{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T15:15:25Z","timestamp":1771514125316,"version":"3.50.1"},"publisher-location":"Cham","reference-count":25,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319171265","type":"print"},{"value":"9783319171272","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-17127-2_11","type":"book-chapter","created":{"date-parts":[[2015,4,27]],"date-time":"2015-04-27T02:12:01Z","timestamp":1430100721000},"page":"164-179","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Two-Level Automated Approach for Defending Against Obfuscated Zero-Day Attacks"],"prefix":"10.1007","author":[{"given":"Ratinder","family":"Kaur","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maninder","family":"Singh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,4,28]]},"reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"Bilge, L., Dumitras, T.: Before we knew it: an empirical study of zero-day attacks in the real world. In: Proceedings of ACM Conference on Computer and Communications Security, pp. 833\u2013844. ACM Press, New York (2012)","DOI":"10.1145\/2382196.2382284"},{"key":"11_CR2","unstructured":"Symantec\u2019s Internet Threat Report of 2013. https:\/\/scm.symantec.com\/resources\/istr18_en.pdf"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Mohammed, M.M.Z.E., Chan, H.A., Ventura, N.: Honeycyber: automated signature generation for zero-day polymorphic worms. In: Proceedings of the IEEE Military Communications Conference (MILCOM 2008), pp. 1\u20136. IEEE Computer Society, Washington (2008)","DOI":"10.1109\/MILCOM.2008.4753178"},{"key":"11_CR4","doi-asserted-by":"crossref","unstructured":"Mohammed, M.M.Z.E., Chan, H.A., Ventura, N., Hashim, M., Amin, I., Bashier, E.: Detection of zero-day polymorphic worms using principal component analysis. In: Proceedings of the 6th IEEE International Conference on Networking and Services, pp. 277\u2013281. IEEE Computer Society, Washington (2010)","DOI":"10.1109\/ICNS.2010.45"},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 226\u2013241. IEEE Press, New York (2005)","DOI":"10.1109\/SP.2005.15"},{"issue":"5","key":"11_CR6","doi-asserted-by":"publisher","first-page":"1256","DOI":"10.1016\/j.comnet.2006.09.005","volume":"51","author":"G Portokalidis","year":"2007","unstructured":"Portokalidis, G., Bos, H.: SweetBait: zero-hour worm detection and containment using low-and high-interaction honeypots. J. Comput. Telecommun. Netw. 51(5), 1256\u20131274 (2007)","journal-title":"J. Comput. Telecommun. Netw."},{"issue":"1","key":"11_CR7","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1109\/TNET.2009.2020431","volume":"18","author":"L Wang","year":"2010","unstructured":"Wang, L., Li, Z., Chen, Y., Fu, Z., Li, X.: Thwarting zero-day polymorphic worms with network-level length-based signature generation. J. IEEE\/ACM Trans. Netw. 18(1), 53\u201366 (2010)","journal-title":"J. IEEE\/ACM Trans. Netw."},{"issue":"4","key":"11_CR8","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1007\/s11416-006-0031-z","volume":"2","author":"M Polychronakis","year":"2006","unstructured":"Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Network-level polymorphic shellcode detection using emulation. J. Comput. Virol. 2(4), 257\u2013274 (2006)","journal-title":"J. Comput. Virol."},{"key":"11_CR9","volume-title":"SGNET: A Distributed Infrastructure to Handle Zero-day Exploits","author":"C Leita","year":"2007","unstructured":"Leita, C., Dacier, M.: SGNET: A Distributed Infrastructure to Handle Zero-day Exploits. Research report, EURECOM institute (2007)"},{"key":"11_CR10","doi-asserted-by":"crossref","unstructured":"Ting, C., Xiaosong, Z., Zhi, L.: A hybrid detection approach for zero-day polymorphic shellcodes. In: International Conference on E-Business and Information System Security, pp. 1\u20135. IEEE, Wuhan (2009)","DOI":"10.1109\/EBISS.2009.5137874"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Li, Z., Sanghi, M., Chen, Y., Kao M.Y., Chavez, B.: Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. In: Symposium on Security and Privacy, pp. 15\u201347. IEEE, Oakland (2006)","DOI":"10.1109\/SP.2006.18"},{"key":"11_CR12","unstructured":"A 0-Day Attack Lasts On Average 10 Months. http:\/\/hackmageddon.com\/2012\/10\/19\/a-0-day-attack-lasts-on-average-10-months\/"},{"key":"11_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-540-74320-0_5","volume-title":"Recent Advances in Intrusion Detection","author":"M Polychronakis","year":"2007","unstructured":"Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Emulation-based detection of non-self-contained polymorphic shellcode. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 87\u2013106. Springer, Heidelberg (2007)"},{"key":"11_CR14","unstructured":"Alazab, M., Venkatraman, S., Watters, P., Alazab, M.: Zero-day malware detection based on supervised learning algorithms of api call signatures. In: Proceedings of the 9th IEEE Australasian Data Mining Conference (AusDM 2011), Australia, pp. 171\u2013182 (2011)"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Aleroud, A., Karabtis G.: A contextual anomaly detection approach to discover zero-day attacks. In: IEEE International Conference on Cyber Security (CYBERSECURITY 2012), pp. 40\u201315, Washington (2012)","DOI":"10.1109\/CyberSecurity.2012.12"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Jain, P., Sardana, A., Defending against internet worms using honeyfarm. In: CUBE International Information Technology Conference (CUBE 2012), Pune, India, pp. 795\u2013800. ACM Press, New York (2012)","DOI":"10.1145\/2381716.2381867"},{"key":"11_CR17","doi-asserted-by":"crossref","unstructured":"Comar, P.M., Liu, L., Saha, S., Tan, P.N., Nucci A.: Combining supervised and unsupervised learning for zero-day malware detection. In: Proceedings of INFOCOM, pp. 2022\u20132030. IEEE Press, Turin (2013)","DOI":"10.1109\/INFCOM.2013.6567003"},{"key":"11_CR18","doi-asserted-by":"crossref","unstructured":"Aleroud, A., Karabatis G.: Toward zero-day attack identification using linear data transformation techniques. In: Proceedings of the 7th IEEE International Conference on Software Security and Reliability (SERE 2013), pp. 159\u2013168. IEEE Press, MD (2013)","DOI":"10.1109\/SERE.2013.16"},{"key":"11_CR19","unstructured":"Kim, I., et al.: A case study of unknown attack detection against zero-day worm in the honeynet environment. In: Proceedings of the 11th IEEE International Conference on Advanced Communication Technology (ICACT 2009), pp. 1715\u20131720. IEEE Press, Ireland (2009)"},{"key":"11_CR20","unstructured":"Sophos Security Threat Report of 2014. http:\/\/www.sophos.com\/en-us\/medialibrary\/PDFs\/other\/sophos-security-threat-report-2014.pdf"},{"key":"11_CR21","series-title":"Communications in Computer and Information Science","doi-asserted-by":"publisher","first-page":"298","DOI":"10.1007\/978-3-642-54525-2_27","volume-title":"Recent Trends in Computer Networks and Distributed Systems Security","author":"R Kaur","year":"2014","unstructured":"Kaur, R., Singh, M.: Automatic evaluation and signature generation technique for thwarting zero-day attacks. In: Mart\u00ednez P\u00e9rez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 298\u2013309. Springer, Heidelberg (2014)"},{"key":"11_CR22","first-page":"1","volume":"99","author":"R Kaur","year":"2014","unstructured":"Kaur, R., Singh, M.: A survey on zero-day polymorphic worm detection techniques. J. IEEE Commun. Surv. Tutorials 99, 1\u201330 (2014)","journal-title":"J. IEEE Commun. Surv. Tutorials"},{"key":"11_CR23","doi-asserted-by":"crossref","unstructured":"Cavallaro, L., Lanzi, A., Mayer, L., Monga, M.: Lisabeth: automated content-based signature generator for zero-day polymorphic worms. In: Proceedings of the 4th ACM International Workshop on Software Engineering for Secure Systems, pp. 41\u201348. ACM Press, Germany (2008)","DOI":"10.1145\/1370905.1370911"},{"issue":"2","key":"11_CR24","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1147\/rd.312.0249","volume":"31","author":"RM Karp","year":"1987","unstructured":"Karp, R.M., Rabin, M.O.: Efficient randomized pattern-matching algorithms. J IBM J. Res. Dev. 31(2), 249\u2013260 (1987)","journal-title":"J IBM J. Res. Dev."},{"key":"11_CR25","unstructured":"VX Heavens, VX Heavens Site. http:\/\/vxheaven.org\/"}],"container-title":["Lecture Notes in Computer Science","Risks and Security of Internet and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-17127-2_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,27]],"date-time":"2025-05-27T15:16:33Z","timestamp":1748358993000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-17127-2_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319171265","9783319171272"],"references-count":25,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-17127-2_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"28 April 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}