{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T11:40:04Z","timestamp":1745322004996,"version":"3.40.4"},"publisher-location":"Cham","reference-count":46,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031710247"},{"type":"electronic","value":"9783031710254"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-71025-4_9","type":"book-chapter","created":{"date-parts":[[2025,1,6]],"date-time":"2025-01-06T07:46:01Z","timestamp":1736149561000},"page":"167-182","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Fingerprinting Malware Families Under Uncertainty"],"prefix":"10.1007","author":[{"given":"Cayden","family":"Dunn","sequence":"first","affiliation":[]},{"given":"Krishnendu","family":"Ghosh","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,1,7]]},"reference":[{"doi-asserted-by":"crossref","unstructured":"B. Anderson, T. Lane and C. Hash, Malware phylogenetics based on the multiview graphical lasso, Proceedings of the Thirteenth International Symposium on Intelligent Data Analysis, pp. 1\u201312, 2014.","key":"9_CR1","DOI":"10.1007\/978-3-319-12571-8_1"},{"doi-asserted-by":"crossref","unstructured":"B. Anderson, D. Quist, J. Neil, C. Storlie and T. Lane, Graph-based malware detection using dynamic analysis, Journal in Computer Virology, vol. 7(4), pp. 247\u2013258, 2011.","key":"9_CR2","DOI":"10.1007\/s11416-011-0152-x"},{"unstructured":"C. Baier and J. Katoen, Principles of Model Checking, MIT Press, Cambridge, Massachusetts, 2008.","key":"9_CR3"},{"unstructured":"U. Bayer, C. Kruegel and E. Kirda, TTAnalyze: A tool for analyzing malware, Proceedings of the Fifteenth Annual Conference of the European Institute for Computer Antivirus Research, pp. 180\u2013192, 2006.","key":"9_CR4"},{"doi-asserted-by":"crossref","unstructured":"U. Bayer, A. Moser, C. Kruegel and E. Kirda, Dynamic analysis of malicious code, Journal in Computer Virology, vol. 2(1), pp. 67\u201377, 2006.","key":"9_CR5","DOI":"10.1007\/s11416-006-0012-2"},{"doi-asserted-by":"crossref","unstructured":"P. Black, I. Gondal, P. Vamplew and A. Lakhotia, Evolved similarity techniques in malware analysis, Proceedings of the Eighteenth IEEE International Conference on Trust, Security and Privacy in Computing and Communications and Thirteenth IEEE International Conference on Big Data Science and Engineering, pp. 404\u2013409, 2019.","key":"9_CR6","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00061"},{"doi-asserted-by":"crossref","unstructured":"V. Blondel, J. Guillaume, R. Lambiotte and E. Lefebvre, Fast unfolding of communities in large networks, Journal of Statistical Mechanics: Theory and Experiment, article no. P10008, 2008.","key":"9_CR7","DOI":"10.1088\/1742-5468\/2008\/10\/P10008"},{"doi-asserted-by":"crossref","unstructured":"D. Canali, A. Lanzi, D. Balzarotti, C. Kruegel, M. Christodorescu and E. Kirda, A quantitative study of accuracy in system-call-based malware detection, Proceedings of the International Symposium on Software Testing and Analysis, pp. 122\u2013132, 2012.","key":"9_CR8","DOI":"10.1145\/2338965.2336768"},{"unstructured":"E. Carrera and G. Erdelyi, Digital genome mapping \u2014 Advanced binary malware analysis, Proceedings of the Virus Bulletin Conference, pp. 187\u2013197, 2004.","key":"9_CR9"},{"doi-asserted-by":"crossref","unstructured":"F. Catak, J. Ahmed, K. Sahinbas and Z. Khand, Data-augmentation-based malware detection using convolutional neural networks, PeerJ Computer Science. vol. 7, article no. e346, 