{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T17:56:24Z","timestamp":1774115784978,"version":"3.50.1"},"publisher-location":"Cham","reference-count":56,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319457185","type":"print"},{"value":"9783319457192","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-45719-2_8","type":"book-chapter","created":{"date-parts":[[2016,9,5]],"date-time":"2016-09-05T22:11:24Z","timestamp":1473113484000},"page":"165-187","source":"Crossref","is-referenced-by-count":55,"title":["SandPrint: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasion"],"prefix":"10.1007","author":[{"given":"Akira","family":"Yokoyama","sequence":"first","affiliation":[]},{"given":"Kou","family":"Ishii","sequence":"additional","affiliation":[]},{"given":"Rui","family":"Tanabe","sequence":"additional","affiliation":[]},{"given":"Yinmin","family":"Papa","sequence":"additional","affiliation":[]},{"given":"Katsunari","family":"Yoshioka","sequence":"additional","affiliation":[]},{"given":"Tsutomu","family":"Matsumoto","sequence":"additional","affiliation":[]},{"given":"Takahiro","family":"Kasama","sequence":"additional","affiliation":[]},{"given":"Daisuke","family":"Inoue","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Brengel","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Backes","sequence":"additional","affiliation":[]},{"given":"Christian","family":"Rossow","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,9,7]]},"reference":[{"key":"8_CR1","unstructured":"Amnpardaz Sandbox - File Analyzer. http:\/\/jevereg.amnpardaz.com\/"},{"key":"8_CR2","unstructured":"Anubis: Malware Analysis for Unknown Binaries. https:\/\/anubis.iseclab.org\/"},{"key":"8_CR3","unstructured":"Bkav - Scan virus online. http:\/\/quetvirus.vn\/default.aspx?lang=en"},{"key":"8_CR4","unstructured":"bochs: The Open Source IA-32 Emulation Project. http:\/\/bochs.sourceforge.net"},{"key":"8_CR5","unstructured":"Dr. Web Online Check. http:\/\/online.drweb.com\/?lng=en"},{"key":"8_CR6","unstructured":"FortiGuard Center. Online Virus Scanner. http:\/\/www.fortiguard.com\/virusscanner"},{"key":"8_CR7","unstructured":"Gary\u2018s Hood. Online Virus Scanner. http:\/\/www.garyshood.com\/virus\/"},{"key":"8_CR8","unstructured":"Malwr - Malware Analysis by Cuckoo Sandbox. https:\/\/malwr.com\/"},{"key":"8_CR9","unstructured":"NVMTrace: Proof-of-concept Automated Baremetal Malware Analysis Framework. https:\/\/code.google.com\/p\/nvmtrace\/"},{"key":"8_CR10","unstructured":"Oracle VM VirtualBox. https:\/\/www.virtualbox.org"},{"key":"8_CR11","unstructured":"#totalhash. https:\/\/totalhash.cymru.com\/upload\/"},{"key":"8_CR12","unstructured":"http:\/\/www.Vicheck.ca"},{"key":"8_CR13","unstructured":"Virusblokada. http:\/\/anti-virus.by\/en\/index.shtml"},{"key":"8_CR14","unstructured":"VirusTotal - Free Online Virus, Malware and URL Scanner. https:\/\/www.virustotal.com\/en\/"},{"key":"8_CR15","unstructured":"VMware. http:\/\/www.vmware.com\/"},{"key":"8_CR16","unstructured":"Bayer, U., Milani Comparetti, P., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: Network and Distributed System Security Symposium (NDSS) (2009)"},{"key":"8_CR17","unstructured":"Bellard, F.: QEMU, a fast and portable dynamic translator. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, ATEC 2005 (2005)"},{"key":"8_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-319-40667-1_11","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Brengel","year":"2016","unstructured":"Brengel, M., Backes, M., Rossow, C.: Detecting hardware-assisted virtualization. In: Caballero, J., Zurutuza, U., Rodr\u00edguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 207\u2013227. Springer, Heidelberg (2016). doi: 10.1007\/978-3-319-40667-1_11"},{"key":"8_CR19","unstructured":"Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: the commoditization of malware distribution. In: USENIX Security (2011)"},{"key":"8_CR20","unstructured":"Comodo. Comodo Instant Malware Analysis. http:\/\/camas.comodo.com\/"},{"key":"8_CR21","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511801389","volume-title":"An Introduction to Support Vector Machines and Other Kernel-based Learning Methods","author":"N Cristianini","year":"2000","unstructured":"Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines and Other Kernel-based Learning Methods. Cambridge University Press, Cambridge (2000)"},{"key":"8_CR22","unstructured":"DEXLabs. Detecting Android Sandboxes (2012). http:\/\/www.dexlabs.org\/blog\/btdetect"},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"Dinaburg, A., Royal, P., Sharif, M., Ether, L.W.: Malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008 (2008)","DOI":"10.1145\/1455770.1455779"},{"key":"8_CR24","first-page":"2","volume":"44","author":"M Egele","year":"2008","unstructured":"Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44, 2 (2008)","journal-title":"ACM Comput. Surv."