{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,14]],"date-time":"2025-11-14T17:47:37Z","timestamp":1763142457397,"version":"3.44.0"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031976223"},{"type":"electronic","value":"9783031976230"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-97623-0_16","type":"book-chapter","created":{"date-parts":[[2025,7,10]],"date-time":"2025-07-10T09:24:45Z","timestamp":1752139485000},"page":"253-274","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["PackHero: A Scalable Graph-Based Approach for\u00a0Efficient Packer Identification"],"prefix":"10.1007","author":[{"given":"Marco","family":"Di Gennaro","sequence":"first","affiliation":[]},{"given":"Mario","family":"D\u2019 Onghia","sequence":"additional","affiliation":[]},{"given":"Mario","family":"Polino","sequence":"additional","affiliation":[]},{"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[]},{"given":"Michele","family":"Carminati","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,7,10]]},"reference":[{"key":"16_CR1","doi-asserted-by":"crossref","unstructured":"Aghakhani, H., et al.: When malware is packin\u2019 heat; limits of machine learning classifiers based on static analysis features. In: Proceedings of Symposium on Network and Distributed System Security (NDSS) (Feb 2020)","DOI":"10.14722\/ndss.2020.24310"},{"key":"16_CR2","doi-asserted-by":"publisher","unstructured":"Al-Anezi, D.M.M.K.: Generic packing detection using several complexity analysis for accurate malware detection. Int. J. Adv. Comput. Sci. Appl. 5(1) (2014). https:\/\/doi.org\/10.14569\/IJACSA.2014.050102","DOI":"10.14569\/IJACSA.2014.050102"},{"key":"16_CR3","unstructured":"Alvarez, V.M.: Yara. https:\/\/virustotal.github.io\/yara\/ (2024). Accessed 15 Apr 2024"},{"key":"16_CR4","unstructured":"Anderson, H.S., Roth, P.: Ember: an open dataset for training static pe malware machine learning models. arXiv preprint arXiv:1804.04637 (2018)"},{"key":"16_CR5","unstructured":"ASPack Software: ASPack Software - Application for compression, packing and protection of software. http:\/\/www.aspack.com\/ (2024). Accessed 15 Apr 2024"},{"issue":"4","key":"16_CR6","doi-asserted-by":"publisher","first-page":"483","DOI":"10.1109\/32.54302","volume":"16","author":"D Callahan","year":"1990","unstructured":"Callahan, D., Carle, A., Hall, M., Kennedy, K.: Constructing the procedure call multigraph. IEEE Trans. Softw. Eng. 16(4), 483\u2013487 (1990). https:\/\/doi.org\/10.1109\/32.54302","journal-title":"IEEE Trans. Softw. Eng."},{"key":"16_CR7","doi-asserted-by":"crossref","unstructured":"Diestel, R.: Graph Theory. Springer, 5th edn. (2017)","DOI":"10.1007\/978-3-662-53622-3"},{"key":"16_CR8","unstructured":"Ebringer, T., Sun, L., Boztas, S.: A fast randomness test that preserves local detail. In: Proceedings of the 18th Virus Bulletin International Conference, pp. 34\u201342. Virus Bulletin Ltd (2008)"},{"key":"16_CR9","doi-asserted-by":"publisher","unstructured":"Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2) (mar 2008). https:\/\/doi.org\/10.1145\/2089125.2089126","DOI":"10.1145\/2089125.2089126"},{"key":"16_CR10","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102550","volume":"113","author":"N Galloro","year":"2022","unstructured":"Galloro, N., Polino, M., Carminati, M., Continella, A., Zanero, S.: A systematical and longitudinal study of evasive behaviors in windows malware. Comput. Secur. 113, 102550 (2022). https:\/\/doi.org\/10.1016\/j.cose.2021.102550","journal-title":"Comput. Secur."},{"key":"16_CR11","unstructured":"Hamilton, W.L.: Graph Representation Learning. Synthesis Lect. Artif. Intell. Mach. Learn. 14(3), 1\u2013159 (2020), publisher: Morgan and Claypool"},{"key":"16_CR12","doi-asserted-by":"publisher","unstructured":"Hamrock, J., Lyda, R.: Using entropy analysis to find encrypted and packed malware. IEEE Secur. Privacy 5(02), 40\u201345 (mar 2007). https:\/\/doi.org\/10.1109\/MSP.2007.48","DOI":"10.1109\/MSP.2007.48"},{"key":"16_CR13","unstructured":"Horsicq: Detect it easy. https:\/\/github.com\/horsicq\/Detect-It-Easy (2024). Accessed 15 Apr 2024"},{"key":"16_CR14","doi-asserted-by":"publisher","unstructured":"Jacob, G., Comparetti, P., Neugschwandtner, M., Kruegel, C., Vigna, G.: A static, packer-agnostic filter to detect similar malware samples. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, vol. 7591 (01 2010). https:\/\/doi.org\/10.1007\/978-3-642-37300-8_6","DOI":"10.1007\/978-3-642-37300-8_6"},{"key":"16_CR15","doi-asserted-by":"publisher","unstructured":"Kim, Y., Paik, J.Y., Choi, S., Cho, E.S.: Efficient SVM based packer identification with binary diffing measures. In: 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). vol.\u00a01, pp. 795\u2013800 (2019).https:\/\/doi.org\/10.1109\/COMPSAC.2019.00117","DOI":"10.1109\/COMPSAC.2019.00117"},{"key":"16_CR16","doi-asserted-by":"publisher","unstructured":"Li, S., et al.: PackGenome: automatically generating robust YARA rules for accurate malware packer detection. In: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security pp. 3078\u20133092. CCS \u201923, Association for Computing Machinery (2023). https:\/\/doi.org\/10.1145\/3576915.3616625","DOI":"10.1145\/3576915.3616625"},{"key":"16_CR17","doi-asserted-by":"publisher","first-page":"51620","DOI":"10.1109\/ACCESS.2019.2910268","volume":"7","author":"X Li","year":"2019","unstructured":"Li, X., Shan, Z., Liu, F., Chen, Y., Hou, Y.: A consistently-executing graph-based approach for malware packer identification. IEEE Access 7, 51620\u201351629 (2019). https:\/\/doi.org\/10.1109\/ACCESS.2019.2910268","journal-title":"IEEE Access"},{"key":"16_CR18","unstructured":"Li, Y., Gu, C., Dullien, T., Vinyals, O., Kohli, P.: Graph matching networks for learning the similarity of graph structured objects. In: Chaudhuri, K., Salakhutdinov, R. (eds.) Proceedings of the 36th International Conference on Machine Learning. Proceedings of Machine Learning Research, vol.\u00a097, pp. 3835\u20133845. PMLR (Jun 2019)"},{"issue":"12","key":"16_CR19","doi-asserted-by":"publisher","first-page":"9038","DOI":"10.1007\/s10489-021-02347-w","volume":"51","author":"H Liu","year":"2021","unstructured":"Liu, H., Guo, C., Cui, Y., Shen, G., Ping, Y.: 2-SPIFF: a 2-stage packer identification method based on function call graph and file attributes. Appl. Intell. 51(12), 9038\u20139053 (2021). https:\/\/doi.org\/10.1007\/s10489-021-02347-w","journal-title":"Appl. Intell."},{"key":"16_CR20","doi-asserted-by":"crossref","unstructured":"Liu, Z., Wang, R., Japkowicz, N., Gomes, H.M., Peng, B., Zhang, W.: Segdroid: an android malware detection method based on sensitive function call graph learning. Expert Syst. Appl. 235(C) (Jan 2024). https:\/\/doi.org\/10.1016\/j.eswa.2023.121125","DOI":"10.1016\/j.eswa.2023.121125"},{"key":"16_CR21","doi-asserted-by":"publisher","unstructured":"Luk, C.K., et al.: Pin: building customized program analysis tools with dynamic instrumentation. SIGPLAN Not. 40(6), 190\u2013200 (jun 2005). https:\/\/doi.org\/10.1145\/1064978.1065034","DOI":"10.1145\/1064978.1065034"},{"key":"16_CR22","doi-asserted-by":"crossref","unstructured":"Mantovani, A., Aonzo, S., Ugarte-Pedrero, X., Merlo, A., Balzarotti, D.: Prevalence and impact of low-entropy packing schemes in the malware ecosystem. In: Proceedings 2020 Network and Distributed System Security Symposium (2020)","DOI":"10.14722\/ndss.2020.24297"},{"key":"16_CR23","volume-title":"Advanced Compiler Design and Implementation","author":"SS Muchnick","year":"1997","unstructured":"Muchnick, S.S.: Advanced Compiler Design and Implementation. Morgan Kaufmann, San Francisco, CA (1997)"},{"key":"16_CR24","doi-asserted-by":"publisher","unstructured":"Muralidharan, T., Cohen, A., Gerson, N., Nissim, N.: File packing from the malware perspective: Techniques, analysis approaches, and directions for enhancements. ACM Comput. Surv. 55(5) (Dec 2022). https:\/\/doi.org\/10.1145\/3530810","DOI":"10.1145\/3530810"},{"key":"16_CR25","unstructured":"Oreans Technologies: Winlicense. https:\/\/www.oreans.com\/WinLicense.php. Accessed 07 Aug 2024"},{"key":"16_CR26","doi-asserted-by":"crossref","unstructured":"Pang, C., et al.: SOK: All you ever wanted to know about x86\/x64 binary disassembly but were afraid to ask. