{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T09:51:24Z","timestamp":1773827484128,"version":"3.50.1"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031765537","type":"print"},{"value":"9783031765544","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,11,13]],"date-time":"2024-11-13T00:00:00Z","timestamp":1731456000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,11,13]],"date-time":"2024-11-13T00:00:00Z","timestamp":1731456000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-76554-4_1","type":"book-chapter","created":{"date-parts":[[2024,11,12]],"date-time":"2024-11-12T11:17:56Z","timestamp":1731410276000},"page":"3-23","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["A Formal Tainting-Based Framework for\u00a0Malware Analysis"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3533-7573","authenticated-orcid":false,"given":"Andrei","family":"Mogage","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8097-040X","authenticated-orcid":false,"given":"Dorel","family":"Lucanu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,11,13]]},"reference":[{"key":"1_CR1","unstructured":"Dynamorio public repository. https:\/\/github.com\/DynamoRIO\/dynamorio. Accessed 19 Mar 2024"},{"key":"1_CR2","unstructured":"One source to rule them all: Chasing avaddon ransomware. https:\/\/www.mandiant.com\/resources\/blog\/chasing-avaddon-ransomware. Accessed 13 Mar 2024"},{"issue":"2","key":"1_CR3","first-page":"1","volume":"37","author":"V Bala","year":"2005","unstructured":"Bala, V., Duesterwald, E., Banerjia, S.: Dynamic binary translation and optimization. ACM Comput. Surv. (CSUR) 37(2), 1\u201352 (2005)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"1_CR4","unstructured":"Mar 10339794-1.v1 - cobalt strike beacon. https:\/\/www.cisa.gov\/news-events\/analysis-reports\/ar21-148a. Accessed 13 Mar 2024"},{"key":"1_CR5","unstructured":"Darkside ransomware explained: How it works and who is behind it. https:\/\/www.csoonline.com\/article\/570723\/darkside-ransomware-explained-how-it-works-and-who-is-behind-it.html"},{"key":"1_CR6","unstructured":"De\u00a0Giacomo, G., Vardi, M.Y.: Linear temporal logic and linear dynamic logic on finite traces. In: Proceedings of the Twenty-Third International Joint Conference on Artificial Intelligence. IJCAI \u201913, pp. 854\u2013860. AAAI Press (2013)"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"D\u2019Elia, D.C., Coppa, E., Nicchi, S., Palmaro, F., Cavallaro, L.: SOK: using dynamic binary instrumentation for security (and how you may get caught red handed). In: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, pp. 15\u201327 (2019)","DOI":"10.1145\/3321705.3329819"},{"key":"1_CR8","doi-asserted-by":"publisher","unstructured":"Enck, W., et al.: Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. 32(2) (2014). https:\/\/doi.org\/10.1145\/2619091","DOI":"10.1145\/2619091"},{"key":"1_CR9","unstructured":"Evasive malware threats on the rise despite decline in overall attacks. https:\/\/www.infosecurity-magazine.com\/news\/evasive-malware-rise-decline\/"},{"key":"1_CR10","unstructured":"New research: Fileless malware attacks surge by 900% and cryptominers make a comeback, while ransomware attacks decline. https:\/\/www.globenewswire.com\/en\/news-release\/2021\/03\/30\/2201173\/0\/en\/New-Research-Fileless-Malware-Attacks-Surge-by-900-and-Cryptominers-Make-a-Comeback-While-Ransomware-Attacks-Decline.html"},{"key":"1_CR11","doi-asserted-by":"crossref","unstructured":"Fionda, V., Greco, G.: The complexity of LTL on finite traces: Hard and easy fragments. In: Proceedings of the Thirtieth AAAI Conference on Artificial Intelligence. AAAI\u201916, pp. 971\u2013977. AAAI Press (2016)","DOI":"10.1609\/aaai.v30i1.10104"},{"key":"1_CR12","unstructured":"Hermeticwiper: A detailed analysis of the destructive malware that targeted Ukraine. https:\/\/www.malwarebytes.com\/blog\/threat-intelligence\/2022\/03\/hermeticwiper-a-detailed-analysis-of-the-destructive-malware-that-targeted-ukraine. Accessed 13 Mar 2024"},{"key":"1_CR13","doi-asserted-by":"publisher","unstructured":"Kemerlis, V.P., Portokalidis, G., Jee, K., Keromytis, A.D.: Libdft: Practical dynamic data flow tracking for commodity systems. In: Proceedings of the 8th ACM SIGPLAN\/SIGOPS Conference on Virtual Execution Environments. pp. 121\u2013132. VEE \u201912, Association for Computing Machinery, New York, NY, USA (2012). https:\/\/doi.org\/10.1145\/2151024.2151042","DOI":"10.1145\/2151024.2151042"},{"key":"1_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"937","DOI":"10.1007\/978-3-540-73420-8_80","volume-title":"Automata, Languages and Programming","author":"S La Torre","year":"2007","unstructured":"La Torre, S., Parlato, G.: On the complexity of Ltl model-checking of recursive state machines. In: Arge, L., Cachin, C., Jurdzi\u0144ski, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 937\u2013948. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-73420-8_80"},{"key":"1_CR15","doi-asserted-by":"publisher","unstructured":"Luk, C.K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. In: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation. PLDI \u201905, New York, NY, USA, pp. 190\u2013200. Association for Computing Machinery (2005). https:\/\/doi.org\/10.1145\/1065010.1065034","DOI":"10.1145\/1065010.1065034"},{"key":"1_CR16","unstructured":"Dissecting the malicious arsenal of the makop ransomware gang. https:\/\/securityaffairs.com\/143452\/malware\/dissecting-makop-ransomware.html. Accessed 13 Mar 2024"},{"key":"1_CR17","unstructured":"The hidden picture of malware attack trends. https:\/\/www.helpnetsecurity.com\/2023\/04\/06\/malware-attack-trends-q4-2022\/"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Mogage, A.: A.I. Assisted Malware Capabilities Capturing. Procedia Computer Science (2024). In the proceedings of the 28th International Conference on Knowledge-Based and Intelligent Information & Engineering Systems (KES 2024)","DOI":"10.1016\/j.procs.2024.09.505"},{"key":"1_CR19","doi-asserted-by":"publisher","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy. SP \u201907, USA, pp. 231\u2013245. IEEE Computer Society (2007). https:\/\/doi.org\/10.1109\/SP.2007.17","DOI":"10.1109\/SP.2007.17"},{"issue":"6","key":"1_CR20","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1145\/1273442.1250746","volume":"42","author":"N Nethercote","year":"2007","unstructured":"Nethercote, N., Seward, J.: ValGrind: a framework for heavyweight dynamic binary instrumentation. SIGPLAN Not. 42(6), 89\u2013100 (2007). https:\/\/doi.org\/10.1145\/1273442.1250746","journal-title":"SIGPLAN Not."},{"key":"1_CR21","doi-asserted-by":"publisher","unstructured":"Qiu, J., Yadegari, B., Johannesmeyer, B., Debray, S., Su, X.: A framework for understanding dynamic anti-analysis defenses. In: Proceedings of the 4th Program Protection and Reverse Engineering Workshop. PPREW-4, New York, NY, USA. Association for Computing Machinery (2014). https:\/\/doi.org\/10.1145\/2689702.2689704","DOI":"10.1145\/2689702.2689704"},{"key":"1_CR22","unstructured":"Introducing rokrat. https:\/\/blog.talosintelligence.com\/introducing-rokrat\/. Accessed 13 Mar 2024"},{"key":"1_CR23","unstructured":"Chain reaction: Rokrat\u2019s missing link. https:\/\/research.checkpoint.com\/2023\/chain-reaction-rokrats-missing-link\/. Accessed 13 Mar 2024"},{"key":"1_CR24","doi-asserted-by":"publisher","unstructured":"Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: 2010 IEEE Symposium on Security and Privacy, pp. 317\u2013331 (2010). https:\/\/doi.org\/10.1109\/SP.2010.26","DOI":"10.1109\/SP.2010.26"},{"key":"1_CR25","doi-asserted-by":"publisher","unstructured":"She, D., Chen, Y., Shah, A., Ray, B., Jana, S.: Neutaint: efficient dynamic taint analysis with neural networks. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1527\u20131543 (2020). https:\/\/doi.org\/10.1109\/SP40000.2020.00022","DOI":"10.1109\/SP40000.2020.00022"},{"key":"1_CR26","unstructured":"Taintgrind. https:\/\/github.com\/wmkhoo\/taintgrind"},{"key":"1_CR27","doi-asserted-by":"crossref","unstructured":"Yuste, J., Pastrana, S.: Avaddon ransomware: an in-depth analysis and decryption of infected systems. Comput. Secur. 109, 102388 (2021). https:\/\/www.sciencedirect.com\/science\/article\/pii\/S0167404821002121","DOI":"10.1016\/j.cose.2021.102388"}],"container-title":["Lecture Notes in Computer Science","Integrated Formal Methods"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-76554-4_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,18]],"date-time":"2025-01-18T11:38:18Z","timestamp":1737200298000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-76554-4_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,13]]},"ISBN":["9783031765537","9783031765544"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-76554-4_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,11,13]]},"assertion":[{"value":"13 November 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"IFM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Integrated Formal Methods","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Manchester","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ifm2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ifm2024.cs.manchester.ac.uk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}