{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,4,6]],"date-time":"2025-04-06T04:51:43Z","timestamp":1743915103117},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319263618"},{"type":"electronic","value":"9783319263625"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26362-5_11","type":"book-chapter","created":{"date-parts":[[2015,10,26]],"date-time":"2015-10-26T14:10:45Z","timestamp":1445868645000},"page":"225-246","source":"Crossref","is-referenced-by-count":7,"title":["Preventing Exploits in Microsoft Office Documents Through Content Randomization"],"prefix":"10.1007","author":[{"given":"Charles","family":"Smutz","sequence":"first","affiliation":[]},{"given":"Angelos","family":"Stavrou","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,12]]},"reference":[{"key":"11_CR1","unstructured":"5 attackers & counting: Dissecting the \u201cdocx.image\u201d exploit kit, December 2013. \n                      http:\/\/www.proofpoint.com\/threatinsight\/posts\/dissecting-docx-image-exploit-kit-cve-exploitation.php"},{"key":"11_CR2","unstructured":"Security threat report 2014: Smarter, shadier, stealthier malware. Technical report, Sophos Labs (2014)"},{"key":"11_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-70542-0_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"S Bhatkar","year":"2008","unstructured":"Bhatkar, S., Sekar, R.: Data space randomization. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 1\u201322. Springer, Heidelberg (2008)"},{"key":"11_CR4","unstructured":"Blond, S.L., Uritesc, A., Gilbert, C., Chua, Z.L., Saxena, P., Kirda, E.: A look at targeted attacks through the lense of an NGO. In: 23rd USENIX Security Symposium (USENIX Security 2014), pp. 543\u2013558, USENIX Association, San Diego (2014)"},{"key":"11_CR5","unstructured":"Bradshaw, S.: The grey corner: omlette egghunter shellcode, October 2013. \n                      http:\/\/www.thegreycorner.com\/2013\/10\/omlette-egghunter-shellcode.html"},{"key":"11_CR6","unstructured":"Dhamankar, R., Paller, A., Sachs, M., Skoudis, E., Eschelbeck, G., Sarwate, A.: Top 20 internet security risks for 2007. \n                      http:\/\/www.sans.org\/press\/top20_2007.php"},{"key":"11_CR7","doi-asserted-by":"publisher","first-page":"S2","DOI":"10.1016\/j.diin.2009.06.016","volume":"6","author":"S Garfinkel","year":"2009","unstructured":"Garfinkel, S., Farrell, P., Roussev, V., Dinolt, G.: Bringing science to digital forensics with standardized forensic corpora. Digit. Investig. 6, S2\u2013S11 (2009)","journal-title":"Digit. Investig."},{"key":"11_CR8","unstructured":"Hardy, S., Crete-Nishihata, M., Kleemola, K., Senft, A., Sonne, B., Wiseman, G., Gill, P., Deibert, R.J.: Targeted threat index: characterizing and quantifying politically-motivated targeted malware. In: Proceedings of the 23rd USENIX Security Symposium (2014)"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"Kc, G.S., Keromytis, A.D., Prevelakis, V.: Countering code-injection attacks with instruction-set randomization. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, CCS 2003, pp. 272\u2013280. ACM, New York (2003)","DOI":"10.1145\/948109.948146"},{"issue":"suppl.","key":"11_CR10","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1016\/j.diin.2006.06.015","volume":"3","author":"J Kornblum","year":"2006","unstructured":"Kornblum, J.: Identifying almost identical files using context triggered piecewise hashing. Digit. Investig. 3(suppl.), 91\u201397 (2006)","journal-title":"Digit. Investig."},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"Li, F., Lai, A., Ddl, D.: Evidence of advanced persistent threat: a case study of malware for political espionage. In: 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 102\u2013109, October 2011","DOI":"10.1109\/MALWARE.2011.6112333"},{"key":"11_CR12","unstructured":"Li, H., Zhu, S., Xie, J.: RTF attack takes advantage of multiple exploits, April 2014. \n                      http:\/\/blogs.mcafee.com\/mcafee-labs\/rtf-attack-takes-advantage-of-multiple-exploits"},{"key":"11_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/978-3-540-73614-1_14","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"W-J Li","year":"2007","unstructured":"Li, W.