{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T19:08:33Z","timestamp":1743102513753,"version":"3.40.3"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031575365"},{"type":"electronic","value":"9783031575372"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-57537-2_22","type":"book-chapter","created":{"date-parts":[[2024,4,24]],"date-time":"2024-04-24T19:02:38Z","timestamp":1713985358000},"page":"355-371","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Original Entry Point Detection Based on\u00a0Graph Similarity"],"prefix":"10.1007","author":[{"given":"Thanh-Hung","family":"Pham","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mizuhito","family":"Ogawa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,4,25]]},"reference":[{"key":"22_CR1","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1145\/360248.360252","volume":"19","author":"JC King","year":"1976","unstructured":"King, J.C.: Symbolic execution and program testing. CACM 19, 385\u2013394 (1976)","journal-title":"CACM"},{"key":"22_CR2","first-page":"372","volume":"10885","author":"J Salwan","year":"2018","unstructured":"Salwan, J., Bardin, S., Potet, M.-L.: Symbolic deobfuscation: from virtualized code back to the original. DIMVA, LNCS 10885, 372\u2013392 (2018)","journal-title":"DIMVA, LNCS"},{"key":"22_CR3","first-page":"229","volume":"9482","author":"NM Hai","year":"2015","unstructured":"Hai, N.M., Ogawa, M., Tho, Q.T.: Obfuscation code localization based on CFG generation of malware. FPS, LNCS 9482, 229\u2013247 (2015)","journal-title":"FPS, LNCS"},{"key":"22_CR4","unstructured":"Shervashidze, N., Schweitzer, P., van Leeuwen, E.J., Mehlhorn, K., Borgwardt, K.M.: \u201cWeisfeiler-Lehman Graph Kernels\u201d. J. Mach. Learn. Res. 12, 2539\u20132561 (2011)"},{"key":"22_CR5","unstructured":"Wikipedia.\u201cCosine similarity.\u201d https:\/\/en.wikipedia.org\/wiki\/Cosine_similarity"},{"key":"22_CR6","doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: PolyUnpack: automating the hidden-code extraction of upack-executing malware. In: ACSAC, pp. 289\u2013300 (2006)","DOI":"10.1109\/ACSAC.2006.38"},{"key":"22_CR7","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: OmniUnpack: fast, generic, and safe unpacking of malware. In: ACSAC, pp. 431\u2013441 (2007)","DOI":"10.1109\/ACSAC.2007.15"},{"key":"22_CR8","doi-asserted-by":"crossref","unstructured":"Kang, M., Poosankam, P., Yin, H.: Renovo: a hidden code extractor for packed executables. In: WORM 2007, pp. 46\u201353 (2007)","DOI":"10.1145\/1314389.1314399"},{"key":"22_CR9","first-page":"593","volume":"8226","author":"R Isawa","year":"2013","unstructured":"Isawa, R., Kamizono, M., Inoue, D.: Generic unpacking method based on detecting original entry point. NIP, LNCS 8226, 593\u2013600 (2013)","journal-title":"NIP, LNCS"},{"key":"22_CR10","unstructured":"D\u2019Alessio, S., Mariani, S.: PinDemonium: a DBI-based generic unpacker for windows executables. In: BlackHat, pp. 1\u201356 (2016)"},{"key":"22_CR11","unstructured":"NtQuery. Scylla - x64\/x86 imports reconstruction. https:\/\/github.com\/NtQuery\/Scylla"},{"key":"22_CR12","first-page":"98","volume":"5230","author":"F Guo","year":"2008","unstructured":"Guo, F., Ferrie, P., Chiueh, T.C.: A study of the packer problem and its solutions. RAID, LNCS 5230, 98\u2013115 (2008)","journal-title":"RAID, LNCS"},{"key":"22_CR13","doi-asserted-by":"crossref","unstructured":"Isawa, R., Inous, D., Nakao, K.: An original entry point detection method with candidate-sorting for more effective generic unpacking. IEICE Trans. E98-D(4), 883\u2013893 (2015)","DOI":"10.1587\/transinf.2014EDP7268"},{"key":"22_CR14","first-page":"887","volume":"35","author":"GM Kim","year":"2019","unstructured":"Kim, G.M., Park, J., Jang, Y.H., Park, Y.: Efficient automatic original entry point detection. J. Inf. Sci. Eng. 35, 887\u2013901 (2019)","journal-title":"J. Inf. Sci. Eng."