{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T22:35:51Z","timestamp":1761863751247},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319600796"},{"type":"electronic","value":"9783319600802"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-60080-2_12","type":"book-chapter","created":{"date-parts":[[2017,6,1]],"date-time":"2017-06-01T10:40:06Z","timestamp":1496313606000},"page":"171-188","source":"Crossref","is-referenced-by-count":18,"title":["Assisting Malware Analysis with Symbolic Execution: A Case Study"],"prefix":"10.1007","author":[{"given":"Roberto","family":"Baldoni","sequence":"first","affiliation":[]},{"given":"Emilio","family":"Coppa","sequence":"additional","affiliation":[]},{"given":"Daniele Cono","family":"D\u2019Elia","sequence":"additional","affiliation":[]},{"given":"Camil","family":"Demetrescu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,6,2]]},"reference":[{"key":"12_CR1","unstructured":"Baldoni, R., Coppa, E., D\u2019Elia, D.C., Demetrescu, C., Finocchi, I.: A survey of symbolic execution techniques. CoRR, abs\/1610.00502 (2016)"},{"key":"12_CR2","doi-asserted-by":"crossref","unstructured":"Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., McGarvey, C., Ondrusek, B., Rajamani, S.K., Ustuner, A.: Thorough static analysis of device drivers. In: Proceedings of the 1st ACM SIGOPS\/EuroSys European Conference on Computer Systems, EuroSys 2006, pp. 73\u201385. ACM, New York (2006)","DOI":"10.1145\/1217935.1217943"},{"key":"12_CR3","unstructured":"Brumley, D., Hartwig, C., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Song, D., Yin, H.: Bitscope: automatically dissecting malicious binaries. Technical report, CMU-CS-07-133 (2007)"},{"key":"12_CR4","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1007\/978-0-387-68768-1_4","volume-title":"Botnet Detection","author":"D Brumley","year":"2008","unstructured":"Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection, pp. 65\u201388. Springer, Boston (2008)"},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: automatic extraction of protocol message format using dynamic binary analysis. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS 2007, pp. 317\u2013329. ACM, New York (2007)","DOI":"10.1145\/1315245.1315286"},{"key":"12_CR6","unstructured":"Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation, OSDI 2008, pp. 209\u2013224. USENIX Association, Berkeley (2008)"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Cho, C.Y., Shin, E.C.R., Song, D.: Inference and analysis of formal models of botnet command and control protocols. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 426\u2013439. ACM, New York (2010)","DOI":"10.1145\/1866307.1866355"},{"key":"12_CR8","unstructured":"Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 12th Conference on USENIX Security Symposium, SSYM 2003, vol. 12. USENIX Association, Berkeley (2003)"},{"key":"12_CR9","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy, SP 2005, pp. 32\u201346. IEEE Computer Society, Washington, DC (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"12_CR10","unstructured":"Cui, W., Kannan, J., Wang, H.J.: Discoverer: automatic protocol reverse engineering from network traces. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, SS 2007, pp. 14:1\u201314:14. USENIX Association, Berkeley (2007)"},{"key":"12_CR11","doi-asserted-by":"crossref","unstructured":"Cui, W., Peinado, M., Chen, K., Wang, J.H. and Irun-Briz, L.: Automatic reverse engineering of input formats. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, CCS 2008, pp. 391\u2013402. ACM, New York (2008)","DOI":"10.1145\/1455770.1455820"},{"issue":"2","key":"12_CR12","first-page":"6:1","volume":"44","author":"M Egele","year":"2008","unstructured":"Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 6:1\u20136:42 (2008)","journal-title":"ACM Comput. Surv."},{"key":"12_CR13","unstructured":"Godefroid, P., Levin, M.Y., Molnar, D.A.: Automated whitebox fuzz testing. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2008 (2008)"},{"key":"12_CR14","unstructured":"Illera, A.G., Oca, F.: Introducing ponce: one-click symbolic execution. \nhttp:\/\/research.trust.salesforce.com\/Introducing-Ponce-One-click-symbolic-execution\/\n\n. Accessed Mar 2017"},{"issue":"7","key":"12_CR15","doi-asserted-by":"crossref","first-page":"385","DOI":"10.1145\/360248.360252","volume":"19","author":"JC King","year":"1976","unstructured":"King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385\u2013394 (1976)","journal-title":"Commun. ACM"},{"key":"12_CR16","unstructured":"Kindsight Security Labs: Malware report - Q2 2012 (2012). \nhttp:\/\/resources.alcatel-lucent.com\/?cid=177650\n\n. Accessed Mar 2017"},{"key":"12_CR17","unstructured":"RSA Security LLC: Current state of cybercrime (2016). \nhttps:\/\/www.rsa.com\/content\/dam\/rsa\/PDF\/2016\/05\/2016-current-state-of-cybercrime.pdf\n\n. Accessed Mar 2017"},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of the 2007 IEEE Symposium on Security and Privacy, SP 2007, pp. 231\u2013245 (2007)","DOI":"10.1109\/SP.2007.17"},{"issue":"3","key":"12_CR19","doi-asserted-by":"crossref","first-page":"40:1","DOI":"10.1145\/2840724","volume":"48","author":"J Narayan","year":"2015","unstructured":"Narayan, J., Shukla, S.K., Clancy, T.C.: A survey of automatic protocol reverse engineering tools. ACM Comput. Surv. 48(3), 40:1\u201340:26 (2015)","journal-title":"ACM Comput. Surv."