2021.","key":"9_CR10","DOI":"10.7717\/peerj-cs.346"},{"unstructured":"S. Chaba, R. Kumar, R. Pant and M. Dave, Malware Detection Approach for Android Systems Using System Call Logs, arXiv: 1709.08805v1 (arxiv.org\/abs\/1709.08805v1), 2017.","key":"9_CR11"},{"doi-asserted-by":"crossref","unstructured":"C. Christodorescu, S. Jha, S. Seshia, D. Song and R. Bryant, Semantics-aware malware detection, Proceedings of the IEEE Symposium on Security and Privacy, pp. 32\u201346, 2005.","key":"9_CR12","DOI":"10.1109\/SP.2005.20"},{"unstructured":"M. Christodorescu and S. Jha, Static analysis of executables to detect malicious patterns, Proceedings of the Twelfth Conference on USENIX Security, 2003.","key":"9_CR13"},{"unstructured":"M. Dayhoff, R. Schwartz and B. Orcutt, A model of evolutionary change in proteins, Atlas of Protein Sequence and Structure, vol. 5(3), pp. 345\u2013352, 1978.","key":"9_CR14"},{"doi-asserted-by":"crossref","unstructured":"K. Deng, Y. Sun, P. Mehta and S. Meyn, An information-theoretic framework to aggregate a Markov chain, Proceedings of the American Control Conference, pp. 731\u2013736, 2009.","key":"9_CR15","DOI":"10.1109\/ACC.2009.5160607"},{"doi-asserted-by":"crossref","unstructured":"R. Durbin, S. Eddy, A. Krogh and G. Mitchison, Biological Sequence Analysis: Probabilistic Models of Proteins and Nucleic Acids, Cambridge University Press, Cambridge, United Kingdom, 1998.","key":"9_CR16","DOI":"10.1017\/CBO9780511790492"},{"doi-asserted-by":"crossref","unstructured":"S. Fortunato, Community detection in graphs, Physics Reports, vol. 486(3-5), pp. 75\u2013174, 2010.","key":"9_CR17","DOI":"10.1016\/j.physrep.2009.11.002"},{"doi-asserted-by":"crossref","unstructured":"K. Ghosh and J. Mills, Automated construction of malware families, in Security, Privacy and Anonymity in Computation, Communication and Storage, G. Wang, J. Feng, M. Bhuiyan and R. Lu (Eds.), Springer, Cham, Switzerland, pp. 465\u2013474, 2019.","key":"9_CR18","DOI":"10.1007\/978-3-030-24907-6_35"},{"unstructured":"K. Ghosh, J. Mills and J. Dorr, Phylogenetic-inspired probabilistic model abstraction in detection of malware families, Proceedings of the 2017 AAAI Fall Symposium Series, Deep Models and Artificial Intelligence for Military Applications: Potentials, Theories, Practices, Tools and Risks, 2017.","key":"9_CR19"},{"doi-asserted-by":"crossref","unstructured":"M. Girvan and M. Newman, Community structure in social and biological networks, Proceedings of the National Academy of Sciences, vol. 99(12), pp. 7821\u20137826, 2002.","key":"9_CR20","DOI":"10.1073\/pnas.122653799"},{"doi-asserted-by":"crossref","unstructured":"L. Goldberg, P. Goldberg, C. Phillips and G. Sorkin, Constructing computer virus phylogenies, Journal of Algorithms, vol. 26(1), pp. 188\u2013208, 1998.","key":"9_CR21","DOI":"10.1006\/jagm.1997.0897"},{"unstructured":"L. Gordon, M. Loeb, W. Lucyshyn and R. Richardson, 2005 CSI\/FBI Computer Crime and Security Survey, Computer Security Institute, San Francisco, California, 2005.","key":"9_CR22"},{"doi-asserted-by":"crossref","unstructured":"H. Guo, S. Huang, M. Zhang, Z. Pan, F. Shi, C. Huang and B. Li, Classification of malware variants based on ensemble learning, Proceedings of the International Conference on Machine Learning for Cyber Security, pp. 125\u2013139, 2020.","key":"9_CR23","DOI":"10.1007\/978-3-030-62223-7_11"},{"doi-asserted-by":"crossref","unstructured":"I. Haq, S. Chica, J. Caballero and S. Jha, Malware lineage in the wild, Computers and