{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T06:51:57Z","timestamp":1743058317070,"version":"3.40.3"},"publisher-location":"Cham","reference-count":53,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031453151"},{"type":"electronic","value":"9783031453168"}],"license":[{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T00:00:00Z","timestamp":1672531200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023]]},"DOI":"10.1007\/978-3-031-45316-8_19","type":"book-chapter","created":{"date-parts":[[2023,11,6]],"date-time":"2023-11-06T00:03:14Z","timestamp":1699228994000},"page":"289-311","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Multi-labeling of\u00a0Malware Samples Using Behavior Reports and\u00a0Fuzzy Hashing"],"prefix":"10.1007","author":[{"given":"Rolando","family":"S\u00e1nchez-Fraga","sequence":"first","affiliation":[]},{"given":"Ra\u00fal","family":"Acosta-Bermejo","sequence":"additional","affiliation":[]},{"given":"Eleazar","family":"Aguirre-Anaya","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,11,6]]},"reference":[{"key":"19_CR1","unstructured":"Barwinski, M.A.: Taxonomy of spyware and empirical study of network drive-by-downloads. Technical report, Naval Postgraduate School Monterey CA (2005)"},{"key":"19_CR2","first-page":"7","volume":"6","author":"P Bravo","year":"2011","unstructured":"Bravo, P., Garc\u00eda, D.F.: Rootkits survey. Architecture 6, 7 (2011)","journal-title":"Architecture"},{"key":"19_CR3","unstructured":"Carpenter, M., Luo, C.: Behavioural reports of multi-stage malware. arXiv preprint arXiv:2301.12800 (2023)"},{"issue":"5","key":"19_CR4","doi-asserted-by":"publisher","first-page":"637","DOI":"10.1109\/TCOM.1974.1092259","volume":"22","author":"V Cerf","year":"1974","unstructured":"Cerf, V., Kahn, R.: A protocol for packet network intercommunication. IEEE Trans. Commun. 22(5), 637\u2013648 (1974)","journal-title":"IEEE Trans. Commun."},{"key":"19_CR5","unstructured":"Corporation, C.P.T.M.: CVE-2021-44832. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2021-44832"},{"key":"19_CR6","unstructured":"Corporation, C.P.T.M.: CVE-2022-0101. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-0101"},{"key":"19_CR7","unstructured":"Corporation, C.P.T.M.: CVE-2022-21841. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-21841"},{"key":"19_CR8","unstructured":"for Cybersecurity (ENISA), E.U.A.: Glossary (2021). https:\/\/www.enisa.europa.eu\/topics\/csirts-in-europe\/glossary"},{"key":"19_CR9","unstructured":"Cynet: Cynet autoxdr\u2122 $$|$$ cybersecurity made easy. https:\/\/www.cynet.com\/"},{"key":"19_CR10","unstructured":"Dukes, C.: Committee on national security systems (CNSs) glossary. CNSSI, Fort 1322 Meade, MD, USA, Technical report, vol. 1323, pp. 1324\u20131325 (2015)"},{"key":"19_CR11","unstructured":"Eylenburg, A.: Operating systems: timeline and family tree. https:\/\/eylenburg.github.io\/os_familytree.htm"},{"key":"19_CR12","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102845","volume":"121","author":"P Garc\u00eda-Teodoro","year":"2022","unstructured":"Garc\u00eda-Teodoro, P., G\u00f3mez-Hern\u00e1ndez, J.A., Abell\u00e1n-Galera, A.: Multi-labeling of complex, multi-behavioral malware samples. Comput. Secur. 121, 102845 (2022)","journal-title":"Comput. Secur."},{"key":"19_CR13","doi-asserted-by":"crossref","unstructured":"Grance, T., Hash, J., Peck, S., Smith, J., Korow-Diks, K.: Security guide for interconnecting information technology systems: recommendations of the national institute of standards and technology. Technical report, National Inst of Standards and Technology Gaithersburg MD (2002)","DOI":"10.6028\/NIST.SP.800-47"},{"key":"19_CR14","doi-asserted-by":"crossref","unstructured":"Gr\u00e9gio, A.R.A., Afonso, V.M., Filho, D.S.F., Geus, P.L.d., Jino, M.: Toward a taxonomy of malware behaviors. Comput. J. 58(10), 2758\u20132777 (2015)","DOI":"10.1093\/comjnl\/bxv047"},{"key":"19_CR15","doi-asserted-by":"publisher","unstructured":"Hachem, N., Ben Mustapha, Y., Granadillo, G.G., Debar, H.: Botnets: lifecycle and taxonomy. In: 2011 Conference on Network and Information Systems Security, pp. 1\u20138 (2011). https:\/\/doi.org\/10.1109\/SAR-SSI.2011.5931395","DOI":"10.1109\/SAR-SSI.2011.5931395"},{"key":"19_CR16","unstructured":"Hahn, K.: Naming malware: why this jumbled mess is our own fault. https:\/\/www.gdatasoftware.com\/blog\/malware-family-naming-hell"},{"key":"19_CR17","doi-asserted-by":"crossref","unstructured":"Hurier, M., et al.: Euphony: harmonious unification of cacophonous anti-virus vendor labels for android malware. In: 2017 