{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T04:03:41Z","timestamp":1746331421808,"version":"3.40.4"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319085081"},{"type":"electronic","value":"9783319085098"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-08509-8_2","type":"book-chapter","created":{"date-parts":[[2014,6,13]],"date-time":"2014-06-13T07:04:32Z","timestamp":1402643072000},"page":"21-40","source":"Crossref","is-referenced-by-count":13,"title":["Identifying Shared Software Components to Support Malware Forensics"],"prefix":"10.1007","author":[{"given":"Brian","family":"Ruttenberg","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Craig","family":"Miles","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lee","family":"Kellogg","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vivek","family":"Notani","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Howard","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Charles","family":"LeDoux","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arun","family":"Lakhotia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Avi","family":"Pfeffer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"2_CR1","doi-asserted-by":"crossref","unstructured":"Blondel, V.D., Guillaume, J.-L., Lambiotte, R., Lefebvre, E.: Fast unfolding of communities in large networks. Journal of Statistical Mechanics: Theory and Experiment\u00a02008(10), P10008 (2008)","DOI":"10.1088\/1742-5468\/2008\/10\/P10008"},{"key":"2_CR2","unstructured":"B\u00f6hne, L.: Pandora\u2019s bochs: Automated malware unpacking. Master\u2019s thesis, University of Mannheim (2008)"},{"key":"2_CR3","unstructured":"Caillat, B., Desnos, A., Erra, R.: Binthavro: Towards a useful and fast tool for goodware and malware analysis. In: Proceedings of the 9th European Conference on Information Warfare and Security: University of Macedonia and Strategy International Thessaloniki, Greece, July 1-2, p. 405. Academic Conferences Limited (2010)"},{"key":"2_CR4","doi-asserted-by":"publisher","first-page":"1193","DOI":"10.1109\/TC.2012.65","volume":"62","author":"S. Cesare","year":"2013","unstructured":"Cesare, S., Xiang, Y., Zhou, W.: Malwise\u2013an effective and efficient classification system for packed and polymorphic malware. IEEE Transcation on Computers\u00a062, 1193\u20131206 (2013)","journal-title":"IEEE Transcation on Computers"},{"key":"2_CR5","unstructured":"Cohen, C., Havrilla, J.S.: Function hashing for malicious code analysis. In: CERT Research Annual Report 2009, pp. 26\u201329. Software Engineering Institute, Carnegie Mellon University (2010)"},{"key":"2_CR6","doi-asserted-by":"crossref","unstructured":"Debray, S., Patel, J.: Reverse engineering self-modifying code: Unpacker extraction. In: 2010 17th Working Conference on Reverse Engineering (WCRE), pp. 131\u2013140 (2010)","DOI":"10.1109\/WCRE.2010.22"},{"key":"2_CR7","unstructured":"Dullien, T., Carrera, E., Eppler, S.-M., Porst, S.: Automated attacker correlation for malicious code. Technical report, DTIC Document (2010)"},{"key":"2_CR8","first-page":"1","volume":"5","author":"T. Dullien","year":"2005","unstructured":"Dullien, T., Rolles, R.: Graph-based comparison of executable objects (english version). SSTIC\u00a05, 1\u20133 (2005)","journal-title":"SSTIC"},{"issue":"2","key":"2_CR9","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1145\/2089125.2089126","volume":"44","author":"M. Egele","year":"2012","unstructured":"Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys (CSUR)\u00a044(2), 6 (2012)","journal-title":"ACM Computing Surveys (CSUR)"},{"key":"2_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1007\/978-3-540-88625-9_16","volume-title":"Information and Communications Security","author":"D. Gao","year":"2008","unstructured":"Gao, D., Reiter, M.K., Song, D.: Binhunt: Automatically finding semantic differences in binary programs. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol.\u00a05308, pp. 238\u2013255. Springer, Heidelberg (2008)"},{"key":"2_CR11","doi-asserted-by":"crossref","unstructured":"Hemel, A., Kalleberg, K.T., Vermaas, R., Dolstra, E.: Finding software license violations through binary code clone detection. In: Proceedings of the 8th Working Conference on Mining Software Repositories, pp. 63\u201372. ACM (2011)","DOI":"10.1145\/1985441.1985453"},{"issue":"1","key":"2_CR12","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1007\/BF01908075","volume":"2","author":"L. Hubert","year":"1985","unstructured":"Hubert, L., Arabie, P.: Comparing partitions. Journal of Classification\u00a02(1), 193\u2013218 (1985)","journal-title":"Journal of Classification"},{"key":"2_CR13","unstructured":"Idika, N., Mathur, A.P.: A survey of malware detection techniques. Technical report, Department of Computer Science, Purdue University (2007)"},{"key":"2_CR14","first-page":"309","volume-title":"Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011","author":"J. Jang","year":"2011","unstructured":"Jang, J., Brumley, D., Venkataraman, S.: BitShred: feature hashing malware for scalable triage and semantic analysis. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 309\u2013320. ACM, New York (2011)"},{"key":"2_CR15","unstructured":"Jang, J., Woo, M., Brumley, D.: Towards automatic software lineage inference. In: Proceedings of the 22nd USENIX Conference on Security, pp. 81\u201396. USENIX Association (2013)"},{"key":"2_CR16","unstructured":"Kaspersky Lab. Resource 207: Kaspersky Lab Research proves that Stuxnet and Flame developers are connected (2012) (last accessed: September 13, 2012)"},{"key":"2_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/11663812_11","volume-title":"Recent Advances in Intrusion Detection","author":"C. Kruegel","year":"2006","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 207\u2013226. Springer, Heidelberg (2006)"},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"Lakhotia, A., Dalla Preda, M., Giacobazzi, R.: Fast location of similar code fragments using semantic \u2018juice\u2019. In: SIGPLAN Program Protection and Reverse Engineering Workshop, p. 5. ACM (2013)","DOI":"10.1145\/2430553.2430558"},{"key":"2_CR19","doi-asserted-by":"crossref","unstructured":"Lakhotia, A., Walenstein, A., Miles, C., Singh, A.: Vilo: a rapid learning nearest-neighbor classifier for malware triage. Journal of Computer Virology and Hacking Techniques, 1\u201315 (2013)","DOI":"10.1007\/s11416-013-0178-3"},{"key":"2_CR20","unstructured":"Linger, R., Daly, T., Pleszkoch, M.: Function extraction (FX) research for computation of software behavior: 2010 development and application of semantic reduction theorems for behavior analysis. Technical Report CMU\/SEI-2011-TR-009, Carnegie Mellon University, Software Engineering Institute (February 2011)"},{"key":"2_CR21","unstructured":"Moran, N., Bennett, J.T.: Supply chain analysis: From quartermaster to sunshop. Technical report, FireEye Labs (November 2013)"},{"key":"2_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"204","DOI":"10.1007\/978-3-540-89900-6_21","volume-title":"Intelligence and Security Informatics","author":"R. Moskovitch","year":"2008","unstructured":"Moskovitch, R., Feher, C., Tzachar, N., Berger, E., Gitelman, M., Dolev, S., Elovici, Y.: Unknown malcode detection using OPCODE representation. In: Ortiz-Arroyo, D., Larsen, H.L., Zeng, D.D., Hicks, D., Wagner, G. (eds.) EuroIsI 2008. LNCS, vol.\u00a05376, pp. 204\u2013215. Springer, Heidelberg (2008)"},{"issue":"23","key":"2_CR23","doi-asserted-by":"publisher","first-page":"8577","DOI":"10.1073\/pnas.0601602103","volume":"103","author":"M.E. Newman","year":"2006","unstructured":"Newman, M.E.: Modularity and community structure in networks. Proceedings of the National Academy of Sciences\u00a0103(23), 8577\u20138582 (2006)","journal-title":"Proceedings of the National Academy of Sciences"},{"key":"2_CR24","unstructured":"O\u2019Gorman, G., McDonald, G.: The Elderwood Project (August 2012)"},{"issue":"14","key":"2_CR25","doi-asserted-by":"publisher","first-page":"1941","DOI":"10.1016\/j.patrec.2008.06.016","volume":"29","author":"R. Perdisci","year":"2008","unstructured":"Perdisci, R., Lanzi, A., Lee, W.: Classification of packed executables for accurate computer virus detection. Pattern