},{"key":"12_CR20","unstructured":"Peng, F., Deng, Z., Zhang, X., Xu, D., Lin, Z., Su, Z.: X-force: force-executing binary programs for security applications. In: Proceedings of the 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 829\u2013844. USENIX Association, Berkeley (2014)"},{"issue":"4","key":"12_CR21","doi-asserted-by":"crossref","first-page":"45:1","DOI":"10.1145\/2501654.2501659","volume":"45","author":"RA Rodr\u00edguez-G\u00f3mez","year":"2013","unstructured":"Rodr\u00edguez-G\u00f3mez, R.A., Maci\u00e1-Fern\u00e1ndez, G., Garc\u00eda-Teodoro, P.: Survey and taxonomy of botnet research through life-cycle. ACM Comput. Surv. 45(4), 45:1\u201345:33 (2013)","journal-title":"ACM Comput. Surv."},{"key":"12_CR22","unstructured":"Saudel, F., Salwan, J.: Triton: a dynamic symbolic execution framework. In: Symposium sur la s\u00e9curit\u00e9 des technologies de l\u2019information et des communications, SSTIC, Rennes, France, pp. 31\u201354. SSTI, 3\u20135 June 2015"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP 2010, pp. 317\u2013331. IEEE Computer Society, Washington, DC (2010)","DOI":"10.1109\/SP.2010.26"},{"key":"12_CR24","unstructured":"Sharif, M.I., Lanzi, A., Giffin, J.T., Lee, W.: Impeding malware analysis using conditional code obfuscation. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2008 (2008)"},{"key":"12_CR25","doi-asserted-by":"crossref","unstructured":"Shoshitaishvili, Y., Wang, R., Hauser, C., Kruegel, C., Vigna, G.: Firmalice - automatic detection of authentication bypass vulnerabilities in binary firmware. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015 (2015)","DOI":"10.14722\/ndss.2015.23294"},{"key":"12_CR26","doi-asserted-by":"crossref","unstructured":"Shoshitaishvili, Y., Wang, R., Salls, C., Stephens, N., Polino, M., Dutcher, A., Grosen, J., Feng, S., Hauser, C., Kr\u00fcgel, C., Vigna, G.: SOK: (state of) the art of war: offensive techniques in binary analysis. IEEE Symposium on Security and Privacy, SP 2016, pp. 138\u2013157 (2016)","DOI":"10.1109\/SP.2016.17"},{"key":"12_CR27","unstructured":"Norman Solutions: Norman sandbox analyzer. \nhttp:\/\/download01.norman.no\/product_sheets\/eng\/SandBox_analyzer.pdf\n\n. Accessed Mar 2017"},{"key":"12_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-89862-7_1","volume-title":"Information Systems Security","author":"D Song","year":"2008","unstructured":"Song, D., et al.: BitBlaze: a new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1\u201325. Springer, Heidelberg (2008). doi:\n10.1007\/978-3-540-89862-7_1"},{"key":"12_CR29","doi-asserted-by":"crossref","unstructured":"Stephens, N., Grosen, J., Salls, C., Dutcher, A., Wang, R., Corbetta, J., Shoshitaishvili, Y., Kruegel, C., Vigna, G.: Driller: augmenting fuzzing through selective symbolic execution. In: 23nd Annual Network and Distributed System Security Symposium, NDSS 2016 (2016)","DOI":"10.14722\/ndss.2016.23368"},{"key":"12_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/978-3-319-40667-1_10","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"X Ugarte-Pedrero","year":"2016","unstructured":"Ugarte-Pedrero, X., Balzarotti, D., Santos, I., Bringas, P.G.: RAMBO: run-time packer analysis with multiple branch observation. In: Caballero, J., Zurutuza, U., Rodr\u00edguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 186\u2013206. Springer, Cham (2016). doi:\n10.1007\/978-3-319-40667-1_10"},{"key":"12_CR31","unstructured":"Villeneuve, N., Sancho, D.: The \u201cLurid\u201d downloader. Trend Micro Incorporated (2011). \nhttp:\/\/la.trendmicro.com\/media\/misc\/lurid-downloader-enfal-report-en.pdf\n\n. Accessed Mar 2017"},{"key":"12_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"210","DOI":"10.1007\/978-3-642-23822-2_12","volume-title":"Computer Security \u2013 ESORICS 2011","author":"Z Wang","year":"2011","unstructured":"Wang, Z., Ming, J., Jia, C., Gao, D.: Linear obfuscation to combat symbolic execution. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 210\u2013226. Springer, Heidelberg (2011). doi:\n10.1007\/978-3-642-23822-2_12"},{"issue":"2","key":"12_CR33","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1109\/MSP.2007.45","volume":"5","author":"C Willems","year":"2007","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using CWSandbox. IEEE Secur. Priv. 5(2), 32\u201339 (2007)","journal-title":"IEEE Secur. Priv."},{"key":"12_CR34","doi-asserted-by":"crossref","unstructured":"Yadegari, B., Debray, S.: Symbolic execution of obfuscated code. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, pp. 732\u2013744. ACM (2015)","DOI":"10.1145\/2810103.2813663"}],"container-title":["Lecture Notes in Computer Science","Cyber Security Cryptography and Machine Learning"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-60080-2_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,1]],"date-time":"2017-06-01T10:43:23Z","timestamp":1496313803000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-60080-2_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319600796","9783319600802"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-60080-2_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}