{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,3]],"date-time":"2025-09-03T09:58:34Z","timestamp":1756893514809,"version":"3.40.3"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031565823"},{"type":"electronic","value":"9783031565830"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-56583-0_18","type":"book-chapter","created":{"date-parts":[[2024,4,2]],"date-time":"2024-04-02T05:02:23Z","timestamp":1712034143000},"page":"264-282","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Measurement Study on\u00a0Interprocess Code Propagation of\u00a0Malicious Software"],"prefix":"10.1007","author":[{"given":"Thorsten","family":"Jenke","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Simon","family":"Liessem","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elmar","family":"Padilla","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lilli","family":"Bruckschen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,4,3]]},"reference":[{"key":"18_CR1","unstructured":"Alvarez, V.M.: YARA: the pattern matching swiss knife for malware researchers (and everyone else). http:\/\/virustotal.github.io\/yara\/. Accessed 16 Aug 2023"},{"key":"18_CR2","unstructured":"ATT &CK, M.: Mitre att &ck (2021). https:\/\/attack.mitre.org"},{"key":"18_CR3","unstructured":"AVTest: security report 2019\/2020. https:\/\/www.av-test.org\/fileadmin\/pdf\/security_report\/AV-TEST_Security_Report_2019-2020.pdf. Accessed 16 Aug 2023"},{"key":"18_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-642-37300-8_9","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Bacs","year":"2012","unstructured":"Bacs, A., Vermeulen, R., Slowinska, A., Bos, H.: System-level support for intrusion recovery. In: Flegel, U., Markatos, E., Robertson, W. (eds.) Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science, vol. 7591, pp. 144\u2013163. Springer, Berlin (2012). https:\/\/doi.org\/10.1007\/978-3-642-37300-8_9"},{"key":"18_CR5","doi-asserted-by":"crossref","unstructured":"Barabosch, T., Bergmann, N., Dombeck, A., Padilla, E.: Quincy: Detecting host-based code injection attacks in memory dumps. In: Proceedings of the 14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), Bonn, Germany (2017)","DOI":"10.1007\/978-3-319-60876-1_10"},{"key":"18_CR6","doi-asserted-by":"crossref","unstructured":"Barabosch, T., Eschweiler, S., Gerhards-Padilla, E.: Bee master: detecting host-based code injection attacks. In: Proceedings of the 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), London, UK (2014)","DOI":"10.1007\/978-3-319-08509-8_13"},{"key":"18_CR7","doi-asserted-by":"crossref","unstructured":"Barabosch, T., Gerhards-Padilla, E.: Host-based code injection attacks: a popular technique used by malware. In: 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE), pp. 8\u201317. IEEE (2014)","DOI":"10.1109\/MALWARE.2014.6999410"},{"key":"18_CR8","unstructured":"Bohne, L., Holz, T.: Pandora\u2019s Bochs: automated malware unpacking. Master\u2019s thesis, RWTH Aachen University (2008)"},{"key":"18_CR9","unstructured":"ByteAtlas: Knowledge fragment: Hardening win7 x64 on virtualbox for malware analysis. http:\/\/byte-atlas.blogspot.com\/2017\/02\/hardening-vbox-win7x64.html. Accessed 16 Aug 2023"},{"key":"18_CR10","first-page":"1","volume":"01","author":"DC D\u2019Elia","year":"2021","unstructured":"D\u2019Elia, D.C., Nicchi, S., Mariani, M., Marini, M., Palmaro, F.: Designing robust API monitoring solutions. IEEE Trans. Dependable Secure Comput. 