{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T22:23:40Z","timestamp":1768429420063,"version":"3.49.0"},"publisher-location":"Cham","reference-count":41,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319608754","type":"print"},{"value":"9783319608761","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-60876-1_5","type":"book-chapter","created":{"date-parts":[[2017,6,3]],"date-time":"2017-06-03T08:00:34Z","timestamp":1496476834000},"page":"97-118","source":"Crossref","is-referenced-by-count":11,"title":["DynODet: Detecting Dynamic Obfuscation in Malware"],"prefix":"10.1007","author":[{"given":"Danny","family":"Kim","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Amir","family":"Majlesi-Kupaei","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Julien","family":"Roy","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Kapil","family":"Anand","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Khaled","family":"ElWazeer","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Buettner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rajeev","family":"Barua","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,6,4]]},"reference":[{"key":"5_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-540-74124-4_16","volume-title":"Information Hiding","author":"B Anckaert","year":"2007","unstructured":"Anckaert, B., Madou, M., Bosschere, K.: A model for self-modifying code. In: Camenisch, J.L., Collberg, C.S., Johnson, N.F., Sallee, P. (eds.) IH 2006. LNCS, vol. 4437, pp. 232\u2013248. Springer, Heidelberg (2007). doi:\n10.1007\/978-3-540-74124-4_16"},{"key":"5_CR2","unstructured":"Bania, P.: Generic unpacking of self-modifying, aggressive, packed binary programs. arXiv preprint (2009). \narXiv:0905.4581"},{"issue":"1","key":"5_CR3","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1007\/s11416-006-0012-2","volume":"2","author":"U Bayer","year":"2006","unstructured":"Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic analysis of malicious code. J. Comput. Virol. 2(1), 67\u201377 (2006)","journal-title":"J. Comput. Virol."},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Blackburn, S.M., Garner, R., Hoffmann, C., Khang, A.M., McKinley, K.S., Bentzur, R., Diwan, A., Feinberg, D., Frampton, D., Guyer, S.Z., et al.: The dacapo benchmarks: java benchmarking development and analysis. In: ACM Sigplan Notices, vol. 41, pp. 169\u2013190. ACM (2006)","DOI":"10.1145\/1167473.1167488"},{"key":"5_CR5","unstructured":"Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Department of Computer Science, The University of Auckland, New Zealand, Technical report (1997)"},{"key":"5_CR6","unstructured":"Microsoft Corporation: What is data execution prevention? May 2016"},{"key":"5_CR7","unstructured":"Microsoft Corporation: Internet security threat report 21, 5, April 2016"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"Debray, S., Patel, J.: Reverse engineering self-modifying code: unpacker extraction. In: 2010 17th Working Conference on Reverse Engineering (WCRE), pp. 131\u2013140. IEEE (2010)","DOI":"10.1109\/WCRE.2010.22"},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"Dinaburg, A., Royal, P., Sharif, M., Lee, W.: Ether: malware analysis via hardware virtualization extensions. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 51\u201362. ACM (2008)","DOI":"10.1145\/1455770.1455779"},{"key":"5_CR10","doi-asserted-by":"crossref","unstructured":"Ghosh, S., Hiser, J., Davidson, J.W.: Software protection for dynamically-generated code. In: Proceedings of the 2nd ACM SIGPLAN Program Protection and Reverse Engineering Workshop, p. 1. ACM (2013)","DOI":"10.1145\/2430553.2430554"},{"key":"5_CR11","unstructured":"Guarnieri, C., Tanasi, A., Bremer, J., Schloesser, M.: The cuckoo sandbox (2012)"},{"key":"5_CR12","unstructured":"Hungenberg, T., Eckert, M.: Inetsim: internet services simulation suite (2013)"},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Poosankam, P., Yin, H.: Renovo: a hidden code extractor for packed executables. In: Proceedings of the 2007 ACM Workshop on Recurring Malcode, pp. 46\u201353. ACM (2007)","DOI":"10.1145\/1314389.1314399"},{"key":"5_CR14","unstructured":"Kapoor, A.: An approach towards disassembly of malicious binary executables. Ph.D. thesis, University of Louisiana at Lafayette (2004)"},{"key":"5_CR15","unstructured":"Kivity, A., Kamay, Y., Laor, D., Lublin, U., Liguori, A.: KVM: the Linux virtual machine monitor. In: Proceedings of the Linux Symposium, vol. 1, pp. 225\u2013230 (2007)"},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Kwon, B.J., Mondal, J., Jang, J., Bilge, L., Dumitras, T.: The dropper effect: insights into malware distribution with downloader graph analytics. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1118\u20131129. ACM (2015)","DOI":"10.1145\/2810103.2813724"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Luk, C.K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. In: ACM Sigplan Notices, vol. 40, pp. 190\u2013200. ACM (2005)","DOI":"10.1145\/1065010.1065034"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Madou, M., Van Put, L., De Bosschere, K.: Understanding obfuscated code. In: 14th IEEE International Conference on Program Comprehension (ICPC 2006), pp. 268\u2013274. IEEE (2006)","DOI":"10.1109\/ICPC.2006.49"},{"key":"5_CR19","unstructured":"Maebe, J., De Bosschere, K.: Instrumenting self-modifying code. arXiv preprint cs\/0309029 (2003)"},{"key":"5_CR20","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: OmniUnpack: fast, generic, and safe unpacking of malware. In: Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007), pp. 431\u2013441. IEEE (2007)","DOI":"10.1109\/ACSAC.2007.15"},{"key":"5_CR21","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-third Annual Computer Security Applications Conference (ACSAC 2007), pp. 421\u2013430. IEEE (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"issue":"5","key":"5_CR22","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1109\/MSP.2011.98","volume":"9","author":"P O\u2019Kane","year":"2011","unstructured":"O\u2019Kane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41\u201347 (2011)","journal-title":"IEEE Secur. Priv."