{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T20:13:46Z","timestamp":1743106426372,"version":"3.40.3"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031575365"},{"type":"electronic","value":"9783031575372"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-57537-2_21","type":"book-chapter","created":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:02:38Z","timestamp":1713985358000},"page":"339-354","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["On Exploiting Symbolic Execution to\u00a0Improve the\u00a0Analysis of\u00a0RAT Samples with\u00a0angr"],"prefix":"10.1007","author":[{"given":"Serena","family":"Lucca","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christophe","family":"Crochet","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Charles-Henry","family":"Bertrand Van Ouytsel","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Axel","family":"Legay","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,4,25]]},"reference":[{"key":"21_CR1","unstructured":"Abuse.ch: Malwarebazaar (2023). https:\/\/bazaar.abuse.ch\/"},{"issue":"6","key":"21_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3365001","volume":"52","author":"A Afianian","year":"2019","unstructured":"Afianian, A., Niksefat, S., Sadeghiyan, B., Baptiste, D.: Malware dynamic analysis evasion techniques: a survey. ACM Comput. Surv. 52(6), 1\u201328 (2019)","journal-title":"ACM Comput. Surv."},{"key":"21_CR3","doi-asserted-by":"crossref","unstructured":"Aghakhani, H., et al.: When malware is packin\u2019 heat; limits of machine learning classifiers based on static analysis features. In: Network and Distributed Systems Security (NDSS) Symposium 2020 (2020)","DOI":"10.14722\/ndss.2020.24310"},{"key":"21_CR4","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101760","volume":"92","author":"E Amer","year":"2020","unstructured":"Amer, E., Zelinka, I.: A dynamic windows malware detection and prediction method based on contextual understanding of API call sequence. Comput. Secur. 92, 101760 (2020)","journal-title":"Comput. Secur."},{"key":"21_CR5","unstructured":"Bertrand Van Ouytsel, C.-H., Crochet, C., Legay, A., Lucca, S.: SEMA-ToolChain. GitHub. GitHub repository. https:\/\/github.com\/csvl\/SEMA-ToolChain"},{"key":"21_CR6","unstructured":"Avllazagaj, E., Zhu, Z., Bilge, L., Balzarotti, D., Dumitras, T.: When malware changed its mind: an empirical study of variable program behaviors in the real world. In: USENIX Security Symposium, pp. 3487\u20133504 (2021)"},{"key":"21_CR7","doi-asserted-by":"publisher","unstructured":"Baldoni, R., Coppa, E., D\u2019Elia, D.C., Demetrescu, C.: Assisting malware analysis with symbolic execution: a case study. In: Dolev, S., Lodha, S. (eds.) Cyber Security Cryptography and Machine Learning. CSCML 2017. LNCS, vol. 10332, pp. 171\u2013188. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-60080-2_12","DOI":"10.1007\/978-3-319-60080-2_12"},{"key":"21_CR8","doi-asserted-by":"publisher","unstructured":"Bertrand Van Ouytsel, C.-H., Crochet, C., Dam, K.H.T., Legay, A.: Tool paper - SEMA: symbolic execution toolchain for malware analysis. In: Kallel, S., Jmaiel, M., Zulkernine, M., Hadj Kacem, A., Cuppens, F., Cuppens, N. (eds.) Risks and Security of Internet and Systems, CRiSIS 2022, pp. 62\u201368. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-31108-6_5","DOI":"10.1007\/978-3-031-31108-6_5"},{"key":"21_CR9","doi-asserted-by":"publisher","unstructured":"Bertrand Van Ouytsel, C., Legay, A.: Malware analysis with symbolic execution and graph kernel. In: Reiser, H.P., Kyas, M. (eds.) Secure IT Systems - 27th Nordic Conference, NordSec 2022. LNCS, vol. 13700, pp. 292\u2013310. Springer, Cham (2022). https:\/\/doi.org\/10.1007\/978-3-031-22295-5_16","DOI":"10.1007\/978-3-031-22295-5_16"},{"key":"21_CR10","doi-asserted-by":"publisher","unstructured":"Biondi, F., Given-Wilson, T., Legay, A., Puodzius, C., Quilbeuf, J.: Tutorial: an overview of malware detection and evasion techniques. In: Margaria, T., Steffen, B. (eds.) Leveraging Applications of Formal Methods, Verification and Validation. Modeling - 8th International Symposium, ISoLA 2018. LNCS, vol. 11244, pp. 565\u2013586. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-03418-4_34","DOI":"10.1007\/978-3-030-03418-4_34"},{"key":"21_CR11","doi-asserted-by":"crossref","unstructured":"Blokhin, K., Saxe, J., Mentis, D.: Malware similarity identification using call graph based system call subsequence features. In: 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops, pp. 6\u201310. IEEE (2013)","DOI":"10.1109\/ICDCSW.2013.55"},{"key":"21_CR12","doi-asserted-by":"publisher","unstructured":"Borzacchiello, L., Coppa, E., D\u2019Elia, D.C., Demetrescu, C.: Reconstructing C2 servers for remote access Trojans with symbolic execution. In: Dolev, S., Hendler, D., Lodha, S., Yung, M. (eds.) Cyber Security Cryptography and Machine Learning. CSCML 2019. LNCS, vol. 11527, pp. 121\u2013140. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-20951-3_12","DOI":"10.1007\/978-3-030-20951-3_12"},{"key":"21_CR13","doi-asserted-by":"publisher","unstructured":"Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection, pp. 65\u201388. Springer, Boston (2008). https:\/\/doi.org\/10.1007\/978-0-387-68768-1_4","DOI":"10.1007\/978-0-387-68768-1_4"},{"issue":"12","key":"21_CR14","doi-asserted-by":"publisher","first-page":"3175","DOI":"10.1109\/TIFS.2018.2885512","volume":"14","author":"A Calleja","year":"2018","unstructured":"Calleja, A., Tapiador, J., Caballero, J.: The malsource dataset: quantifying complexity and code reuse in malware development. IEEE Trans. Inf. Forens. Secur. 14(12), 3175\u20133190 (2018)","journal-title":"IEEE Trans. Inf. Forens. Secur."},{"key":"21_CR15","unstructured":"Chen, J., et al.: $$\\{$$SYMSAN$$\\}$$: time and space efficient concolic execution via dynamic data-flow analysis. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 2531\u20132548 (2022)"},{"key":"21_CR16","unstructured":"Dataprot: A Not-So-Common Cold: Malware Statistics in 2022 (2023). https:\/\/dataprot.net\/statistics\/malware-statistics\/"},{"key":"21_CR17","unstructured":"Godefroid, P.: Test generation using symbolic execution. In: D\u2019Souza, D., Kavitha, T., Radhakrishnan, J. (eds.) IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science, FSTTCS 2012. LIPIcs, vol. 18, pp. 24\u201333. Schloss Dagstuhl - Leibniz-Zentrum f\u00fcr Informatik (2012)"},{"key":"21_CR18","doi-asserted-by":"publisher","unstructured":"Gorecki, C., Freiling, F.C., K\u00fchrer, M., Holz, T.: TrumanBox: improving dynamic malware analysis by emulating the internet. In: D\u00e9fago, X., Petit, F., Villain, V. (eds.) Stabilization, Safety, and Security of Distributed Systems, pp. 208\u2013222. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-24550-3_17","DOI":"10.1007\/978-3-642-24550-3_17"},{"key":"21_CR19","unstructured":"HackTricks. Common API used in malware (2023). https:\/\/book.hacktricks.xyz\/reversing-and-exploiting\/common-api-used-in-malware"},{"issue":"4","key":"21_CR20","doi-asserted-by":"publisher","first-page":"2259","DOI":"10.1109\/TDSC.2021.3051852","volume":"19","author":"L Massarelli","year":"2021","unstructured":"Massarelli, L., Di Luna, G.A., Petroni, F., Querzoni, L., Baldoni, R.: Function representations for binary similarity. IEEE Trans. Depend. Secure Comput. 19(4), 2259\u20132273 (2021)","journal-title":"IEEE Trans. Depend. Secure Comput."},{"key":"21_CR21","unstructured":"Microsoft: Programming reference for the win32 API (2023). https:\/\/learn.microsoft.com\/en-us\/windows\/win32\/api\/"},{"key":"21_CR22","doi-asserted-by":"crossref","unstructured":"Namani, N., Khan, A.: Symbolic execution based feature extraction for detection of malware. In: 2020 5th International Conference on Computing, Communication and Security (ICCCS), pp. 1\u20136. IEEE (2020)","DOI":"10.1109\/ICCCS49678.2020.9277493"},{"key":"21_CR23","unstructured":"NSA. Ghidra (2023). https:\/\/ghidra-sre.org\/"},{"key":"21_CR24","doi-asserted-by":"publisher","unstructured":"Obdr\u017e\u00e1lek, J., Trt\u00edk, M.: Efficient loop navigation for symbolic execution. In: Bultan, T., Hsiung, PA. (eds.) Automated Technology for Verification and Analysis. ATVA 2011. LNCS, vol. 6996, pp. 453\u2013462. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-24372-1_34","DOI":"10.1007\/978-3-642-24372-1_34"},{"key":"21_CR25","doi-asserted-by":"crossref","unstructured":"Park, K., et al.: Identifying behavior dispatchers for malware analysis. In: Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp. 759\u2013773 (2021)","DOI":"10.1145\/3433210.3457894"},{"key":"21_CR26","doi-asserted-by":"crossref","unstructured":"Said, N.B., et al.: Detection of Mirai by syntactic and behavioral analysis. In: Ghosh, S., Natella, R., Cukic, B., Poston, R.S., Laranjeiro, N. (eds.) 29th IEEE International Symposium on Software Reliability Engineering, ISSRE 2018, Memphis, 15\u201318 October 2018, pp. 224\u2013235. IEEE Computer Society (2018)","DOI":"10.1109\/ISSRE.2018.00032"},{"key":"21_CR27","doi-asserted-by":"publisher","unstructured":"Schrittwieser, S., Katzenbeisser, S.: Code obfuscation against static and dynamic reverse engineering. In: Filler, T., Pevn\u00fd, T., Craver, S., Ker, A. (eds.) Information Hiding, pp. 270\u2013284. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-24178-9_19","DOI":"10.1007\/978-3-642-24178-9_19"},{"key":"21_CR28","doi-asserted-by":"publisher","unstructured":"Schrittwieser, S., Kochberger, P., Pucher, M., Lawitschka, C., K\u00f6nig, P., Weippl, E.R.: Obfuscation-resilient semantic functionality identification through program simulation. In: Reiser, H.P., Kyas, M. (eds) Secure IT Systems. NordSec 2022. LNCS, vol. 13700, pp. 273\u2013291. Springer, Cham (2023). https:\/\/doi.org\/10.1007\/978-3-031-22295-5_15","DOI":"10.1007\/978-3-031-22295-5_15"},{"key":"21_CR29","doi-asserted-by":"crossref","unstructured":"Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: 2010 IEEE Symposium on Security and Privacy, pp. 317\u2013331. IEEE (2010)","DOI":"10.1109\/SP.2010.26"},{"key":"21_CR30","doi-asserted-by":"crossref","unstructured":"Sebastio, S., et al.: Optimizing symbolic execution for malware behavior classification. Comput. Secur. 93, 101775 (2020)","DOI":"10.1016\/j.cose.2020.101775"},{"key":"21_CR31","doi-asserted-by":"crossref","unstructured":"Shoshitaishvili, Y., et al.: Sok:(state of) the art of war: offensive techniques in binary analysis. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 138\u2013157. IEEE (2016)","DOI":"10.1109\/SP.2016.17"},{"key":"21_CR32","unstructured":"Talos, C.: Magicrat: Lazarus\u2019 Latest Gateway into Victim Networks (2022). https:\/\/blog.talosintelligence.com\/lazarus-magicrat\/"},{"key":"21_CR33","unstructured":"Team, Y.: Yararules (2023). https:\/\/github.com\/Yara-Rules\/rules"},{"key":"21_CR34","unstructured":"TrendMicro: Indicators of Compromise (2023). https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/indicators-of-compromise"},{"key":"21_CR35","doi-asserted-by":"crossref","unstructured":"Valeros, V., Garcia, S.: Growth and commoditization of remote access trojans. In: 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS &PW), pp. 454\u2013462. IEEE (2020)","DOI":"10.1109\/EuroSPW51379.2020.00067"},{"key":"21_CR36","doi-asserted-by":"crossref","unstructured":"Vasilescu, M., Gheorghe, L., Tapus, N.: Practical malware analysis based on sandboxing. In: 2014 RoEduNet Conference 13th Edition: Networking in Education and Research Joint Event RENAM 8th Conference, pp. 1\u20136. IEEE (2014)","DOI":"10.1109\/RoEduNet-RENAM.2014.6955304"},{"key":"21_CR37","unstructured":"Yan, X., Han, J.: gspan: Graph-based substructure pattern mining. In: 2002 IEEE International Conference on Data Mining, 2002, pp. 721\u2013724. IEEE (2002)"},{"key":"21_CR38","unstructured":"Yun, I., Lee, S., Xu, M., Jang, Y., Kim, T.: $$\\{$$QSYM$$\\}$$: a practical concolic execution engine tailored for hybrid fuzzing. In: 27th $$\\{$$USENIX$$\\}$$ Security Symposium ($$\\{$$USENIX$$\\}$$ Security 18), pp. 745\u2013761 (2018)"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-57537-2_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,16]],"date-time":"2024-11-16T23:47:25Z","timestamp":1731800845000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-57537-2_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031575365","9783031575372"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-57537-2_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"25 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bordeaux","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fps-2023.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}