{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T11:53:29Z","timestamp":1767959609485,"version":"3.49.0"},"publisher-location":"Cham","reference-count":31,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031429903","type":"print"},{"value":"9783031429910","type":"electronic"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-42991-0_11","type":"book-chapter","created":{"date-parts":[[2023,10,18]],"date-time":"2023-10-18T12:02:32Z","timestamp":1697630552000},"page":"203-218","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Dynamic Malicious Document Detection Method Based on Multi-Memory Features"],"prefix":"10.1007","author":[{"given":"Yuanyuan","family":"Wang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gengwang","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Min","family":"Yu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kam-Pui","family":"Chow","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jianguo","family":"Jiang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xiang","family":"Meng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Weiqing","family":"Huang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2023,10,19]]},"reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"A. Bozkir, E. Tahillioglu, M. Aydos and I. Kara, Catch them alive: A malware detection approach through memory forensics, manifold learning and computer vision, Computers and Security, vol. 103, article no. 102166, 2021.","DOI":"10.1016\/j.cose.2020.102166"},{"key":"11_CR2","doi-asserted-by":"crossref","unstructured":"A. Cohen, N. Nissim, L. Rokach and Y. Elovici, SFEM: Structural feature extraction methodology for the detection of malicious Office documents using machine learning methods, Expert Systems with Applications, vol. 63, pp. 324\u2013343, 2016.","DOI":"10.1016\/j.eswa.2016.07.010"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"I. Corona, D. Maiorca, D. Ariu and G. Giacinto, Lux0R: Detection of malicious PDF-embedded JavaScript code through discriminant analysis of API references, Proceedings of the Workshop on Artificial Intelligence and Security, pp. 47\u201357, 2014.","DOI":"10.1145\/2666652.2666657"},{"key":"11_CR4","doi-asserted-by":"crossref","unstructured":"M. Cova, C. Kruegel and G. Vigna, Detection and analysis of drive-by-download attacks and malicious JavaScript code, Proceedings of the Nineteenth International Conference on the World Wide Web, pp. 281\u2013290, 2010.","DOI":"10.1145\/1772690.1772720"},{"key":"11_CR5","unstructured":"C. Curtsinger, B. Livshits, B. Zorn and C. Seifert, ZOZZLE: Fast and precise in-browser JavaScript malware detection, Proceedings of the Twentieth USENIX Security Symposium, 2011."},{"key":"11_CR6","doi-asserted-by":"crossref","unstructured":"Y. Dai, H. Li, Y. Qian, R. Yang and M. Zheng, SMASH: A malware detection method based on multi-feature ensemble learning, IEEE Access, vol.\u00a07, pp. 112588\u2013112597, 2019.","DOI":"10.1109\/ACCESS.2019.2934012"},{"key":"11_CR7","unstructured":"C. Guarnieri, M. Schloesser, J. Bremer and A. Tanasi, Cuckoo Sandbox open-source automated malware analysis, presented at Black Hat USA, 2013."},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"D. Javaheri and M. Hosseinzadeh, A framework for recognition and confronting of obfuscated malware based on memory dumping and filter drivers, Wireless Personal Communications, vol. 98(1), pp. 119\u2013137, 2018.","DOI":"10.1007\/s11277-017-4859-y"},{"key":"11_CR9","unstructured":"Kaspersky North America, Eight times more users attacked via an old Microsoft Office vulnerability in Q2, Press Release, Woburn, Massachusetts (www.kaspersky.com\/about\/press-releases\/2022_eight-times-more-users-attacked-via-an-old-microsoft-office-vulnerability-in-q2), August 15, 2022."},{"key":"11_CR10","doi-asserted-by":"crossref","unstructured":"P. Laskov and N. Srndic, Static detection of malicious JavaScript-bearing PDF documents, Proceedings of the Twenty-Seventh Annual Computer Security Applications Conference, pp. 373\u2013382, 2011.","DOI":"10.1145\/2076732.2076785"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"J. Lin and H. Pao, Multi-view malicious document detection, Proceedings of the Conference on Technologies and Applications of Artificial Intelligence, pp. 170\u2013175, 2013.","DOI":"10.1109\/TAAI.2013.43"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"L. Liu, X. He, L. Liu, L. Qing, Y. Fang and J. Liu, Capturing the symptoms of malicious code in electronic documents by file entropy signals combined with machine learning, Applied Soft Computing, vol. 82, article no. 105598, 2019.","DOI":"10.1016\/j.asoc.2019.105598"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"X. Lu, J. Zhuge, R. Wang, Y. Cao and Y. Chen, De-obfuscation and detection of malicious PDF files with high accuracy, Proceedings of the Forty-Sixth Hawaii International Conference on System Sciences, pp. 4890\u20134899, 2013.","DOI":"10.1109\/HICSS.2013.166"},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"D. Maiorca, G. Giacinto and I. Corona, A pattern recognition system for malicious PDF file detection, Proceedings of the Eighth International Workshop on Machine Learning and Data Mining in Pattern Recognition, pp. 510\u2013524, 2012.","DOI":"10.1007\/978-3-642-31537-4_40"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"M. Mimura and T. Ohminami, Using LSI to detect unknown malicious VBA macros, Journal of Information Processing, vol. 28, pp. 493\u2013501, 2020.","DOI":"10.2197\/ipsjjip.28.493"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"T. Mohammed, L. Nataraj, S. Chikkagoudar, S. Chandrasekaran and B. Manjunath, HAPSSA: Holistic approach to PDF malware detection using signal and statistical analysis, Proceedings of the IEEE Military Communications Conference, pp. 709\u2013714, 