},{"issue":"2","key":"5_CR23","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1002\/spe.4380150203","volume":"15","author":"R Pike","year":"1985","unstructured":"Pike, R., Locanthi, B., Reiser, J.: Hardware\/software trade-offs for bitmap graphics on the blit. Softw. Pract. Exper. 15(2), 131\u2013151 (1985)","journal-title":"Softw. Pract. Exper."},{"key":"5_CR24","unstructured":"Popov, I.V., Debray, S.K., Andrews, G.R.: Binary obfuscation using signals. In: Usenix Security (2007)"},{"key":"5_CR25","unstructured":"Prakash, C.: Design of x86 emulator for generic unpacking. In: Assocation of Anti-Virus Asia Researchers International Conference, Seoul, South Korea (2007)"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Quist, D.A., Liebrock, L.M.: Visualizing compiled executables for malware analysis. In: 6th International Workshop on Visualization for Cyber Security (VizSec 2009), pp. 27\u201332. IEEE (2009)","DOI":"10.1109\/VIZSEC.2009.5375539"},{"key":"5_CR27","unstructured":"Quist, D., Smith, V.: Covert debugging circumventing software armoring techniques. Black hat briefings USA (2007)"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Rabek, J.C., Khazan, R.I., Lewandowski, S.M., Cunningham, R.K.: Detection of injected, dynamically generated, and obfuscated malicious code. In: Proceedings of the 2003 ACM Workshop on Rapid Malcode, pp. 76\u201382. ACM (2003)","DOI":"10.1145\/948187.948201"},{"key":"5_CR29","unstructured":"Rodrigues, T.: Extracting known bad hash set from nsrl. \nhttps:\/\/digital-forensics.sans.org\/blog\/2010\/02\/22\/extracting-known-bad-hashset-from-nsrl\/"},{"key":"5_CR30","first-page":"21","volume":"1","author":"KA Roundy","year":"2012","unstructured":"Roundy, K.A., Miller, B.P.: Binary-code obfuscations in prevalent packer tools. ACM J. Name 1, 21 (2012)","journal-title":"ACM J. Name"},{"key":"5_CR31","doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: PolyUnpack: automating the hidden-code extraction of unpack-executing malware. In: Null, pp. 289\u2013300. IEEE (2006)","DOI":"10.1109\/ACSAC.2006.38"},{"key":"5_CR32","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1007\/978-3-642-33018-6","volume-title":"International Joint Conference CISIS \u201912-ICEUTE \u201912-SOCO \u201912 Special Sessions","author":"I Santos","year":"2013","unstructured":"Santos, I., Devesa, J., Brezo, F., Nieves, J., Bringas, P.G.: Opem: a static-dynamic approach for machine-learning-based malware detection. In: Herrero, A., et al. (eds.) International Joint Conference CISIS \u201912-ICEUTE \u201912-SOCO \u201912 Special Sessions. AISC, vol. 189, pp. 271\u2013280. Springer, Heidelberg (2013). doi:\n10.1007\/978-3-642-33018-6"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Sharif, M., Lanzi, A., Giffin, J., Lee, W.: Automatic reverse engineering of malware emulators. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 94\u2013109. IEEE (2009)","DOI":"10.1109\/SP.2009.27"},{"key":"5_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-89862-7_1","volume-title":"Information Systems Security","author":"D Song","year":"2008","unstructured":"Song, D., et al.: BitBlaze: a new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1\u201325. Springer, Heidelberg (2008). doi:\n10.1007\/978-3-540-89862-7_1"},{"key":"5_CR35","unstructured":"National Institute of Standards and Technology: National software reference library. Online"},{"key":"5_CR36","unstructured":"Stewart, J.: Ollybone: semi-automatic unpacking on IA-32. In: Proceedings of the 14th DEF CON Hacking Conference (2006)"},{"key":"5_CR37","doi-asserted-by":"crossref","unstructured":"Wang, X., Jhi, Y.C., Zhu, S., Liu, P.: Still: exploit code detection via static taint and initialization analyses. In: Annual Computer Security Applications Conference (ACSAC 2008), pp. 289\u2013298. IEEE (2008)","DOI":"10.1109\/ACSAC.2008.37"},{"key":"5_CR38","unstructured":"Wang, Y.M., Vo, B., Roussev, R., Verbowski, C., Johnson, A.: Strider ghostbuster: why it\u2019s a bad idea for stealth software to hide files. Technical report, Technical Report MSR-TR-2004-71, Microsoft Research (2004)"},{"key":"5_CR39","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1109\/MSP.2007.45","volume":"2","author":"C Willems","year":"2007","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using CWSandbox. IEEE Secur. Priv. 2, 32\u201339 (2007)","journal-title":"IEEE Secur. Priv."},{"key":"5_CR40","doi-asserted-by":"crossref","unstructured":"Ying, L., Su, P., Feng, D., Wang, X., Yang, Y., Liu, Y.: Reconbin: reconstructing binary file from execution for software analysis. In: Third IEEE International Conference on Secure Software Integration and Reliability Improvement (SSIRI 2009), pp. 222\u2013229. IEEE (2009)","DOI":"10.1109\/SSIRI.2009.46"},{"key":"5_CR41","unstructured":"Yuschuk, O.: Ollydbg (2007)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-60876-1_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,12]],"date-time":"2017-06-12T12:12:48Z","timestamp":1497269568000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-60876-1_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319608754","9783319608761"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-60876-1_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}