{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T11:00:05Z","timestamp":1743073205711,"version":"3.40.3"},"publisher-location":"Cham","reference-count":29,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319651262"},{"type":"electronic","value":"9783319651279"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-65127-9_16","type":"book-chapter","created":{"date-parts":[[2017,8,5]],"date-time":"2017-08-05T03:35:53Z","timestamp":1501904153000},"page":"195-210","source":"Crossref","is-referenced-by-count":1,"title":["tLab: A System Enabling Malware Clustering Based on Suspicious Activity Trees"],"prefix":"10.1007","author":[{"given":"Anton","family":"Kopeikin","sequence":"first","affiliation":[]},{"given":"Arnur","family":"Tokhtabayev","sequence":"additional","affiliation":[]},{"given":"Nurlan","family":"Tashatov","sequence":"additional","affiliation":[]},{"given":"Dina","family":"Satybaldina","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,8,6]]},"reference":[{"key":"16_CR1","unstructured":"Malware Statistics Report by AV-Test Institute. https:\/\/www.av-test.org\/en\/statistics\/malware\/"},{"key":"16_CR2","doi-asserted-by":"crossref","unstructured":"Cohen, F.: Computer Viruses Theory and Experiments, Computers and Security, v. 6 (1987)","DOI":"10.1016\/0167-4048(87)90122-2"},{"key":"16_CR3","unstructured":"The Increased Use of PowerShell in Attacks. Whitepaper by Semantic Corporation (2016). https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/security-center\/white-papers\/"},{"key":"16_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"698","DOI":"10.1007\/978-3-642-15497-3_42","volume-title":"Computer Security \u2013 ESORICS 2010","author":"AG Tokhtabayev","year":"2010","unstructured":"Tokhtabayev, A.G., Skormin, V.A., Dolgikh, A.M.: Expressive, efficient and obfuscation resilient behavior based IDS. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 698\u2013715. Springer, Heidelberg (2010). doi: 10.1007\/978-3-642-15497-3_42"},{"key":"16_CR5","unstructured":"tLab (Version 1.5) [computer software], T&T Security LLP, Astana, Kazakhstan (2017)"},{"key":"16_CR6","doi-asserted-by":"crossref","unstructured":"Tokhtabayev, A., Skormin, V., Dolgikh, A.: Detection of worm propagation engines in the system call domain using colored petri nets. In: Proceedings of the IEEE IPCCC \u201907, USA, December 2008","DOI":"10.1109\/PCCC.2008.4745108"},{"key":"16_CR7","doi-asserted-by":"crossref","unstructured":"Jensen, K.: Coloured Petri nets (2nd ed.): basic concepts, analysis methods and practical use, vol. 1, Springer, Berlin (1996)","DOI":"10.1007\/978-3-662-03241-1"},{"issue":"6","key":"16_CR8","doi-asserted-by":"crossref","first-page":"1245","DOI":"10.1137\/0218082","volume":"18","author":"K Zhang","year":"1989","unstructured":"Zhang, K., Shasha, D.: Simple fast algorithms for the editing distance between trees and related problems. SIAM J. Comput. 18(6), 1245\u20131262 (1989)","journal-title":"SIAM J. Comput."},{"key":"16_CR9","doi-asserted-by":"crossref","unstructured":"Pawlik, M., Augsten, N.: RTED: a robust algorithm for the tree edit distance. Proc. VLDB Endow. 5(4), 334\u2013345 (2011)","DOI":"10.14778\/2095686.2095692"},{"key":"16_CR10","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Morley Mao, Z., Jahanian, F., Nazario, J.: Automated Classification and Analysis of Internet Malware (2007)"},{"key":"16_CR11","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS (2009)"},{"key":"16_CR12","doi-asserted-by":"crossref","unstructured":"Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. 