01, 1\u20131 (2021)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"18_CR11","doi-asserted-by":"crossref","unstructured":"Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference On Computer and Communications Security, pp. 51\u201362. ACM (2008)","DOI":"10.1145\/1455770.1455779"},{"key":"18_CR12","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Hodosh, J., Hulin, P., Leek, T., Whelan, R.: Repeatable reverse engineering with panda. In: Proceedings of the 5th Program Protection and Reverse Engineering Workshop, pp. 1\u201311 (2015)","DOI":"10.1145\/2843859.2843867"},{"key":"18_CR13","doi-asserted-by":"crossref","unstructured":"Isawa, R., Morii, M., Inoue, D.: Comparing malware samples for unpacking: a feasibility study. In: 2016 11th Asia Joint Conference on Information Security (AsiaJCIS), pp. 155\u2013160. IEEE (2016)","DOI":"10.1109\/AsiaJCIS.2016.28"},{"key":"18_CR14","unstructured":"Ispoglou, K.K., Payer, M.: malWASH: washing malware to evade dynamic analysis. In: 10th USENIX Workshop on Offensive Technologies (WOOT 16). USENIX Association, Austin, TX (2016). https:\/\/www.usenix.org\/conference\/woot16\/workshop-program\/presentation\/ispoglou"},{"key":"18_CR15","unstructured":"Jenke, T., Plohmann, D., Padilla, E.: RoAMer: the robust automated malware unpacker. In: 14th International Conference on Malicious and Unwanted Software (MALWARE), Nantucket, MA, USA, 2019, pp. 67\u201374 (2019)"},{"key":"18_CR16","doi-asserted-by":"crossref","unstructured":"Jeong, G., Choo, E., Lee, J., Bat-Erdene, M., Lee, H.: Generic unpacking using entropy analysis. In: 2010 5th International Conference on Malicious and Unwanted Software, pp. 98\u2013105. IEEE (2010)","DOI":"10.1109\/MALWARE.2010.5665789"},{"key":"18_CR17","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Poosankam, P., Yin, H.: Renovo: a hidden code extractor for packed executables. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode, pp. 46\u201353. ACM (2007)","DOI":"10.1145\/1314389.1314399"},{"key":"18_CR18","first-page":"297","volume":"27","author":"Y Kawakoya","year":"2019","unstructured":"Kawakoya, Y., Shioji, E., Iwamura, M., Miyoshi, J.: API chaser: taint-assisted sandbox for evasive malware analysis. J. Inf. Proc. 27, 297\u2013314 (2019)","journal-title":"J. Inf. Proc."},{"key":"18_CR19","doi-asserted-by":"crossref","unstructured":"Korczynski, D.: RePEconstruct: reconstructing binaries with self-modifying code and import address table destruction. In: 2016 11th International Conference on Malicious and Unwanted Software (MALWARE), pp. 1\u20138. IEEE (2016)","DOI":"10.1109\/MALWARE.2016.7888727"},{"key":"18_CR20","unstructured":"Korczynski, D.: Precise system-wide concatic malware unpacking. arXiv preprint: arXiv:1908.09204 (2019)"},{"key":"18_CR21","doi-asserted-by":"crossref","unstructured":"Korczynski, D., Yin, H.: Capturing malware propagations with code injections and code-reuse attacks. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1691\u20131708 (2017)","DOI":"10.1145\/3133956.3134099"},{"key":"18_CR22","doi-asserted-by":"crossref","unstructured":"K\u00fcchler, A., Mantovani, A., Han, Y., Bilge, L., Balzarotti, D.: Does every second count? time-based evolution of malware behavior in sandboxes. In: Proceedings of the Network and Distributed System Security Symposium, NDSS. The Internet Society (2021)","DOI":"10.14722\/ndss.2021.24475"},{"key":"18_CR23","doi-asserted-by":"crossref","unstructured":"Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system. In: Proceedings of the 30th Annual Computer Security Applications Conference, pp. 386\u2013395 (2014)","DOI":"10.1145\/2664243.2664252"},{"issue":"1\u20133","key":"18_CR24","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1016\/S0012-365X(01)00169-8","volume":"242","author":"M Lepovi\u0107","year":"2002","unstructured":"Lepovi\u0107, M., Gutman, I.: No starlike trees are cospectral. Discret. Math. 242(1\u20133), 291\u2013295 (2002)","journal-title":"Discret. Math."},{"key":"18_CR25","unstructured":"Magazine, S.: Ransomware attacks nearly doubled in 2021 (2022)"},{"key":"18_CR26","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: OmniUnpack: fast, generic, and safe unpacking of malware. In: Computer Security Applications Conference, 2007. ACSAC 2007. Twenty-Third Annual, pp. 431\u2013441. IEEE (2007)","DOI":"10.1109\/ACSAC.2007.15"},{"key":"18_CR27","unstructured":"Microsoft: Microsoft detours. https:\/\/github.com\/microsoft\/Detours. Accessed 16 Aug 2023"},{"key":"18_CR28","unstructured":"Microsoft: Samples: Syelog. https:\/\/documentation.help\/Detours\/Sam_Syelog.htm. Accessed 16 Aug 2023"},{"key":"18_CR29","unstructured":"Microsoft: Samples: Traceapi. https:\/\/documentation.help\/Detours\/Sam_Traceapi.htm. Accessed 16 Aug 2023"},{"issue":"3","key":"18_CR30","doi-asserted-by":"publisher","first-page":"68","DOI":"10.5539\/mas.v14n3p68","volume":"14","author":"AH Mohammad","year":"2020","unstructured":"Mohammad, A.H.: Ransomware evolution, growth and recommendation for detection. Mod. Appl. Sci. 14(3), 68 (2020)","journal-title":"Mod. Appl. Sci."