2021.","DOI":"10.1109\/MILCOM52596.2021.9653097"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"N. Nissim, O. Lahav, A. Cohen, Y. Elovici and L. Rokach, Volatile memory analysis using the minhash method for efficient and secure detection of malware in private clouds, Computers and Security, vol. 87, article no. 101590, 2019.","DOI":"10.1016\/j.cose.2019.101590"},{"key":"11_CR18","doi-asserted-by":"crossref","unstructured":"T. Panker and N. Nissim, Leveraging malicious behavior traces from volatile memory using machine learning methods for trusted unknown malware detection in Linux cloud environments, Knowledge-Based Systems, vol. 226, article no. 107095, 2021.","DOI":"10.1016\/j.knosys.2021.107095"},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"H. Pareek, P. Eswari and N. Babu, Entropy and n-gram analysis of malicious PDF documents, International Journal of Engineering and Technology, vol. 2(2), 2013.","DOI":"10.5121\/ijsptm.2013.2504"},{"key":"11_CR20","doi-asserted-by":"crossref","unstructured":"C. Rathnayaka and A. Jamdagni, An efficient approach for advanced malware analysis using a memory forensic technique, Proceedings of the Sixteenth IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Eleventh IEEE International Conference on Big Data Science and Engineering and Fourteenth IEEE International Conference on Embedded Software and Systems, pp. 1145\u20131150, 2017.","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.365"},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"K. Rieck, T. Krueger and A. Dewald, Cujo: Efficient detection and prevention of drive-by-download attacks, Proceedings of the Twenty-Sixth Annual Computer Security Applications Conference, pp. 31\u201339, 2010.","DOI":"10.1145\/1920261.1920267"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"T. Schreck, S. Berger and J. Gobel, BISSAM: Automatic vulnerability identification of Office documents, Proceedings of the International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 204\u2013213, 2012.","DOI":"10.1007\/978-3-642-37300-8_12"},{"key":"11_CR23","doi-asserted-by":"crossref","unstructured":"M. Shafiq, S. Khayam, and M. Farooq, Embedded malware detection using Markov n-grams, Proceedings of the Fifth International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 88\u2013107, 2008.","DOI":"10.1007\/978-3-540-70542-0_5"},{"key":"11_CR24","unstructured":"N. Srndic and P. Laskov, Detection of malicious PDF files based on hierarchical document structure, Proceedings of the Twentieth Annual Network and Distributed System Security Symposium, 2013."},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"N. Srndic and P. Laskov, Practical evasion of a learning-based classifier: A case study, Proceedings of the IEEE Symposium on Security and Privacy, pp. 197\u2013211, 2014.","DOI":"10.1109\/SP.2014.20"},{"key":"11_CR26","doi-asserted-by":"crossref","unstructured":"N. Srndic and P. Laskov, Hidost: A static machine-learning-based detector of malicious files, EURASIP Journal on Information Security, vol. 2016(1), article no. 45, 2016.","DOI":"10.1186\/s13635-016-0045-0"},{"key":"11_CR27","doi-asserted-by":"crossref","unstructured":"S. Stolfo, K. Wang and W. Li, Towards stealthy malware detection, in Malware Detection, M. Christodorescu, S. Jha, D. Maughan, D. Song and C. Wang (Eds.), Springer, Boston, Massachusetts, pp. 231\u2013249, 2007.","DOI":"10.1007\/978-0-387-44599-1_11"},{"key":"11_CR28","doi-asserted-by":"crossref","unstructured":"Z. Tzermias, G. Sykiotakis, M. Polychronakis and E. Markatos, Combining static and dynamic analysis for the detection of malicious documents, Proceedings of the Fourth European Workshop on System Security, article no. 4, 2011.","DOI":"10.1145\/1972551.1972555"},{"key":"11_CR29","doi-asserted-by":"crossref","unstructured":"C. Willems, T. Holz and F. Freiling, Toward automated dynamic malware analysis using CWSandbox, IEEE Security and Privacy, vol. 5(2), pp. 32\u201339, 2007.","DOI":"10.1109\/MSP.2007.45"},{"key":"11_CR30","doi-asserted-by":"crossref","unstructured":"W. Xu, Y. Qi and D. Evans, Automatically evading classifiers: A case study on PDF malware classifiers, Proceedings of the Twenty-Third Network and Distributed Systems Symposium, vol. 10, 2016.","DOI":"10.14722\/ndss.2016.23115"},{"key":"11_CR31","doi-asserted-by":"crossref","unstructured":"Z. Zhang, P. Qi and W. Wang, Dynamic malware analysis with feature engineering and feature learning, Proceedings of the Thirty-Fourth AAAI Conference on Artificial Intelligence, Thirty-Second Innovative Applications of Artificial Intelligence Conference and Tenth AAAI Symposium on Educational Advances in Artificial Intelligence, pp. 1210\u20131217, 2020.","DOI":"10.1609\/aaai.v34i01.5474"}],"container-title":["IFIP Advances in Information and Communication Technology","Advances in Digital Forensics XIX"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-42991-0_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,1,9]],"date-time":"2026-01-09T10:35:11Z","timestamp":1767954911000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-42991-0_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031429903","9783031429910"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-42991-0_11","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"value":"1868-4238","type":"print"},{"value":"1868-422X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"19 October 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DigitalForensics","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Digital Forensics","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Arlington, VA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 January 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"31 January 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"digitalforensics2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}