IEEE\/ACM 14th International Conference on Mining Software Repositories (MSR), pp. 425\u2013435. IEEE (2017)","DOI":"10.1109\/MSR.2017.57"},{"key":"19_CR18","unstructured":"Instinct, D.: Deep instinct $$|$$ deep learning AI cybersecurity platform. https:\/\/www.deepinstinct.com\/"},{"key":"19_CR19","unstructured":"Intelligence, M.S.: Win32\/zbot threat description - microsoft security intelligence. https:\/\/www.microsoft.com\/en-us\/wdsi\/threats\/malware-encyclopedia-description?name=win32%2Fzbot"},{"key":"19_CR20","first-page":"3386","volume":"88","author":"Z Ismail","year":"2020","unstructured":"Ismail, Z., Jantan, A., Najwadiyusoff, M., Kiru, M.: A botnet taxonomy and detection approaches. Test Eng. Manag. 88, 3386\u20133408 (2020)","journal-title":"Test Eng. Manag."},{"key":"19_CR21","unstructured":"James, J.I.: Similarity comparison with sdhash (fuzzy hashing) - dfirscience. https:\/\/dfir.science\/2012\/09\/similarity-comparison-with-sdhash-fuzzy.html"},{"key":"19_CR22","doi-asserted-by":"crossref","unstructured":"Karresand, M.: A proposed taxonomy of software weapons (2002)","DOI":"10.1109\/SMCSIA.2003.1232411"},{"key":"19_CR23","unstructured":"Kaspersky: Heuristic and proactive detections $$|$$ Kaspersky it encyclopedia. https:\/\/encyclopedia.kaspersky.com\/knowledge\/heuristic-and-proactive-detections\/"},{"key":"19_CR24","unstructured":"Kaspersky: Trojan $$|$$ kaspersky it encyclopedia. https:\/\/encyclopedia.kaspersky.com\/glossary\/trojan\/"},{"issue":"2","key":"19_CR25","doi-asserted-by":"publisher","first-page":"898","DOI":"10.1109\/SURV.2013.091213.00134","volume":"16","author":"S Khattak","year":"2013","unstructured":"Khattak, S., Ramay, N.R., Khan, K.R., Syed, A.A., Khayam, S.A.: A taxonomy of botnet behavior, detection, and defense. IEEE Commun. Surv. Tutor. 16(2), 898\u2013924 (2013)","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"4","key":"19_CR26","doi-asserted-by":"publisher","first-page":"530","DOI":"10.1016\/j.icte.2022.02.007","volume":"8","author":"S Kim","year":"2022","unstructured":"Kim, S., Jung, W., Lee, K., Oh, H., Kim, E.T.: Sumav: fully automated malware labeling. ICT Express 8(4), 530\u2013538 (2022)","journal-title":"ICT Express"},{"key":"19_CR27","unstructured":"Kocher, P., et al.: Spectre attacks: exploiting speculative execution. CoRR abs\/1801.01203 (2018). https:\/\/arxiv.org\/abs\/1801.01203"},{"key":"19_CR28","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1016\/j.diin.2006.06.015","volume":"3","author":"J Kornblum","year":"2006","unstructured":"Kornblum, J.: Identifying almost identical files using context triggered piecewise hashing. Digit. Investig. 3, 91\u201397 (2006)","journal-title":"Digit. Investig."},{"key":"19_CR29","unstructured":"Latto, N.: Worm vs. virus: what\u2019s the difference and does it matter? (2022). https:\/\/www.avast.com\/c-worm-vs-virus"},{"key":"19_CR30","unstructured":"Lipp, M., et al.: Meltdown. CoRR abs\/1801.01207 (2018). https:\/\/arxiv.org\/abs\/1801.01207"},{"key":"19_CR31","volume":"36","author":"M Mart\u00edn-P\u00e9rez","year":"2021","unstructured":"Mart\u00edn-P\u00e9rez, M., Rodr\u00edguez, R.J., Breitinger, F.: Bringing order to approximate matching: classification and attacks on similarity digest algorithms. Forensic Sci. Int.: Digit. Invest. 36, 301120 (2021)","journal-title":"Forensic Sci. Int.: Digit. Invest."},{"key":"19_CR32","unstructured":"MATCODE: Mpress - free high-performance executable packer forpe32+\/.net\/mac-os-x. https:\/\/www.matcode.com\/mpress.htm"},{"key":"19_CR33","unstructured":"Micro, T.: Taxonomy of botnet threats. Whitepaper (2006)"},{"key":"19_CR34","unstructured":"Microsoft: Malware names. https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/intelligence\/malware-naming"},{"key":"19_CR35","doi-asserted-by":"crossref","unstructured":"Nieles, M., Dempsey, K., Pillitteri, V.Y., et al.: An introduction to information security. NIST Special Publication 800(12), 101 (2017)","DOI":"10.6028\/NIST.SP.800-12r1"},{"key":"19_CR36","doi-asserted-by":"crossref","unstructured":"Oliver, J., Cheng, C., Chen, Y.: TLSH\u2013a locality sensitive hash. In: 2013 Fourth Cybercrime and Trustworthy Computing Workshop, pp. 7\u201313. IEEE (2013)","DOI":"10.1109\/CTC.2013.9"},{"key":"19_CR37","unstructured":"Organization, C.A.R.: Naming scheme - Caro - computer antivirus research organization. https:\/\/web.archive.org\/web\/20150923200549\/. https:\/\/www.caro.org\/naming\/scheme.html"},{"key":"19_CR38","doi-asserted-by":"crossref","unstructured":"Paik, J.Y., Jin, R.: Malware family prediction with an awareness of label uncertainty. Comput. J. (2022)","DOI":"10.1093\/comjnl\/bxac181"},{"key":"19_CR39","first-page":"21","volume":"10","author":"A Pratama","year":"2012","unstructured":"Pratama, A., Rafrastara, F.A.: Computer worm classification. Int. J. Comput. Sci. Inf. Secur. 