{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T11:05:04Z","timestamp":1778151904093,"version":"3.51.4"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031355035","type":"print"},{"value":"9783031355042","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-35504-2_8","type":"book-chapter","created":{"date-parts":[[2023,6,9]],"date-time":"2023-06-09T08:01:47Z","timestamp":1686297707000},"page":"155-176","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["A Deep Dive into\u00a0the\u00a0VirusTotal File Feed"],"prefix":"10.1007","author":[{"given":"Kevin","family":"van Liebergen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Juan","family":"Caballero","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Platon","family":"Kotzias","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chris","family":"Gates","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,6,10]]},"reference":[{"key":"8_CR1","unstructured":"Virustotal API 2.0 reference: File feed. http:\/\/developers.virustotal.com\/v2.0\/reference\/file-feed"},{"key":"8_CR2","doi-asserted-by":"crossref","unstructured":"Allix, K., Bissyand\u00e9, T.F., Klein, J., Le Traon, Y.: AndroZoo: collecting millions of android apps for the research community. In: International Conference on Mining Software Repositories (2016)","DOI":"10.1145\/2901739.2903508"},{"key":"8_CR3","unstructured":"Alrawi, O., et al.: The circle of life: a large-scale study of the IoT malware lifecycle. In: USENIX Security Symposium (2021)"},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"Arp, D., Spreitzenbarth, M., Huebner, M., Gascon, H., Rieck, K.: Drebin: efficient and explainable detection of android malware in your pocket. In: Network and Distributed System Security (2014)","DOI":"10.14722\/ndss.2014.23247"},{"key":"8_CR5","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: International Symposium on Recent Advances in Intrusion Detection (2007)"},{"key":"8_CR6","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: Network and Distributed System Security (2009)"},{"key":"8_CR7","unstructured":"Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C.: A view on current malware behaviors. In: LEET (2009)"},{"key":"8_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101859","volume":"95","author":"M Botacin","year":"2020","unstructured":"Botacin, M., Ceschin, F., de Geus, P., Gr\u00e9gio, A.: We need to talk about antiviruses: challenges & pitfalls of av evaluations. Comput. Secur. 95, 101859 (2020)","journal-title":"Comput. Secur."},{"key":"8_CR9","unstructured":"Bouwman, X., Griffioen, H., Egbers, J., Doerr, C., Klievink, B., Van Eeten, M.: A different cup of TI? The added value of commercial threat intelligence. In: USENIX Security Symposium (2020)"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Buyukkayhan, A.S., Oprea, A., Li, Z., Robertson, W.K.: Lens on the endpoint: hunting for malicious software through endpoint data analysis. In: International Symposium on Research in Attacks, Intrusions, and Defenses (2017)","DOI":"10.1007\/978-3-319-66332-6_4"},{"key":"8_CR11","unstructured":"Canto, J., Dacier, M., Kirda, E., Leita, C.: Large scale malware collection: lessons learned. In: IEEE SRDS Workshop (2008)"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Cozzi, E., Graziano, M., Fratantonio, Y., Balzarotti, D.: Understanding Linux malware. In: IEEE Symposium on Security and Privacy (2018)","DOI":"10.1109\/SP.2018.00054"},{"key":"8_CR13","unstructured":"Graziano, M., Canali, D., Bilge, L., Lanzi, A., Balzarotti, D.: Needles in a haystack: mining information from public dynamic analysis sandboxes for malware intelligence. In: USENIX Security Symposium (2015)"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Huang, H., et al.: Android malware development on public malware scanning platforms: a large-scale data-driven study. In: International Conference on Big Data (2016)","DOI":"10.1109\/BigData.2016.7840712"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Huang, W., Stokes, J.W.: MtNet: a multi-task neural network for dynamic malware classification. In: Detection of Intrusions