Security, vol. 78, pp. 347\u2013363, 2018.","key":"9_CR24","DOI":"10.1016\/j.cose.2018.07.012"},{"doi-asserted-by":"crossref","unstructured":"M. Hayes, A. Walenstein and A. Lakhotia, Evaluation of malware phylogeny modeling systems using automated variant generation, Journal in Computer Virology, vol. 5(4), pp. 335\u2013343, 2009.","key":"9_CR25","DOI":"10.1007\/s11416-008-0100-6"},{"doi-asserted-by":"crossref","unstructured":"A. Jackson and K. Ghosh, Unsupervised learning approaches for construction of malware families, Proceedings of the IEEE International Conference on Big Data, pp. 2989\u20132996, 2022.","key":"9_CR26","DOI":"10.1109\/BigData55660.2022.10020797"},{"unstructured":"M. Joseph and S. Ashok, Minimum-spanning-tree-based community detection for biological data analysis, Journal of Engineering and Applied Sciences, vol. 12(21), pp. 5452\u20135456, 2017.","key":"9_CR27"},{"doi-asserted-by":"crossref","unstructured":"E. Karbab and M. Debbabi, MalDy: Portable, data-driven malware detection using natural language processing and machine learning techniques on behavioral analysis reports, Digital Investigation, vol. 28(S), pp. S77\u2013S87, 2019.","key":"9_CR28","DOI":"10.1016\/j.diin.2019.01.017"},{"doi-asserted-by":"crossref","unstructured":"M. Karim, A. Walenstein, A. Lakhotia and L. Parida, Malware phylogeny generation using permutations of code, Journal in Computer Virology, vol. 1(1-2), pp. 13\u201323, 2005.","key":"9_CR29","DOI":"10.1007\/s11416-005-0002-9"},{"doi-asserted-by":"crossref","unstructured":"W. Khoo and P. Lio, Unity in diversity: Phylogenetic-inspired techniques for reverse engineering and detection of malware families, Proceedings of the First Systems Security Workshop, pp. 3\u201310, 2011.","key":"9_CR30","DOI":"10.1109\/SysSec.2011.24"},{"unstructured":"H. Kim, W. Khoo and P. Lio, Polymorphic attacks against sequence-based software birthmarks, presented at the Second ACM SIGPLAN Workshop on Software Security and Protection, 2012.","key":"9_CR31"},{"unstructured":"J. Kolter and M. Maloof, Learning to detect and classify malicious executables in the wild, Journal of Machine Learning Research, vol. 7, pp. 2721\u20132744, 2006.","key":"9_CR32"},{"doi-asserted-by":"crossref","unstructured":"J. Lin, Divergence measures based on Shannon entropy, IEEE Transactions on Information Theory, vol. 37(1), pp. 145\u2013151, 1991.","key":"9_CR33","DOI":"10.1109\/18.61115"},{"doi-asserted-by":"crossref","unstructured":"A. Moser, C. Kruegel and E. Kirda, Limits of static analysis for malware detection, Proceedings of the Twenty-Third Annual Computer Security Applications Conference, pp. 421\u2013430, 2007.","key":"9_CR34","DOI":"10.1109\/ACSAC.2007.21"},{"doi-asserted-by":"crossref","unstructured":"S. Nikolopoulos and I. Polenakis, A graph-based model for malware detection and classification using system-call groups, Journal of Computer Virology and Hacking Techniques, vol. 13(1), pp. 29\u201346, 2017.","key":"9_CR35","DOI":"10.1007\/s11416-016-0267-1"},{"doi-asserted-by":"crossref","unstructured":"T. Pham and J. Zuegg, A probabilistic measure for alignment-free sequence comparison, Bioinformatics, vol. 20(18), pp. 3455\u20133461, 2004.","key":"9_CR36","DOI":"10.1093\/bioinformatics\/bth426"},{"doi-asserted-by":"crossref","unstructured":"P. Pons and M. Latapy, Computing communities in large networks using random walks, Journal of Graph Algorithms and Applications, vol. 10(2), pp. 191\u2013218, 