Recognition Letters\u00a029(14), 1941\u20131946 (2008)","journal-title":"Pattern Recognition Letters"},{"key":"2_CR26","doi-asserted-by":"crossref","unstructured":"Pfeffer, A., Call, C., Chamberlain, J., Kellogg, L., Ouellette, J., Patten, T., Zacharias, G., Lakhotia, A., Golconda, S., Bay, J., et al.: Malware analysis and attribution using genetic information. In: 2012 7th International Conference on Malicious and Unwanted Software (MALWARE), pp. 39\u201345. IEEE (2012)","DOI":"10.1109\/MALWARE.2012.6461006"},{"key":"2_CR27","doi-asserted-by":"crossref","unstructured":"Rajaraman, A., Ullman, J.D.: Mining of Massive Datasets. Cambridge University Press (2012)","DOI":"10.1017\/CBO9781139058452"},{"key":"2_CR28","unstructured":"Rolles, R.: Unpacking virtualization obfuscators. In: Proceedings of the 3rd USENIX Conference on Offensive Technologies, p. 1. USENIX Association (2009)"},{"issue":"1-2","key":"2_CR29","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/s11416-012-0160-5","volume":"8","author":"N. Runwal","year":"2012","unstructured":"Runwal, N., Low, R.M., Stamp, M.: Opcode graph similarity and metamorphic detection. Journal in Computer Virology\u00a08(1-2), 37\u201352 (2012)","journal-title":"Journal in Computer Virology"},{"key":"2_CR30","doi-asserted-by":"crossref","unstructured":"S\u00e6bj\u00f8rnsen, A., Willcock, J., Panas, T., Quinlan, D., Su, Z.: Detecting code clones in binary executables. In: Proceedings of the Eighteenth International Symposium on Software Testing and Analysis, pp. 117\u2013128. ACM (2009)","DOI":"10.1145\/1572272.1572287"},{"key":"2_CR31","doi-asserted-by":"crossref","unstructured":"Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings. 2001 IEEE Symposium on Security and Privacy, SP 2001, pp. 38\u201349 (2001)","DOI":"10.1109\/SECPRI.2001.924286"},{"issue":"4","key":"2_CR32","doi-asserted-by":"publisher","first-page":"494","DOI":"10.1109\/TSMCC.2010.2068544","volume":"41","author":"A. Shabtai","year":"2011","unstructured":"Shabtai, A., Menahem, E., Elovici, Y.: F-sign: Automatic, function-based signature generation for malware. IEEE Transactions on Systems, Man, and Cybernetics, Part C\u00a041(4), 494\u2013508 (2011)","journal-title":"IEEE Transactions on Systems, Man, and Cybernetics, Part C"},{"key":"2_CR33","first-page":"949","volume":"98888","author":"G. Tahan","year":"2012","unstructured":"Tahan, G., Rokach, L., Shahar, Y.: Mal-id: Automatic malware detection using common segment analysis and meta-features. The Journal of Machine Learning Research\u00a098888, 949\u2013979 (2012)","journal-title":"The Journal of Machine Learning Research"},{"key":"2_CR34","unstructured":"Theodoridis, S., Koutroumbas, K.: Pattern Recognition. Elsevier Science (2008)"},{"key":"2_CR35","doi-asserted-by":"crossref","unstructured":"Walenstein, A., Lakhotia, A.: A transformation-based model of malware derivation. In: Malicious and Unwanted Software (MALWARE), pp. 17\u201325. IEEE (2012)","DOI":"10.1109\/MALWARE.2012.6461003"},{"key":"2_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/978-3-642-33704-8_20","volume-title":"Computer Network Security","author":"C. Yavvari","year":"2012","unstructured":"Yavvari, C., Tokhtabayev, A., Rangwala, H., Stavrou, A.: Malware characterization using behavioral components. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol.\u00a07531, pp. 226\u2013239. Springer, Heidelberg (2012)"},{"key":"2_CR37","doi-asserted-by":"crossref","unstructured":"Zhou, W., Zhou, Y., Grace, M., Jiang, X., Zou, S.: Fast, scalable detection of piggybacked mobile applications. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 185\u2013196. ACM (2013)","DOI":"10.1145\/2435349.2435377"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-08509-8_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,3]],"date-time":"2025-05-03T09:55:13Z","timestamp":1746266113000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-08509-8_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319085081","9783319085098"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-08509-8_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}