},{"key":"8_CR25","unstructured":"F-Secure. Sample Analysis System. https:\/\/analysis.f-secure.com\/portal\/login.html"},{"key":"8_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"319","DOI":"10.1007\/11555827_19","volume-title":"Computer Security \u2013 ESORICS 2005","author":"FC Freiling","year":"2005","unstructured":"Freiling, F.C., Holz, T., Wicherski, G.: Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks. In: di Vimercati, S.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 319\u2013335. Springer, Heidelberg (2005)"},{"key":"8_CR27","doi-asserted-by":"crossref","unstructured":"Jing, Y., Zhao, Z., Ahn, G.-J., Hu, H.: Morpheus: automatically generating heuristics to detect android emulators. In: Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC 2014 (2014)","DOI":"10.1145\/2664243.2664250"},{"key":"8_CR28","unstructured":"Jotti. Jotti\u2019s Malware Scan. http:\/\/virusscan.jotti.org\/en"},{"key":"8_CR29","unstructured":"Jung, P.: Bypassing Sandboxes for Fun. https:\/\/www.botconf.eu\/wp-content\/uploads\/2014\/12\/2014-2.7-Bypassing-Sandboxes-for-Fun.pdf"},{"key":"8_CR30","unstructured":"Kirat, D., Vigna, G., Kruegel, C.: Barecloud: bare-metal analysis-based evasive malware detection. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014 (2014)"},{"key":"8_CR31","doi-asserted-by":"crossref","unstructured":"Kirati, D., Vigna, G., Kruegel, C.: BareBox: efficient malware analysis on bare-metal. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011 (2011)","DOI":"10.1145\/2076732.2076790"},{"key":"8_CR32","doi-asserted-by":"crossref","unstructured":"Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: AccessMiner: using system-centric models for malware protection. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010 (2010)","DOI":"10.1145\/1866307.1866353"},{"key":"8_CR33","doi-asserted-by":"crossref","unstructured":"Maier, D., M\u00fcller, T., Protsenko, M.: Divide-and-Conquer: why android malware cannot be stopped. In: Proceedings of the 2014 Ninth International Conference on Availability, Reliability and Security, ARES 2014 (2014)","DOI":"10.1109\/ARES.2014.12"},{"key":"8_CR34","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Paleari, R., Roglia, G.F., Bruschi, D.: Testing CPU emulators. In: Proceedings of the Eighteenth International Symposium on Software Testing and Analysis, ISSTA 2009 (2009)","DOI":"10.1145\/1572272.1572303"},{"key":"8_CR35","unstructured":"Microsoft. Submit a sample - Microsoft Malware Protection Center. https:\/\/www.microsoft.com\/security\/portal\/submission\/submit.aspx"},{"key":"8_CR36","doi-asserted-by":"crossref","unstructured":"Neugschwandtner, M., Comparetti, P. M., Platzer, C.: Detecting malware\u2019s failover C&C strategies with squeeze. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011 (2011)","DOI":"10.1145\/2076732.2076736"},{"key":"8_CR37","unstructured":"Neuner, S., van der Veen, V., Lindorfer, M., Huber, M., Merzdovnik, G., Mulazzani, M., Weippl, E.: Enter Sandbox: Android Sandbox Comparison (2015). http:\/\/arxiv.org\/ftp\/arxiv\/papers\/1410\/1410.7749.pdf"},{"key":"8_CR38","unstructured":"OPSWAT. Metascan Online: Free File Scanning with Multiple Antivirus Engines. https:\/\/www.metascan-online.com\/#!