-159","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["NFDD: A Dynamic Malicious Document Detection Method Without Manual Feature Dictionary"],"prefix":"10.1007","author":[{"given":"Jianguo","family":"Jiang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chenghao","family":"Wang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Min","family":"Yu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chenggang","family":"Jia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gang","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chao","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Weiqing","family":"Huang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,9,9]]},"reference":[{"unstructured":"SonicWall: 2020 sonicwall cyber threat report (2020). https:\/\/www.sonicwall.com\/news\/sonicwalls-mid-year-cyber-threat-report","key":"12_CR1"},{"doi-asserted-by":"crossref","unstructured":"Laskov, P., \u0160rndi\u0107, N.: Static detection of malicious Javascript-bearing pdf documents. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 373\u2013382 (2011)","key":"12_CR2","DOI":"10.1145\/2076732.2076785"},{"doi-asserted-by":"crossref","unstructured":"Lin, J.Y., Pao, H.K.: Multi-view malicious document detection. In: 2013 Conference on Technologies and Applications of Artificial Intelligence, pp. 170\u2013175. IEEE (2013)","key":"12_CR3","DOI":"10.1109\/TAAI.2013.43"},{"doi-asserted-by":"crossref","unstructured":"Lu, X., Wang, F., Shu, Z.: Malicious word document detection based on multi-view features learning. In: 2019 28th International Conference on Computer Communication and Networks (ICCCN), pp. 1\u20136. IEEE (2019)","key":"12_CR4","DOI":"10.1109\/ICCCN.2019.8846940"},{"key":"12_CR5","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"510","DOI":"10.1007\/978-3-642-31537-4_40","volume-title":"Machine Learning and Data Mining in Pattern Recognition","author":"D Maiorca","year":"2012","unstructured":"Maiorca, D., Giacinto, G., Corona, I.: A pattern recognition system for malicious pdf files detection. In: Perner, P. (ed.) MLDM 2012. LNCS (LNAI), vol. 7376, pp. 510\u2013524. Springer, Heidelberg (2012). https:\/\/doi.org\/10.1007\/978-3-642-31537-4_40"},{"unstructured":"\u0160rndic, N., Laskov, P.: Detection of malicious pdf files based on hierarchical document structure. In: Proceedings of the 20th Annual Network & Distributed System Security Symposium, pp. 1\u201316. Citeseer (2013)","key":"12_CR6"},{"issue":"3","key":"12_CR7","doi-asserted-by":"publisher","first-page":"631","DOI":"10.1109\/TIFS.2016.2631905","volume":"12","author":"N Nissim","year":"2016","unstructured":"Nissim, N., Cohen, A., Elovici, Y.: Aldocx: detection of unknown malicious microsoft office documents using designated active learning methods based on new structural feature extraction methodology. IEEE Trans. Inf. Forensics Secur. 12(3), 631\u2013646 (2016)","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"12_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1007\/978-3-540-70542-0_5","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"MZ Shafiq","year":"2008","unstructured":"Shafiq, M.Z., Khayam, S.A., Farooq, M.: Embedded malware detection using Markov n-Grams. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 88\u2013107. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-70542-0_5"},{"doi-asserted-by":"crossref","unstructured":"Gao, Y.X., Qi, D.Y.: Analyze and detect malicious code for compound document binary storage format. In: 2011 International Conference on Machine Learning and Cybernetics, vol. 2, pp. 593\u2013596. IEEE (2011)","key":"12_CR9","DOI":"10.1109\/ICMLC.2011.6016767"},{"doi-asserted-by":"crossref","unstructured":"Gu, B., Fang, Y., Jia, P., Liu, L., Zhang, L., Wang, M.: A new static detection method of malicious document based on wavelet package analysis. In: 2015 International Conference on Intelligent Information Hiding and Multimedia Signal Processing (IIH-MSP), pp. 333\u2013336. IEEE (2015)","key":"12_CR10","DOI":"10.1109\/IIH-MSP.2015.72"},{"key":"12_CR11","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2019.105598","volume":"82","author":"L Liu","year":"2019","unstructured":"Liu, L., He, X., Liu, L., Qing, L., Fang, Y., Liu, J.: Capturing the symptoms of malicious code in electronic documents by file\u2019s entropy signal combined with machine learning. Appl. Soft Comput. 82, 105598 (2019)","journal-title":"Appl. Soft Comput."},{"doi-asserted-by":"crossref","unstructured":"Smutz, C., Stavrou, A.: Malicious pdf detection using metadata and structural features. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 239\u2013248 (2012)","key":"12_CR12","DOI":"10.1145\/2420950.2420987"},{"doi-asserted-by":"crossref","unstructured":"Liu, D., Wang, H., Stavrou, A.: Detecting malicious Javascript in pdf through document instrumentation. In: 2014 44th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks, pp. 100\u2013111. IEEE (2014)","key":"12_CR13","DOI":"10.1109\/DSN.2014.92"},{"unstructured":"Xu, M., Kim, T.: Platpal: detecting malicious documents with platform diversity. In: 26th $$\\{$$USENIX$$\\}$$ Security Symposium, pp. 271\u2013287 (2017)","key":"12_CR14"},{"key":"12_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"341","DOI":"10.1007\/978-3-030-30215-3_17","volume-title":"Information Security","author":"C Yagemann","year":"2019","unstructured":"Yagemann, C., Sultana, S., Chen, L., Lee, W.: Barnum: detecting document malware via control flow anomalies in hardware traces. In: Lin, Z., Papamanthou, C., Polychronakis, M. (eds.) ISC 2019. LNCS, vol. 11723, pp. 341\u2013359. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-30215-3_17"},{"doi-asserted-by":"crossref","unstructured":"Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Comprehensive shellcode detection using runtime heuristics. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp. 287\u2013296 (2010)","key":"12_CR16","DOI":"10.1145\/1920261.1920305"},{"unstructured":"Snow, K.Z., Krishnan, S., Monrose, F., Provos, N.: Shellos: enabling fast detection and forensic analysis of code injection attacks. In: USENIX Security Symposium, pp. 183\u2013200 (2011)","key":"12_CR17"},{"doi-asserted-by":"crossref","unstructured":"Tzermias, Z., Sykiotakis, G., Polychronakis, M., Markatos, E.P.: Combining static and dynamic analysis for the detection of malicious documents. In: Proceedings of the Fourth European Workshop on System Security, pp. 1\u20136 (2011)","key":"12_CR18","DOI":"10.1145\/1972551.1972555"},{"key":"12_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"204","DOI":"10.1007\/978-3-642-37300-8_12","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"T Schreck","year":"2013","unstructured":"Schreck, T., Berger, S., G\u00f6bel, J.: BISSAM: automatic vulnerability identification of office documents. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 204\u2013213. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-37300-8_12"},{"doi-asserted-by":"crossref","unstructured":"Lu, X., Zhuge, J., Wang, R., Cao, Y., Chen, Y.: De-obfuscation and detection of malicious pdf files with high accuracy. In: 2013 46th Hawaii International Conference on System Sciences, pp. 4890\u20134899. IEEE (2013)","key":"12_CR20","DOI":"10.1109\/HICSS.2013.166"},{"issue":"2","key":"12_CR21","doi-asserted-by":"publisher","first-page":"101","DOI":"10.7763\/IJET.2016.V8.866","volume":"8","author":"K Iwamoto","year":"2016","unstructured":"Iwamoto, K., Wasaki, K.: A method for shellcode extractionfrom malicious document files using entropy and emulation. Int. J. Eng. Technol. 8(2), 101 (2016)","journal-title":"Int. J. Eng. Technol."},{"doi-asserted-by":"crossref","unstructured":"Xu, W., Qi, Y., Evans, D.: Automatically evading classifiers: a case study on pdf malware classifiers. In: NDSS (2016)","key":"12_CR22","DOI":"10.14722\/ndss.2016.23115"},{"issue":"1","key":"12_CR23","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1186\/s13635-016-0045-0","volume":"2016","author":"N \u0160rndi\u0107","year":"2016","unstructured":"\u0160rndi\u0107, N., Laskov, P.: Hidost: a static machine-learning-based detector of malicious files. EURASIP J. Inf. Secur. 2016(1), 22 (2016)","journal-title":"EURASIP J. Inf. Secur."},{"unstructured":"Cuckoo: Cuckoo sandbox book (2020). https:\/\/cuckoo.sh\/docs\/index.html","key":"12_CR24"},{"doi-asserted-by":"crossref","unstructured":"Zhang, Z., Qi, P., Wang, W.: Dynamic malware analysis with feature engineering and feature learning. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol. 34, pp. 1210\u20131217 (2020)","key":"12_CR25","DOI":"10.1609\/aaai.v34i01.5474"},{"issue":"2","key":"12_CR26","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MSP.2007.45","volume":"5","author":"C Willems","year":"2007","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using cwsandbox. IEEE Secur. Priv. 5(2), 32\u201339 (2007)","journal-title":"IEEE Secur. Priv."},{"issue":"3","key":"12_CR27","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3379505","volume":"1","author":"D Scofield","year":"2020","unstructured":"Scofield, D., Miles, C., Kuhn, S.: Automated model learning for accurate detection of malicious digital documents. Digital Threats: Res. Pract. 1(3), 1\u201321 (2020)","journal-title":"Digital Threats: Res. Pract."},{"unstructured":"Zhang, Y., Wallace, B.: A sensitivity analysis of (and practitioners\u2019 guide to) convolutional neural networks for sentence classification. arXiv preprint arXiv:1510.03820 (2015)","key":"12_CR28"},{"unstructured":"Virusshare (2019). https:\/\/virusshare.com\/","key":"12_CR29"}],"container-title":["Lecture Notes in Computer Science","Wireless Algorithms, Systems, and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-86130-8_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,8]],"date-time":"2021-09-08T08:30:41Z","timestamp":1631089841000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-86130-8_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030861292","9783030861308"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-86130-8_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"9 September 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"WASA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Wireless Algorithms, Systems, and Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nanjing","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"25 June 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27 June 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"wasa2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/wasa-conference.org\/WASA2021\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Open","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"315","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"103","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"57","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"6","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}