{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T19:00:22Z","timestamp":1772046022548,"version":"3.50.1"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031575365","type":"print"},{"value":"9783031575372","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-57537-2_20","type":"book-chapter","created":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:02:38Z","timestamp":1713985358000},"page":"321-338","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Following the\u00a0Obfuscation Trail: Identifying and\u00a0Exploiting Obfuscation Signatures in\u00a0Malicious Code"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6617-9010","authenticated-orcid":false,"given":"Julien","family":"Cassagne","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ettore","family":"Merlo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guy-Vincent","family":"Jourdan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Iosif-Viorel","family":"Onut","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,4,25]]},"reference":[{"key":"20_CR1","volume-title":"Compilers: Principles, Techniques, and Tools","author":"AV Aho","year":"2006","unstructured":"Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques, and Tools, 2nd edn. Addison-Wesley Longman Publishing Co. Inc. (2006)","edition":"2"},{"key":"20_CR2","doi-asserted-by":"publisher","unstructured":"Arceri, V., Mastroeni, I.: Analyzing dynamic code: a sound abstract interpreter for evil eval. ACM Trans. Priv. Secur. 24(2), 1\u201338 (2021). https:\/\/doi.org\/10.1145\/3426470","DOI":"10.1145\/3426470"},{"key":"20_CR3","doi-asserted-by":"publisher","unstructured":"Blanc, G., Miyamoto, D., Akiyama, M., Kadobayashi, Y.: Characterizing obfuscated javascript using abstract syntax trees: experimenting with malicious scripts. In: 2012 26th International Conference on Advanced Information Networking and Applications Workshops, pp. 344\u2013351 (2012). https:\/\/doi.org\/10.1109\/WAINA.2012.140","DOI":"10.1109\/WAINA.2012.140"},{"key":"20_CR4","unstructured":"Cassagne, J.: Payloads dataset. https:\/\/github.com\/weimdall\/phishing-evals"},{"key":"20_CR5","unstructured":"Cassagne, J.: Source code. https:\/\/github.com\/weimdall\/obfuscation-analyzer"},{"key":"20_CR6","doi-asserted-by":"publisher","unstructured":"Christensen, A.S., M\u00f8ller, A., Schwartzbach, M.I.: Precise analysis of string expressions. In: Cousot, R. (ed.) Static Analysis, pp. 1\u201318. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/3-540-44898-5_1","DOI":"10.1007\/3-540-44898-5_1"},{"key":"20_CR7","doi-asserted-by":"publisher","unstructured":"Cui, Q., Jourdan, G.-V., Bochmann, G.V., Onut, I.-V.: Proactive detection of phishing kit traffic. In: Sako, K., Tippenhauer, N.O. (eds.) Applied Cryptography and Network Security, ACNS 2021, pp. 257\u2013286. Springer, Cham (2021). https:\/\/doi.org\/10.1007\/978-3-030-78375-4_11","DOI":"10.1007\/978-3-030-78375-4_11"},{"key":"20_CR8","doi-asserted-by":"publisher","unstructured":"Doh, K.G., Kim, H., Schmidt, D.A.: Abstract parsing: static analysis of dynamically generated string output using IR-parsing technology. In: Palsberg, J., Su, Z. (eds.) Static Analysis, pp. 256\u2013272. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-03237-0_18","DOI":"10.1007\/978-3-642-03237-0_18"},{"key":"20_CR9","doi-asserted-by":"publisher","unstructured":"Hajarnis, K., Dalal, J., Bawale, R., Abraham, J., Matange, A.: A comprehensive solution for obfuscation detection and removal based on comparative analysis of deobfuscation tools. In: 2021 International Conference on Smart Generation Computing, Communication and Networking (SMART GENCON), pp. 1\u20137 (2021). https:\/\/doi.org\/10.1109\/SMARTGENCON51891.2021.9645824","DOI":"10.1109\/SMARTGENCON51891.2021.9645824"},{"key":"20_CR10","doi-asserted-by":"publisher","unstructured":"Han, K., Hwang, S.O.: Lightweight detection method of obfuscated landing sites based on the AST structure and tokens. Appl. Sci. 10(17), 6116 (2020). https:\/\/doi.org\/10.3390\/app10176116","DOI":"10.3390\/app10176116"},{"key":"20_CR11","doi-asserted-by":"publisher","unstructured":"Jensen, S.H., Jonsson, P.A., M\u00f8ller, A.: Remedying the eval that men do. In: Proceedings of the 2012 International Symposium on Software Testing and Analysis (ISSTA 2012), pp. 34\u201344. Association for Computing Machinery, New York (2012). https:\/\/doi.org\/10.1145\/2338965.2336758","DOI":"10.1145\/2338965.2336758"},{"key":"20_CR12","doi-asserted-by":"publisher","unstructured":"Kim, H., Doh, K.G., Schmidt, D.A.: Static validation of dynamically generated html documents based on abstract parsing and semantic processing. In: Logozzo, F., F\u00e4hndrich, M. (eds.) Static Analysis, pp. 194\u2013214. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-38856-9_12","DOI":"10.1007\/978-3-642-38856-9_12"},{"key":"20_CR13","doi-asserted-by":"publisher","unstructured":"Li, Z., Chen, Q.A., Xiong, C., Chen, Y., Zhu, T., Yang, H.: Effective and light-weight deobfuscation and semantic-aware attack detection for powershell scripts. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (CCS 2019), pp. 1831\u20131847. Association for Computing Machinery, New York (2019). https:\/\/doi.org\/10.1145\/3319535.3363187","DOI":"10.1145\/3319535.3363187"},{"key":"20_CR14","doi-asserted-by":"publisher","unstructured":"Meawad, F., Richards, G., Morandat, F., Vitek, J.: Eval begone! semi-automated removal of eval from javascript programs. ACM SIGPLAN Notices 47(10), 607\u2013620 (2012). https:\/\/doi.org\/10.1145\/2398857.2384660","DOI":"10.1145\/2398857.2384660"},{"key":"20_CR15","doi-asserted-by":"publisher","unstructured":"Merlo, E., Margier, M., Jourdan, G.V., Onut, I.V.: Phishing kits source code similarity distribution: a case study. In: 2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), pp. 983\u2013994 (2022). https:\/\/doi.org\/10.1109\/SANER53432.2022.00116","DOI":"10.1109\/SANER53432.2022.00116"},{"key":"20_CR16","doi-asserted-by":"publisher","unstructured":"Minamide, Y.: Static approximation of dynamically generated web pages. In: Proceedings of the 14th International Conference on World Wide Web (WWW 2005), pp. 432\u2013441. Association for Computing Machinery, New York (2005). https:\/\/doi.org\/10.1145\/1060745.1060809","DOI":"10.1145\/1060745.1060809"},{"key":"20_CR17","doi-asserted-by":"publisher","unstructured":"Oest, A., Safei, Y., Doupe, A., Ahn, G.J., Wardman, B., Warner, G.: Inside a phisher\u2019s mind: understanding the anti-phishing ecosystem through phishing kit analysis. In: Proceedings of the 2018 APWG Symposium on Electronic Crime Research, eCrime 2018, pp. 1\u201312. eCrime Researchers Summit, eCrime, IEEE Computer Society (2018). https:\/\/doi.org\/10.1109\/ECRIME.2018.8376206","DOI":"10.1109\/ECRIME.2018.8376206"},{"key":"20_CR18","unstructured":"Ramilli, M.: https:\/\/github.com\/marcoramilli\/PhishingKitTracker"},{"issue":"7","key":"20_CR19","doi-asserted-by":"publisher","first-page":"470","DOI":"10.1016\/j.scico.2009.02.007","volume":"74","author":"CK Roy","year":"2009","unstructured":"Roy, C.K., Cordy, J.R., Koschke, R.: Comparison and evaluation of code clone detection techniques and tools: a qualitative approach. Sci. Comput. Prog. 74(7), 470\u2013495 (2009). https:\/\/doi.org\/10.1016\/j.scico.2009.02.007","journal-title":"Sci. Comput. Prog."},{"key":"20_CR20","doi-asserted-by":"publisher","unstructured":"Tejaswi, B., Samarasinghe, N., Pourali, S., Mannan, M., Youssef, A.: Leaky kits: the increased risk of data exposure from phishing kits. In: 2022 APWG Symposium on Electronic Crime Research (eCrime), pp. 1\u201313 (2022). https:\/\/doi.org\/10.1109\/eCrime57793.2022.10142092","DOI":"10.1109\/eCrime57793.2022.10142092"},{"key":"20_CR21","doi-asserted-by":"publisher","unstructured":"Thiemann, P.: Grammar-based analysis of string expressions. In: Proceedings of the 2005 ACM SIGPLAN International Workshop on Types in Languages Design and Implementation (TLDI 2005), pp. 59\u201370. Association for Computing Machinery, New York (2005). https:\/\/doi.org\/10.1145\/1040294.1040300","DOI":"10.1145\/1040294.1040300"},{"key":"20_CR22","doi-asserted-by":"publisher","unstructured":"Yu, F., Alkhalaf, M., Bultan, T.: Patching vulnerabilities with sanitization synthesis. In: 2011 33rd International Conference on Software Engineering (ICSE), pp. 251\u2013260 (2011). https:\/\/doi.org\/10.1145\/1985793.1985828","DOI":"10.1145\/1985793.1985828"},{"key":"20_CR23","doi-asserted-by":"publisher","unstructured":"Yue, C., Wang, H.: A measurement study of insecure javascript practices on the web. ACM Trans. Web 7(2), 1\u201339 (2013). https:\/\/doi.org\/10.1145\/2460383.2460386","DOI":"10.1145\/2460383.2460386"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-57537-2_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:05:23Z","timestamp":1713985523000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-57537-2_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031575365","9783031575372"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-57537-2_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"25 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bordeaux","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fps-2023.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}