\/scan-file"},{"key":"8_CR39","unstructured":"Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T., Rossow, C.: IoTPOT: analysing the rise of IoT compromises. In: Proceedings of the 9th USENIX Workshop on Offensive Technologies, WOOT (2015)"},{"key":"8_CR40","doi-asserted-by":"crossref","unstructured":"Paleari, R., Martignoni, L., Roglia, G.F., Bruschi, D.A.: Fistful of red-pills: how to automatically generate procedures to detect CPU emulators. In: Proceedings of the 3rd USENIX Conference on Offensive Technologies, WOOT 2009 (2009)","DOI":"10.1145\/1572272.1572303"},{"key":"8_CR41","doi-asserted-by":"crossref","unstructured":"P\u00e9k, G., Bencs\u00e1th, B., Butty\u00e1n, L.: nEther: in-guest detection of out-of-the-guest malware analyzers. In: Proceedings of the Fourth European Workshop on System Security, EUROSEC 2011 (2011)","DOI":"10.1145\/1972551.1972554"},{"key":"8_CR42","doi-asserted-by":"crossref","unstructured":"Petsas, T., Voyatzis, G., Athanasopoulos, E., Polychronakis, M., Ioannidis, S.: Rage against the virtual machine: hindering dynamic analysis of android malware. In: Proceedings of the Seventh European Workshop on System Security, EuroSec 2014 (2014)","DOI":"10.1145\/2592791.2592796"},{"key":"8_CR43","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/978-3-540-75496-1_1","volume-title":"Information Security","author":"T Raffetseder","year":"2007","unstructured":"Raffetseder, T., Kruegel, C., Kirda, E.: Detecting system emulators. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 1\u201318. Springer, Heidelberg (2007)"},{"key":"8_CR44","doi-asserted-by":"crossref","unstructured":"Rieck, K., Schwenk, G., Limmer, T., Holz, T., Laskov, P.: Botzilla: detecting the phoning home of malicious software. In: Proceedings of the 2010 ACM Symposium on Applied Computing (ACSAC 2010) (2010)","DOI":"10.1145\/1774088.1774506"},{"issue":"4","key":"8_CR45","doi-asserted-by":"crossref","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K Rieck","year":"2009","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639\u2013668 (2009)","journal-title":"J. Comput. Secur."},{"key":"8_CR46","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1007\/978-3-642-37300-8_3","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"C Rossow","year":"2013","unstructured":"Rossow, C., Dietrich, C., Bos, H.: Large-scale analysis of malware downloaders. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 42\u201361. Springer, Heidelberg (2013)"},{"key":"8_CR47","unstructured":"Rutkowska, J.: Red Pill... Or How To Detect VMM Using (Almost) One CPU Instruction (2004). http:\/\/www.securiteam.com\/securityreviews\/6Z00H20BQS.html"},{"key":"8_CR48","unstructured":"Payload Security: Free Automated Malware Analysis Service. https:\/\/www.hyblid-analysis.com\/"},{"key":"8_CR49","unstructured":"Payload Security: Blog article (2015). http:\/\/www.pandasecurity.com\/mediacenter\/press-releases\/pandalabs-neutralized-75-million-new-malware-samples-2014-twice-many-2013\/"},{"key":"8_CR50","unstructured":"ThreatTrack Security. Free Online Malware Analysis. http:\/\/www.threattracksecurity.com\/resources\/sandbox-malware-analysis.aspx"},{"key":"8_CR51","unstructured":"Symantec. Internet Security Threat Report 04\/2015 (2015). http:\/\/www.symantec.com\/de\/de\/security_response\/publications\/threatreport.jsp"},{"key":"8_CR52","unstructured":"ThreatExpert. http:\/\/www.threatexpert.com\/submit.aspx"},{"key":"8_CR53","doi-asserted-by":"crossref","unstructured":"Vasudevan, A., Yerraballi, R.: Cobra: fine-grained malware analysis using stealth localized-executions. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, S&P 2006 (2006)","DOI":"10.1109\/SP.2006.9"},{"key":"8_CR54","doi-asserted-by":"crossref","unstructured":"Vidas, T., Christin, N.: Evading android runtime analysis via sandbox detection. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014 (2014)","DOI":"10.1145\/2590296.2590325"},{"key":"8_CR55","unstructured":"VirSCAN.org. Free Multi-Engine Online Virus Scanner. http:\/\/www.virscan.org\/"},{"key":"8_CR56","first-page":"3","volume":"52","author":"K Yoshioka","year":"2011","unstructured":"Yoshioka, K., Hosobuchi, Y., Orii, T., Matsumoto, T.: Your sandbox is blinded: impact of decoy injection to public malware analysis systems. J. Inf. Process. 52, 3 (2011)","journal-title":"J. Inf. Process."}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-45719-2_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,13]],"date-time":"2019-09-13T02:25:13Z","timestamp":1568341513000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-45719-2_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319457185","9783319457192"],"references-count":56,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-45719-2_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]}}}