10, 21\u201324 (2012)","journal-title":"Int. J. Comput. Sci. Inf. Secur."},{"key":"19_CR40","doi-asserted-by":"crossref","unstructured":"Qiao, Q., Feng, R., Chen, S., Zhang, F., Li, X.: Multi-label classification for Android malware based on active learning. IEEE Trans. Dependable Secure Comput. (2022)","DOI":"10.1109\/TDSC.2022.3213689"},{"key":"19_CR41","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-642-15506-2_15","volume-title":"Advances in Digital Forensics VI","author":"V Roussev","year":"2010","unstructured":"Roussev, V.: Data fingerprinting with similarity digests. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 207\u2013226. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-15506-2_15"},{"key":"19_CR42","unstructured":"Rutkowska, J.: Introducing stealth malware taxonomy. COSEINC Advanced Malware Labs, pp. 1\u20139 (2006)"},{"key":"19_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1007\/978-3-319-45719-2_11","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"M Sebasti\u00e1n","year":"2016","unstructured":"Sebasti\u00e1n, M., Rivera, R., Kotzias, P., Caballero, J.: AVclass: a tool for massive malware labeling. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 230\u2013253. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-45719-2_11"},{"key":"19_CR44","doi-asserted-by":"crossref","unstructured":"Sebasti\u00e1n, S., Caballero, J.: AVClass2: massive malware tag extraction from AV labels. In: Annual Computer Security Applications Conference, pp. 42\u201353 (2020)","DOI":"10.1145\/3427228.3427261"},{"key":"19_CR45","unstructured":"Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., Wu, Q.: AVOIDIT: a cyber attack taxonomy. In: 9th Annual Symposium on Information Assurance (ASIA 2014), pp. 2\u201312 (2014)"},{"key":"19_CR46","unstructured":"Simsolo, Y.: Owasp 10 most common backdoors. https:\/\/owasp.org\/www-pdf-archive\/OWASP_10_Most_Common_Backdoors.pdf"},{"key":"19_CR47","volume-title":"Computer Security: Principles and Practice","author":"W Stallings","year":"2012","unstructured":"Stallings, W., Brown, L., Bauer, M.D., Howard, M.: Computer Security: Principles and Practice, vol. 2. Pearson, Upper Saddle River (2012)"},{"key":"19_CR48","unstructured":"Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley Professional (2005)"},{"key":"19_CR49","unstructured":"Tripathy, S., Kapat, S., Das, S., Panda, B.: A spyware detection system with a comparative study of spywares using classification rule mining. Int. J. Sci. Eng. Res. 7 (2016)"},{"key":"19_CR50","unstructured":"Vassil Roussev, C.Q.: Quick start - the sdhash tutorial. https:\/\/roussev.net\/sdhash\/tutorial\/03-quick.html#result-interpretation"},{"key":"19_CR51","unstructured":"VirusTotal: File behaviour. https:\/\/developers.virustotal.com\/reference\/file-behaviour-summary"},{"key":"19_CR52","unstructured":"VirusTotal: Virustotal - file - 2400e927b316aa75771c1597dad5. https:\/\/www.virustotal.com\/gui\/file\/29ae18b552052271c671ba22b6fa6c9a"},{"key":"19_CR53","unstructured":"VirusTotal: Virustotal repository. https:\/\/www.virustotal.com\/gui\/home\/upload"}],"container-title":["Communications in Computer and Information Science","Telematics and Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-45316-8_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,11,6]],"date-time":"2023-11-06T00:07:32Z","timestamp":1699229252000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-45316-8_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023]]},"ISBN":["9783031453151","9783031453168"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-45316-8_19","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2023]]},"assertion":[{"value":"6 November 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"WITCOM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Congress of Telematics and Computing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Puerto Vallarta","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Mexico","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 November 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"witcom2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.witcom.upiita.ipn.mx\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"88","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"40% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}