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 833\u2013851 (2021)","DOI":"10.1109\/SP40001.2021.00012"},{"key":"16_CR27","unstructured":"PEiD: Peid. https:\/\/www.aldeid.com\/wiki\/PEiD (2024). Accessed 15 Apr 2024"},{"issue":"14","key":"16_CR28","doi-asserted-by":"publisher","first-page":"1941","DOI":"10.1016\/j.patrec.2008.06.016","volume":"29","author":"R Perdisci","year":"2008","unstructured":"Perdisci, R., Lanzi, A., Lee, W.: Classification of packed executables for accurate computer virus detection. Pattern Recogn. Lett. 29(14), 1941\u20131946 (2008). https:\/\/doi.org\/10.1016\/j.patrec.2008.06.016","journal-title":"Pattern Recogn. Lett."},{"key":"16_CR29","unstructured":"radare2: radare2: Unix-like reverse engineering framework and command-line tools (2024). https:\/\/github.com\/radareorg\/radare2. Accessed 15 Apr 2024"},{"key":"16_CR30","doi-asserted-by":"publisher","unstructured":"Raff, E., et al.: Automatic yara rule generation using biclustering. In: Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security, pp. 71\u201382. AISec\u201920, Association for Computing Machinery, New York, NY, USA (2020). https:\/\/doi.org\/10.1145\/3411508.3421372","DOI":"10.1145\/3411508.3421372"},{"key":"16_CR31","doi-asserted-by":"publisher","unstructured":"Rahbarinia, B., Balduzzi, M., Perdisci, R.: Exploring the long tail of (malicious) software downloads. In: 2017 47th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 391\u2013402 (2017). https:\/\/doi.org\/10.1109\/DSN.2017.19","DOI":"10.1109\/DSN.2017.19"},{"key":"16_CR32","unstructured":"Rolles, R.: Unpacking virtualization obfuscators. In: Proceedings of the 3rd USENIX Conference on Offensive Technologies, p.\u00a01. WOOT\u201909, USENIX Association, USA (2009)"},{"key":"16_CR33","doi-asserted-by":"publisher","first-page":"370","DOI":"10.1007\/978-3-642-14081-5_23","volume-title":"Information Security and Privacy","author":"L Sun","year":"2010","unstructured":"Sun, L., Versteeg, S., Bozta\u015f, S., Yann, T.: Pattern recognition techniques for the classification of malware packers. In: Steinfeld, R., Hawkes, P. (eds.) Information Security and Privacy, pp. 370\u2013390. Springer, Berlin Heidelberg, Berlin, Heidelberg (2010)"},{"key":"16_CR34","doi-asserted-by":"publisher","unstructured":"Ugarte-Pedrero, X., Balzarotti, D., Santos, I., Bringas, P.G.: SOK: deep packer inspection: a longitudinal study of the complexity of run-time packers. In: 2015 IEEE Symposium on Security and Privacy, pp. 659\u2013673 (2015). https:\/\/doi.org\/10.1109\/SP.2015.46","DOI":"10.1109\/SP.2015.46"},{"key":"16_CR35","doi-asserted-by":"crossref","unstructured":"Ugarte-Pedrero, X., Graziano, M., Balzarotti, D.: A close look at a daily dataset of malware samples 22(1) (Jan 2019)","DOI":"10.1145\/3291061"},{"key":"16_CR36","unstructured":"UPX: UPX \u2013 the ultimate packer for executables. https:\/\/upx.github.io\/ (2024). Accessed 15 Apr 2024"},{"key":"16_CR37","doi-asserted-by":"publisher","unstructured":"Yadegari, B., Debray, S.: Symbolic execution of obfuscated code. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 732\u2013744. CCS \u201915, Association for Computing Machinery, New York, NY, USA (2015). https:\/\/doi.org\/10.1145\/2810103.2813663","DOI":"10.1145\/2810103.2813663"},{"key":"16_CR38","doi-asserted-by":"crossref","unstructured":"Zaki, M.J., Meira\u00a0Jr, W.: Data mining and machine learning: fundamental concepts and algorithms. Cambridge University Press, 2 edn. (2020)","DOI":"10.1017\/9781108564175"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-97623-0_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,7]],"date-time":"2025-09-07T01:43:37Z","timestamp":1757209417000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-97623-0_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9783031976223","9783031976230"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-97623-0_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"10 July 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Graz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Austria","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 July 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"11 July 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dimva.org\/dimva2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}