44(2), 6:1\u20136:42 (2008)","DOI":"10.1145\/2089125.2089126"},{"key":"16_CR13","unstructured":"Falliere, N., Murchu, L.O., Chien, E.: W32.stuxnet dossier (2011). www.symantec.com White paper 2011"},{"key":"16_CR14","doi-asserted-by":"crossref","unstructured":"Gusfield, D.: Algorithms on Strings, Trees, and Sequences - Computer Science and Computational Biology. Cambridge University Press (1997)","DOI":"10.1017\/CBO9780511574931"},{"key":"16_CR15","unstructured":"Reversal and Analysis of Zeus and SpyEye Banking Trojans. Technical report, IOActive (2012)"},{"key":"16_CR16","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1007\/s11416-008-0086-0","volume":"4","author":"G Jacob","year":"2008","unstructured":"Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol. 4, 251\u2013266 (2008)","journal-title":"J. Comput. Virol."},{"key":"16_CR17","doi-asserted-by":"crossref","unstructured":"Jang, J., Brumley, D., Venkataraman, S.: Bitshred: feature hashing malware for scalable triage and semantic analysis. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 309\u2013320. ACM (2011)","DOI":"10.1145\/2046707.2046742"},{"key":"16_CR18","unstructured":"The flame: Questions and answers, May 2012. www.securelist.com"},{"key":"16_CR19","unstructured":"New malware classification system. www.securelist.com . Accessed June 2012"},{"key":"16_CR20","unstructured":"Rules for naming detected objects. www.securelist.com . Accessed 2012"},{"key":"16_CR21","unstructured":"Kirillov, I., Beck, D., Chase, P., Martin, R.: Malware attribute enumeration and characterization, MITRE (2011)"},{"issue":"5","key":"16_CR22","doi-asserted-by":"crossref","first-page":"719","DOI":"10.1093\/bioinformatics\/btm563","volume":"24","author":"P Langfelder","year":"2008","unstructured":"Langfelder, P., Zhang, B., Horvath, S.: Defining clusters from a hierarchical cluster tree: the dynamic tree cut package for r. Bioinformatics 24(5), 719\u2013720 (2008)","journal-title":"Bioinformatics"},{"key":"16_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1007\/978-3-642-15512-3_13","volume-title":"Recent Advances in Intrusion Detection","author":"P Li","year":"2010","unstructured":"Li, P., Liu, L., Gao, D., Reiter, M.K.: On challenges in evaluating malware clustering. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 238\u2013255. Springer, Heidelberg (2010). doi: 10.1007\/978-3-642-15512-3_13"},{"issue":"4","key":"16_CR24","doi-asserted-by":"crossref","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K Rieck","year":"2011","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur. 19(4), 639\u2013668 (2011)","journal-title":"J. Comput. Secur."},{"key":"16_CR25","unstructured":"RSA. The Current State of Cybercrime and What to Expect in 2012. Technical report, RSA (2012)"},{"key":"16_CR26","doi-asserted-by":"crossref","unstructured":"Trinius, P., Holz, T., Gobel, J., Freiling, F.C.: Visual analysis of malware behavior using tree maps and thread graphs. In: 2009 6th International Workshop on Visualization for Cyber Security, pp. 33\u201338 (2009)","DOI":"10.1109\/VIZSEC.2009.5375540"},{"key":"16_CR27","unstructured":"Ukkonen, E.: Constructing suffix trees on-line in linear time. In: IFIP Congress, pp. 484\u2013492 (1992)"},{"key":"16_CR28","doi-asserted-by":"crossref","unstructured":"Wagener, G., State, R., Dulaunoy, A.: Malware behaviour analysis. J. Comput. Virology 4(4), 279\u2013287 (2007)","DOI":"10.1007\/s11416-007-0074-9"},{"key":"16_CR29","doi-asserted-by":"crossref","unstructured":"Ye, Y., Li, T., Chen, Y., Jiang, Y.: Automatic malware categorization using cluster ensemble. In: Proceedings of the 16th ACM SIGKDD International Conference on Knowledge Discovery and data mining, KDD 2010, pp. 95\u2013104. ACM, New York (2010)","DOI":"10.1145\/1835804.1835820"}],"container-title":["Lecture Notes in Computer Science","Computer Network Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-65127-9_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,1]],"date-time":"2019-10-01T22:13:42Z","timestamp":1569968022000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-65127-9_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319651262","9783319651279"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-65127-9_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}