},{"key":"18_CR31","unstructured":"Oracle: Oracle virtualbox. https:\/\/www.virtualbox.org\/. Accessed 16 Aug 2023"},{"key":"18_CR32","unstructured":"Plohmann, D., Clauss, M., Enders, S., Padilla, E.: Malpedia: a collaborative effort to inventorize the malware landscape. In: Proceedings of the Botconf (2017)"},{"key":"18_CR33","first-page":"1","volume":"4","author":"D Plohmann","year":"2018","unstructured":"Plohmann, D., Enders, S., Padilla, E.: ApiScout: robust windows API usage recovery for malware characterization and similarity analysis. J Cybercrime Digit. Invest. 4, 1\u20136 (2018)","journal-title":"J Cybercrime Digit. Invest."},{"key":"18_CR34","doi-asserted-by":"crossref","unstructured":"Rossow, C., et al.: Prudent practices for designing malware experiments: status quo and outlook. In: Proceedings of the 33rd IEEE Symposium on Security and Privacy (S &P), San Francisco, CA (2012)","DOI":"10.1109\/SP.2012.14"},{"key":"18_CR35","doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D.: PolyUnpack: automating the hidden-code extraction of unpack-executing malware. In: ACSAC, pp 289\u2013300 (2006)","DOI":"10.1109\/ACSAC.2006.38"},{"key":"18_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"481","DOI":"10.1007\/978-3-540-88313-5_31","volume-title":"Computer Security - ESORICS 2008","author":"M Sharif","year":"2008","unstructured":"Sharif, M., Yegneswaran, V., Saidi, H., Porras, P., Lee, W.: Eureka: a framework for enabling static malware analysis. In: Jajodia, S., Lopez, J. (eds.) Computer Security - ESORICS 2008. Lecture Notes in Computer Science, vol. 5283, pp. 481\u2013500. Springer, Berlin (2008). https:\/\/doi.org\/10.1007\/978-3-540-88313-5_31"},{"key":"18_CR37","series-title":"Lecture Notes in Computer Science()","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/978-3-319-40667-1_10","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"X Ugarte-Pedrero","year":"2016","unstructured":"Ugarte-Pedrero, X., Balzarotti, D., Santos, I., Bringas, P.G.: RAMBO: run-time packer analysis with multiple branch observation. In: Caballero, J., Zurutuza, U., Rodriguez, R. (eds.) Detection of Intrusions and Malware, and Vulnerability Assessment. Lecture Notes in Computer Science(), vol. 9721, pp. 186\u2013206. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-40667-1_10"},{"key":"18_CR38","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 116\u2013127 (2007)","DOI":"10.1145\/1315245.1315261"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Digital Forensics and Cyber Crime"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-56583-0_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,29]],"date-time":"2024-08-29T10:05:53Z","timestamp":1724925953000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-56583-0_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031565823","9783031565830"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-56583-0_18","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"3 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICDF2C","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Digital Forensics and Cyber Crime","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New York, NY","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 November 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 November 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"icdf2c2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Confy +","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"105","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"41","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"39% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}