{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T19:13:18Z","timestamp":1771701198731,"version":"3.50.1"},"publisher-location":"Cham","reference-count":48,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319113784","type":"print"},{"value":"9783319113791","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-11379-1_2","type":"book-chapter","created":{"date-parts":[[2014,8,19]],"date-time":"2014-08-19T23:14:54Z","timestamp":1408490094000},"page":"22-45","source":"Crossref","is-referenced-by-count":23,"title":["GoldenEye: Efficiently and Effectively Unveiling Malware\u2019s Targeted Environment"],"prefix":"10.1007","author":[{"given":"Zhaoyan","family":"Xu","sequence":"first","affiliation":[]},{"given":"Jialong","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Guofei","family":"Gu","sequence":"additional","affiliation":[]},{"given":"Zhiqiang","family":"Lin","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"Anubis: Analyzing unknown binaries, \n \n http:\/\/anubis.iseclab.org\/"},{"key":"2_CR2","doi-asserted-by":"crossref","unstructured":"Bifrost, \n \n http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2004-101214-5358-99","DOI":"10.1182\/ashimagebank-2004-101214"},{"key":"2_CR3","unstructured":"Disassembler library for x86\/amd64, \n \n http:\/\/code.google.com\/p\/distorm\/"},{"key":"2_CR4","unstructured":"Duqu, \n \n http:\/\/www.kaspersky.com\/about\/press\/major_malware_outbreaks\/duqu"},{"key":"2_CR5","unstructured":"DynamoRIO, \n \n http:\/\/dynamorio.org\/"},{"key":"2_CR6","unstructured":"Flame, \n \n http:\/\/en.wikipedia.org\/wiki\/Flame_malware"},{"key":"2_CR7","unstructured":"IBank, \n \n http:\/\/www.sophos.com\/en-us\/threat-center\/threat-analyses\/viruses-and-spyware\/Troj~IBank-B\/detailed-analysis.aspx"},{"key":"2_CR8","unstructured":"Koobface, \n \n http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2008-080315-0217-99&tabid=2"},{"key":"2_CR9","unstructured":"NuclearRAT, \n \n http:\/\/en.wikipedia.org\/wiki\/Nuclear_RAT"},{"key":"2_CR10","unstructured":"Offensive Computing, \n \n http:\/\/www.offensivecomputing.net\/"},{"key":"2_CR11","unstructured":"Qakbot, \n \n http:\/\/www.symantec.com\/connect\/blogs\/w32qakbot-under-surface"},{"key":"2_CR12","unstructured":"Sality, \n \n http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2006-011714-3948-99"},{"key":"2_CR13","unstructured":"Stuxnet, \n \n http:\/\/en.wikipedia.org\/wiki\/Stuxnet"},{"key":"2_CR14","unstructured":"Symantec intelligence quarterly, \n \n http:\/\/www.symantec.com\/threatreport\/quarterly.jsp"},{"key":"2_CR15","unstructured":"Symantec: Triage analysis of targeted attacks, \n \n http:\/\/www.symantec.com\/threatreport\/topic.jsp?id=malicious_code_trend"},{"key":"2_CR16","unstructured":"The Nitro Attacks: Stealing Secrets from the Chemical Industry, \n \n http:\/\/www.symantec.com\/security_response\/whitepapers.jsp"},{"key":"2_CR17","unstructured":"Trends in targeted attacks, \n \n http:\/\/www.trendmicro.com\/cloud-content\/us"},{"key":"2_CR18","unstructured":"Trojan BackDoor.Flashback, \n \n http:\/\/en.wikipedia.org\/wiki\/Trojan_BackDoor.Flashback"},{"key":"2_CR19","unstructured":"Trojan.Neloweg, \n \n http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2012-020609-4221-99"},{"key":"2_CR20","unstructured":"Virustotal, \n \n https:\/\/www.virustotal.com\/"},{"key":"2_CR21","unstructured":"Zeus Trojan horse, \n \n http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2010-011016-3514-99"},{"key":"2_CR22","doi-asserted-by":"crossref","unstructured":"Avgerinos, T., Schwartz, E., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: Proc. of IEEE S&P 2010 (2010)","DOI":"10.1109\/SP.2010.26"},{"key":"2_CR23","unstructured":"Balzarotti, D., Cova, M., Karlberger, C., Kruegel, C., Kirda, E., Vigna, G.: Efficient detection of split personalities in malware. In: Proc of NDSS 2010 (2010)"},{"key":"2_CR24","doi-asserted-by":"crossref","unstructured":"Bilge, L., Dumitras, T.: Before we knew it: An empirical study of zero-day attacks in the real world. In: Proc. of CCS 2012 (2012)","DOI":"10.1145\/2382196.2382284"},{"key":"2_CR25","series-title":"AIS","first-page":"65","volume-title":"Botnet Analysis and Defense","author":"D. Brumley","year":"2008","unstructured":"Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Poosankam, P., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Analysis and Defense. AIS, vol.\u00a036, pp. 65\u201388. Springer, Heidelberg (2008)"},{"key":"2_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"463","DOI":"10.1007\/978-3-642-22110-1_37","volume-title":"Computer Aided Verification","author":"D. Brumley","year":"2011","unstructured":"Brumley, D., Jager, I., Avgerinos, T., Schwartz, E.J.: BAP: A binary analysis platform. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol.\u00a06806, pp. 463\u2013469. Springer, Heidelberg (2011)"},{"key":"2_CR27","unstructured":"Royal, P., Song, C., Lee, W.: Impeding automated malware analysis with environment-sensitive malware. In: Proc. of HotSec 20 12 (2012)"},{"key":"2_CR28","unstructured":"Chen, X., Andersen, J., Mao, M., Bailey, M., Nazario, J.: Towards an Understanding of Anti-Virtualization and Anti-Debugging Behavior in Modern Malware. In: Proc. of DSN 2008 (2008)"},{"key":"2_CR29","doi-asserted-by":"crossref","unstructured":"Comparetti, P.M., Salvaneschi, G., Kirda, E., Kolbitsch, C., Krugel, C., Zanero, S.: Identifying dormant functionality in malware programs. In: Proc. of S&P 2010 (2010)","DOI":"10.1109\/SP.2010.12"},{"key":"2_CR30","doi-asserted-by":"crossref","unstructured":"Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: Malware analysis via hardware virtualization extensions. In: Proc of CCS 2008 (2008)","DOI":"10.1145\/1455770.1455779"},{"key":"2_CR31","doi-asserted-by":"crossref","unstructured":"Gonzlez, J., Gonzlez, A.: Speculative execution via address prediction and data prefetching. In: Proc. of ICS 1197 (1997)","DOI":"10.1145\/263580.263631"},{"key":"2_CR32","doi-asserted-by":"crossref","unstructured":"Graziano, M., Leita, C., Balzarotti, D.: Towards network containment in malware analysis systems. In: Proc. of ACSAC 2012 (December 2012)","DOI":"10.1145\/2420950.2421000"},{"key":"2_CR33","unstructured":"Kolbitsch, C., Milani Comparetti, P., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: Proc. of USENIX Security 2009 (2009)"},{"key":"2_CR34","doi-asserted-by":"crossref","unstructured":"Kolbitsch, C., Kirda, E., Kruegel, C.: The power of procrastination: Detection and mitigation of execution-stalling malicious code. In: Proc. of CCS 2011 (2011)","DOI":"10.1145\/2046707.2046740"},{"key":"2_CR35","doi-asserted-by":"crossref","unstructured":"Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C.: Rozzle: De-cloaking internet malware. In: Proc. of S&P 2012 (2012)","DOI":"10.1109\/SP.2012.48"},{"key":"2_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"338","DOI":"10.1007\/978-3-642-23644-0_18","volume-title":"Recent Advances in Intrusion Detection","author":"M. Lindorfer","year":"2011","unstructured":"Lindorfer, M., Kolbitsch, C., Milani Comparetti, P.: Detecting Environment-Sensitive Malware. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol.\u00a06961, pp. 338\u2013357. Springer, Heidelberg (2011)"},{"key":"2_CR37","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring Multiple Execution Paths for Malware Analysis. In: Proc. of S&P 2007 (2007)","DOI":"10.1109\/SP.2007.17"},{"key":"2_CR38","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Proc. of ACSAC 2007 (2007)","DOI":"10.1109\/ACSAC.2007.4413008"},{"key":"2_CR39","doi-asserted-by":"crossref","unstructured":"Nadji, Y., Antonakakis, M., Perdisci, R., Lee, W.: Understanding the Prevalence and Use of Alternative Plans in Malware with Network Games. In: Proc. of ACSAC 2011 (2011)","DOI":"10.1145\/2076732.2076734"},{"key":"2_CR40","doi-asserted-by":"crossref","unstructured":"Nappa, A., Xu, Z., Rafique, M.Z., Caballero, J., Gu, G.: Cyberprobe: Towards internet-scale active detection of alicious servers. In: Proc. of NDSS 2014 (2014)","DOI":"10.14722\/ndss.2014.23218"},{"key":"2_CR41","doi-asserted-by":"crossref","unstructured":"Neugschwandtner, M., Comparetti, P.M., Platzer, C.: Detecting Malware\u2019s Failover C&C Strategies with SQUEEZE. In: Proc. of ACSAC 2011 (2011)","DOI":"10.1145\/2076732.2076736"},{"key":"2_CR42","unstructured":"Peng, F., Deng, Z., Zhang, X., Xu, D., Lin, Z., Su, Z.: X-force: Force-executing binary programs for security applications. In: Proceedings of the 2014 USENIX Security Symposium, San Diego, CA (August 2014)"},{"key":"2_CR43","unstructured":"Porras, P., Saidi, H., Yegneswaran, V.: An Analysis of Conficker\u2019s Logic and Rendezvous Points (2009), \n \n http:\/\/mtc.sri.com\/Conficker\/"},{"key":"2_CR44","unstructured":"Shin, S., Xu, Z., Gu, G.: Effort: Efficient and effective bot malware detection. In: Proc. of INFOCOM 2012 Mini-Conference (2012)"},{"key":"2_CR45","unstructured":"Sikorski, M.: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (2012) (No Starch Press)"},{"key":"2_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-540-74320-0_12","volume-title":"Recent Advances in Intrusion Detection","author":"J. Wilhelm","year":"2007","unstructured":"Wilhelm, J., Chiueh, T.-c.: A forced sampled execution approach to kernel rootkit identification. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 219\u2013235. Springer, Heidelberg (2007)"},{"key":"2_CR47","doi-asserted-by":"crossref","unstructured":"Xu, Z., Chen, L., Gu, G., Kruegel, C.: PeerPress: Utilizing enemies\u2019 p2p strength against them. In: Proc.of CCS 2012 (2012)","DOI":"10.1145\/2382196.2382257"},{"key":"2_CR48","doi-asserted-by":"crossref","unstructured":"Xu, Z., Zhang, J., Gu, G., Lin, Z.: AUTOVAC: Towards automatically extracting system resource constraints and generating vaccines for malware immunization. In: Proc. of ICDCS 2013 (2013)","DOI":"10.1109\/ICDCS.2013.69"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-11379-1_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,27]],"date-time":"2019-05-27T12:31:42Z","timestamp":1558960302000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-11379-1_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319113784","9783319113791"],"references-count":48,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-11379-1_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}