and Malware, and Vulnerability Assessment (2016)","DOI":"10.1007\/978-3-319-40667-1_20"},{"key":"8_CR16","doi-asserted-by":"crossref","unstructured":"Hurier, M., et al.: Euphony: harmonious unification of cacophonous anti-virus vendor labels for android malware. In: IEEE\/ACM International Conference on Mining Software Repositories (2017)","DOI":"10.1109\/MSR.2017.57"},{"key":"8_CR17","doi-asserted-by":"crossref","unstructured":"Jindal, C., Salls, C., Aghakhani, H., Long, K., Kruegel, C., Vigna, G.: Neurlux: dynamic malware analysis without feature engineering. In: Annual Computer Security Applications Conference (2019)","DOI":"10.1145\/3359789.3359835"},{"key":"8_CR18","doi-asserted-by":"crossref","unstructured":"Kaczmarczyck, F., et al.: Spotlight: malware lead generation at scale. In: Annual Computer Security Applications Conference (2020)","DOI":"10.1145\/3427228.3427273"},{"key":"8_CR19","unstructured":"Kotzias, P., Bilge, L., Caballero, J.: Measuring PUP prevalence and PUP distribution through pay-per-install services. In: USENIX Security Symposium (2016)"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Kotzias, P., Caballero, J., Bilge, L.: How did that get in my phone? Unwanted app distribution on android devices. In: IEEE Symposium on Security and Privacy (2021)","DOI":"10.1109\/SP40001.2021.00041"},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"Kotzias, P., Matic, S., Rivera, R., Caballero, J.: Certified PUP: abuse in authenticode code signing. In: ACM Conference on Computer and Communication Security (2015)","DOI":"10.1145\/2810103.2813665"},{"key":"8_CR22","doi-asserted-by":"crossref","unstructured":"Lever, C., Kotzias, P., Balzarotti, D., Caballero, J., Antonakakis, M.: A lustrum of malware network communication: evolution and insights. In: IEEE Symposium on Security and Privacy (2017)","DOI":"10.1109\/SP.2017.59"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Li, B., Roundy, K., Gates, C., Vorobeychik, Y.: Large-scale identification of malicious singleton files. In: ACM Conference on Data and Application Security and Privacy (2017)","DOI":"10.1145\/3029806.3029815"},{"key":"8_CR24","doi-asserted-by":"crossref","unstructured":"Lindorfer, M., Neugschwandtner, M., Weichselbaum, L., Fratantonio, Y., Van Der Veen, V., Platzer, C.: Andrubis-1,000,000 apps later: a view on current android malware behaviors. In: International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (2014)","DOI":"10.1109\/BADGERS.2014.7"},{"key":"8_CR25","unstructured":"Maffia, L., Nisi, D., Kotzias, P., Lagorio, G., Aonzo, S., Balzarotti, D.: Longitudinal study of the prevalence of malware evasive techniques. arXiv preprint arXiv:2112.11289 (2021)"},{"key":"8_CR26","doi-asserted-by":"crossref","unstructured":"Mantovani, A., Aonzo, S., Ugarte-Pedrero, X., Merlo, A., Balzarotti, D.: Prevalence and impact of low-entropy packing schemes in the malware ecosystem. In: Network and Distributed Systems Security Symposium (2020)","DOI":"10.14722\/ndss.2020.24297"},{"key":"8_CR27","doi-asserted-by":"crossref","unstructured":"Masri, R., Aldwairi, M.: Automated malicious advertisement detection using VirusTotal, UrlVoid, and TrendMicro. In: International Conference on Information and Communication Systems (2017)","DOI":"10.1109\/IACS.2017.7921994"},{"key":"8_CR28","unstructured":"Pendlebury, F., Pierazzi, F., Jordaney, R., Kinder, J., Cavallaro, L.: Tesseract: eliminating experimental bias in malware classification across space and time. In: USENIX Security Symposium (2019)"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Peng, P., Yang, L., Song, L., Wang, G.: Opening the blackbox of VirusTotal: analyzing online phishing scan engines. In: Internet Measurement Conference (2019)","DOI":"10.1145\/3355369.3355585"},{"key":"8_CR30","unstructured":"Perdisci, R., Lee, W., Feamster, N.: Behavioral clustering of HTTP-based malware and signature generation using malicious network traces. In: USENIX Symposium on Networked Systems Design and Implementation (2010)"},{"key":"8_CR31","unstructured":"Pontello, M.: TrID - File Identifier (2021). http:\/\/mark0.net\/soft-trid-e.html"},{"key":"8_CR32","unstructured":"Raff, E., Barker, J., Sylvester, J., Brandon, R., Catanzaro, B., Nicholas, C.K.: Malware detection by eating a whole EXE. In: Workshops at the AAAI Conference on Artificial Intelligence (2018)"},{"key":"8_CR33","unstructured":"Rieck, K., Holz, T., Willems, C., D\u00fcssel, P., Laskov, P.: Learning and classification of malware behavior. In: Detection of Intrusions and Malware, and Vulnerability Assessment (2008)"},{"issue":"4","key":"8_CR34","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3465361","volume":"24","author":"A Salem","year":"2021","unstructured":"Salem, A., Banescu, S., Pretschner, A.: Maat: automatically analyzing VirusTotal for accurate labeling and effective malware detection. ACM Trans. Privacy Secur. 24(4), 1\u201335 (2021)","journal-title":"ACM Trans. Privacy Secur."},{"key":"8_CR35","doi-asserted-by":"crossref","unstructured":"Sebastian, M., Rivera, R., Kotzias, P., Caballero, J.: AVClass: a tool for massive malware labeling. In: Research in Attacks, Intrusions, and Defenses (2016)","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"8_CR36","doi-asserted-by":"crossref","unstructured":"Sebasti\u00e1n, S., Caballero, J.: AVClass2: massive malware tag extraction from AV labels. In: Annual Computer Security Applications Conference (2020)","DOI":"10.1145\/3427228.3427261"},{"key":"8_CR37","doi-asserted-by":"crossref","unstructured":"Smutz, C., Stavrou, A.: Malicious PDF detection using metadata and structural features. In: Annual Computer Security Applications Conference (2012)","DOI":"10.1145\/2420950.2420987"},{"key":"8_CR38","unstructured":"Suarez-Tangil, G., Stringhini, G.: Eight years of rider measurement in the android malware ecosystem. IEEE Trans. Depend. Secure Comput. (2020)"},{"key":"8_CR39","doi-asserted-by":"crossref","unstructured":"Thirumuruganathan, S., Nabeel, M., Choo, E., Khalil, I., Yu, T.: SIRAJ: a unified framework for aggregation of malicious entity detectors. In: IEEE Symposium on Security and Privacy (2022)","DOI":"10.1109\/SP46214.2022.9833725"},{"issue":"1","key":"8_CR40","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3291061","volume":"22","author":"X Ugarte-Pedrero","year":"2019","unstructured":"Ugarte-Pedrero, X., Graziano, M., Balzarotti, D.: A close look at a daily dataset of malware samples. ACM Trans. Privacy Secur. 22(1), 1\u201330 (2019)","journal-title":"ACM Trans. Privacy Secur."},{"key":"8_CR41","unstructured":"Li, V.G., Dunn, M., Pearce, P., McCoy, D., Voelker, G.M., Savage, S.: Reading the Tea leaves: a comparative analysis of threat intelligence. In: USENIX Security Symposium (2019)"},{"key":"8_CR42","unstructured":"VirusTotal. http:\/\/www.virustotal.com\/"},{"key":"8_CR43","unstructured":"Yuan, L.-P., Wenjun, H., Ting, Yu., Liu, P., Zhu, S.: Towards large-scale hunting for android negative-day malware. In: International Symposium on Research in Attacks, Intrusions and Defenses (2019)"},{"key":"8_CR44","unstructured":"Zhu, S., et al.: Measuring and modeling the label dynamics of online anti-malware engines. In: USENIX Security Symposium (2020)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-35504-2_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,4]],"date-time":"2023-07-04T23:03:45Z","timestamp":1688511825000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-35504-2_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031355035","9783031355042"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-35504-2_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"10 June 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Hamburg","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Germany","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 July 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 July 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva2023.de\/org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"hotcrp.com","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"43","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"12","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}