2006.","key":"9_CR37","DOI":"10.7155\/jgaa.00124"},{"doi-asserted-by":"crossref","unstructured":"Z. Rached, F. Alajaji and L. Campbell, The Kullback-Leibler divergence rate between Markov sources, IEEE Transactions on Information Theory, vol. 50(5), pp. 917\u2013921, 2004.","key":"9_CR38","DOI":"10.1109\/TIT.2004.826687"},{"unstructured":"C. San and M. Thwin, Selecting prominent API calls and labeling malicious samples for effective malware family classification, International Journal of Computer Science and Information Security, vol. 17(5), pp. 89\u2013105, 2019.","key":"9_CR39"},{"doi-asserted-by":"crossref","unstructured":"M. Schultz, E. Eskin, F. Zadok and S. Stolfo, Data mining methods for detection of new malicious executables, Proceedings of the IEEE Symposium on Security and Privacy, pp. 38\u201349, 2001.","key":"9_CR40","DOI":"10.1109\/SECPRI.2001.924286"},{"doi-asserted-by":"crossref","unstructured":"G. Severi, T. Leek and B. Dolan-Gavitt, Malrec: Compact full-trace malware recording for retrospective deep analysis, Proceedings of the Fifteenth International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. pp. 3\u201323, 2018.","key":"9_CR41","DOI":"10.1007\/978-3-319-93411-2_1"},{"doi-asserted-by":"crossref","unstructured":"C. Toth, D. Helic and B. Geiger, Synwalk: Community detection via random walk modeling, Data Mining and Knowledge Discovery, vol. 36, pp. 739\u2013780, 2022.","key":"9_CR42","DOI":"10.1007\/s10618-021-00809-w"},{"doi-asserted-by":"crossref","unstructured":"D. Ucci, L. Aniello and R. Baldoni, Survey of machine learning techniques for malware analysis, Computers and Security, vol. 81, pp. 123\u2013147, 2019.","key":"9_CR43","DOI":"10.1016\/j.cose.2018.11.001"},{"doi-asserted-by":"crossref","unstructured":"S. Vinga and J. Almeida, Alignment-free sequence comparison \u2013 A review, Bioinformatics, vol. 19(4), pp. 513\u2013523, 2003.","key":"9_CR44","DOI":"10.1093\/bioinformatics\/btg005"},{"doi-asserted-by":"crossref","unstructured":"C. Willems, T. Holz and F. Freiling, Toward automated dynamic malware analysis using CWSandbox, IEEE Security and Privacy, vol. 5(2), pp. 32\u201339, 2007.","key":"9_CR45","DOI":"10.1109\/MSP.2007.45"},{"doi-asserted-by":"crossref","unstructured":"Y. Ye, T. Li, D. Adjeroh and S. Iyengar, A survey of malware detection using data mining techniques, ACM Computing Surveys, vol. 50(3), article no. 41, 2017.","key":"9_CR46","DOI":"10.1145\/3073559"}],"container-title":["IFIP Advances in Information and Communication Technology","Advances in Digital Forensics XX"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-71025-4_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,22]],"date-time":"2025-04-22T11:15:37Z","timestamp":1745320537000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-71025-4_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031710247","9783031710254"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-71025-4_9","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"7 January 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DigitalForensics","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Digital Forensics","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New Delhi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 January 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"4 January 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"digitalforensics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ifip119.org\/Conferences\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}