},{"key":"22_CR15","doi-asserted-by":"crossref","unstructured":"Jeong, G., Choo, E., Lee, J., Bat-Erdene, M., Lee, H.: Generic unpacking using entropy analysis. In: MALWARE, pp. 98\u2013105 (2010)","DOI":"10.1109\/MALWARE.2010.5665789"},{"key":"22_CR16","doi-asserted-by":"publisher","first-page":"533","DOI":"10.1016\/j.neunet.2018.09.001","volume":"108","author":"AV Phan","year":"2018","unstructured":"Phan, A.V., Nguyen, L.M., Nguyen, H.Y.L., Bui, L.T.: DGCNN: a convolutional neural network over large-scale labeled graphs. Neural Netw. 108, 533\u2013543 (2018)","journal-title":"Neural Netw."},{"key":"22_CR17","first-page":"292","volume":"13700","author":"C-HB Van Ouytsel","year":"2022","unstructured":"Van Ouytsel, C.-H.B., Legay, A.: Malware analysis with symbolic execution and graph Kernel. NordSec, LNCS 13700, 292\u2013310 (2022)","journal-title":"NordSec, LNCS"},{"key":"22_CR18","doi-asserted-by":"crossref","unstructured":"Roundy, K.A., Miller, B.P.: Binary-code obfuscations in prevalent packer tools. ACM Comput. Surv. 46, 4:1\u20134:32 (2013)","DOI":"10.1145\/2522968.2522972"},{"key":"22_CR19","doi-asserted-by":"crossref","unstructured":"Nguyen, M.H., Ogawa, M., Tho, Q.T.: Packer identification based on metadata signature. In: SSPREW-7, pp. 1\u201311 (2017)","DOI":"10.1145\/3151137.3160687"},{"key":"22_CR20","first-page":"214","volume":"5403","author":"J Kinder","year":"2009","unstructured":"Kinder, J., Zuleger, F., Veith, H.: An abstract interpretation-based framework for control flow reconstruction from binaries. VMCAI, LNCS 5403, 214\u2013228 (2009)","journal-title":"VMCAI, LNCS"},{"key":"22_CR21","first-page":"337","volume":"4963","author":"L Moura","year":"2008","unstructured":"Moura, L., Bj\u00f8rner, N.: Z3: An efficient SMT solver. TACAS, LNCS 4963, 337\u2013340 (2008)","journal-title":"TACAS, LNCS"},{"issue":"2","key":"22_CR22","doi-asserted-by":"publisher","first-page":"105","DOI":"10.1002\/spe.4380010203","volume":"1","author":"DE Knuth","year":"1971","unstructured":"Knuth, D.E.: An empirical study of FORTRAN programs. Softw. Pract. Exp. 1(2), 105\u2013134 (1971)","journal-title":"Softw. Pract. Exp."},{"key":"22_CR23","doi-asserted-by":"crossref","unstructured":"Hecht, M.S., Ullman, J.D.: Flow graph reducibility. In: ACM STOC, pp. 238\u2013250 (1972)","DOI":"10.1145\/800152.804919"}],"container-title":["Lecture Notes in Computer Science","Foundations and Practice of Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-57537-2_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,11,16]],"date-time":"2024-11-16T23:46:45Z","timestamp":1731800805000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-57537-2_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031575365","9783031575372"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-57537-2_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"25 April 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"FPS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Foundations and Practice of Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bordeaux","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2023","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 December 2023","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 December 2023","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"fps2023","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.fps-2023.com\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easychair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"80","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"27","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"34% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}