-J., Stolfo, S.J., Stavrou, A., Androulaki, E., Keromytis, A.D.: A study of malcode-bearing documents. In: H\u00e4mmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 231\u2013250. Springer, Heidelberg (2007)"},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"Maiorca, D., Corona, I., Giacinto, G.: Looking at the bag is not enough to find the bomb: an evasion of structural methods for malicious PDF files detection. In: Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, ASIA CCS 2013, pp. 119\u2013130. ACM, New York (2013)","DOI":"10.1145\/2484313.2484327"},{"key":"11_CR15","doi-asserted-by":"crossref","unstructured":"Mason, J., Small, S., Monrose, F., MacManus, G.: English shellcode. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 524\u2013533. ACM, New York (2009)","DOI":"10.1145\/1653662.1653725"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 601\u2013615, May 2012","DOI":"10.1109\/SP.2012.41"},{"key":"11_CR17","unstructured":"Parkour, M.: 11,355+ malicious documents - archive for signature testing and research, April 2011. \n                      http:\/\/contagiodump.blogspot.com\/2010\/08\/malicious-documents-archive-for.html"},{"key":"11_CR18","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 552\u2013561. ACM, New York (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004, pp. 298\u2013307. ACM, New York (2004)","DOI":"10.1145\/1030083.1030124"},{"key":"11_CR20","doi-asserted-by":"crossref","unstructured":"Smutz, C., Stavrou, A.: Malicious PDF detection using metadata and structural features. In: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 239\u2013248. ACM, New York (2012)","DOI":"10.1145\/2420950.2420987"},{"key":"11_CR21","unstructured":"Srndic, N., Laskov, P.: Detection of malicious PDF files based on hierarchical document structure. In: Proceedings of the 20th Annual Network & Distributed System Security Symposium 2013 (2013)"},{"key":"11_CR22","unstructured":"Stolfo, S.J., Wang, K., Li, W.-J.: Fileprint analysis for malware detection. In: ACM CCS WORM (2005)"},{"key":"11_CR23","doi-asserted-by":"crossref","unstructured":"Szekeres, L., Payer, M., Wei, T., Song, D.: SoK: eternal war in memory. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 48\u201362, May 2013","DOI":"10.1109\/SP.2013.13"},{"key":"11_CR24","doi-asserted-by":"crossref","unstructured":"Tabish, S.M., Shafiq, M.Z., Farooq, M.: Malware detection using statistical analysis of byte-level file content. In: Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, CSI-KDD 2009, pp. 23\u201331. ACM, New York (2009)","DOI":"10.1145\/1599272.1599278"},{"key":"11_CR25","unstructured":"Team, C.: Exploit notes-win32 eggs-to-omelet, August 2010. \n                      https:\/\/www.corelan.be\/index.php\/2010\/08\/22\/exploit-notes-win32-eggs-to-omelet\/"},{"key":"11_CR26","unstructured":"Team, P.: PaX address space layout randomization (2003). \n                      http:\/\/pax.grsecurity.net\/docs\/aslr.txt"},{"key":"11_CR27","doi-asserted-by":"crossref","unstructured":"Tzermias, Z., Sykiotakis, G., Polychronakis, M., Markatos, E.P.: Combining static and dynamic analysis for the detection of malicious documents. In: Proceedings of the Fourth European Workshop on System Security, EUROSEC 2011, pp. 4:1\u20134:6. ACM, New York (2011)","DOI":"10.1145\/1972551.1972555"},{"key":"11_CR28","doi-asserted-by":"crossref","unstructured":"Wei, T., Wang, T., Duan, L., Luo, J.: Secure dynamic code generation against spraying. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 738\u2013740. ACM, New York (2010)","DOI":"10.1145\/1866307.1866415"},{"key":"11_CR29","unstructured":"Zhang, C., Wei, T., Chen, Z., Duan, L., Szekeres, L., McCamant, S., Song, D., Zou, W.: Practical control flow integrity and randomization for binary executables. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 559\u2013573, May 2013"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26362-5_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,31]],"date-time":"2019-05-31T09:35:07Z","timestamp":1559295307000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26362-5_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319263618","9783319263625"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26362-5_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}