{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,16]],"date-time":"2025-12-16T12:25:11Z","timestamp":1765887911443,"version":"3.40.3"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319672076"},{"type":"electronic","value":"9783319672083"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-67208-3_11","type":"book-chapter","created":{"date-parts":[[2017,8,30]],"date-time":"2017-08-30T12:21:00Z","timestamp":1504095660000},"page":"187-201","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":25,"title":["A Behavior-Based Approach for Malware Detection"],"prefix":"10.1007","author":[{"given":"Rayan","family":"Mosli","sequence":"first","affiliation":[]},{"given":"Rui","family":"Li","sequence":"additional","affiliation":[]},{"given":"Bo","family":"Yuan","sequence":"additional","affiliation":[]},{"given":"Yin","family":"Pan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,8,31]]},"reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"Aghaeikheirabady, M., Farshchi, S., Shirazi, H.: A new approach to malware detection by comparative analysis of data structures in a memory image. In: Proceedings of the First International Congress on Technology, Communication and Knowledge (2014)","DOI":"10.1109\/ICTCK.2014.7033519"},{"issue":"3","key":"11_CR2","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1080\/00031305.1992.10475879","volume":"46","author":"N Altman","year":"1992","unstructured":"Altman, N.: An introduction to kernel and nearest-neighbor nonparametric regression. The American Statistician 46(3), 175\u2013185 (1992)","journal-title":"The American Statistician"},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"Berlin, K., Slater, D., Saxe, J.: Malicious behavior detection using windows audit logs. In: Proceedings of the Eighth ACM Workshop on Artificial Intelligence and Security, pp. 35\u201344 (2015)","DOI":"10.1145\/2808769.2808773"},{"key":"11_CR4","volume-title":"The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System","author":"B Blunden","year":"2013","unstructured":"Blunden, B.: The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System. Jones and Bartlett Learning, Burlington (2013)"},{"key":"11_CR5","unstructured":"Buitinck, L., Louppe, G., Blondel, M., Pedregosa, F., Mueller, A., Grisel, O., Niculae, V., Prettenhofer, P., Gramfort, A., Grobler, J., Layton, R., VanderPlas, J., Joly, A., Holt, B., Varoquaux, G.: API design for machine learning software: experiences from the scikit-learn project. In: Proceedings of the European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases Workshop: Languages for Data Mining and Machine Learning, pp. 108\u2013122 (2013)"},{"key":"11_CR6","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.: Semantics-aware malware detection. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 32\u201346 (2005)","DOI":"10.1109\/SP.2005.20"},{"issue":"3","key":"11_CR7","first-page":"273","volume":"20","author":"C Cortes","year":"1995","unstructured":"Cortes, C., Vapnik, V.: Support-vector networks. Machine Learning 20(3), 273\u2013297 (1995)","journal-title":"Machine Learning"},{"key":"11_CR8","unstructured":"Cuckoo Foundation, Cuckoo Sandbox (2016). www.cuckoosandbox.org"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"Dolan-Gavitt, B., Srivastava, A., Traynor, P., Giffin, J.: Robust signatures for kernel data structures. In: Proceedings of the Sixteenth ACM Conference on Computer and Communications Security, pp. 566\u2013577 (2009)","DOI":"10.1145\/1653662.1653730"},{"key":"11_CR10","volume-title":"IT Threat Evolution in Q2 2016","author":"D Emm","year":"2016","unstructured":"Emm, D., Unuchek, R., Garnaeva, M., Ivanov, A., Makrushin, D., Sinitsyn, F.: IT Threat Evolution in Q2 2016. Kaspersky Lab, Moscow (2016)"},{"issue":"2","key":"11_CR11","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1007\/s11416-015-0244-0","volume":"12","author":"H Galal","year":"2016","unstructured":"Galal, H., Mahdy, Y., Atiea, M.: Behavior-based features model for malware detection. Journal of Computer Virology and Hacking Techniques 12(2), 59\u201367 (2016)","journal-title":"Journal of Computer Virology and Hacking Techniques"},{"issue":"8","key":"11_CR12","doi-asserted-by":"publisher","first-page":"832","DOI":"10.1109\/34.709601","volume":"20","author":"T Ho","year":"1998","unstructured":"Ho, T.: The random subspace method for constructing decision forests. IEEE Transactions on Pattern Analysis and Machine Intelligence 20(8), 832\u2013844 (1998)","journal-title":"IEEE Transactions on Pattern Analysis and Machine Intelligence"},{"key":"11_CR13","volume-title":"Rootkits: Subverting the Windows Kernel","author":"G Hoglund","year":"2006","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Pearson Education, Upper Saddle River (2006)"},{"key":"11_CR14","unstructured":"Hungenberg, T., Eckert, M.: INetSim: Internet Services Simulation Suite (2007). www.inetsim.org"},{"key":"11_CR15","unstructured":"Klein, B., Peters, R.: Defeating machine learning - What your security vendor is not telling you. Presented at Black Hat USA (2015)"},{"key":"11_CR16","volume-title":"The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux and Mac Memory","author":"M Ligh","year":"2014","unstructured":"Ligh, M., Case, A., Levy, J., Walters, A.: The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux and Mac Memory. John Wiley and Sons, Indianapolis (2014)"},{"issue":"11","key":"11_CR17","doi-asserted-by":"publisher","first-page":"2004","DOI":"10.1002\/sec.1148","volume":"8","author":"Y Lin","year":"2015","unstructured":"Lin, Y., Lai, Y., Lu, C., Hsu, P., Lee, C.: Three-phase behavior-based detection and classification of known and unknown malware. Security and Communication Networks 8(11), 2004\u20132015 (2015)","journal-title":"Security and Communication Networks"},{"key":"11_CR18","volume-title":"Incident Response and Computer Forensics","author":"J Luttgens","year":"2014","unstructured":"Luttgens, J., Pepe, M., Mandia, K.: Incident Response and Computer Forensics. McGraw Hill Education, New York (2014)"},{"key":"11_CR19","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511809071","volume-title":"An Introduction to Information Retrieval","author":"C Manning","year":"2008","unstructured":"Manning, C., Raghavan, P., Schutze, H.: An Introduction to Information Retrieval. Cambridge University Press, Cambridge (2008)"},{"key":"11_CR20","doi-asserted-by":"crossref","unstructured":"Markel, Z., Bilzor, M.: Building a machine learning classifier for malware detection. In: Proceedings of the Second Workshop on Anti-Malware Testing Research (2014)","DOI":"10.1109\/WATeR.2014.7015757"},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"Masud, M., Sahib, S., Abdollah, M., Selamat, S., Yusof, R.: Analysis of features selection and machine learning classifier in Android malware detection. In: Proceedings of the International Conference on Information Science and Applications (2014)","DOI":"10.1109\/ICISA.2014.6847364"},{"key":"11_CR22","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1016\/j.cose.2015.04.001","volume":"52","author":"A Mohaisen","year":"2015","unstructured":"Mohaisen, A., Alrawi, O., Mohaisen, M.: AMAL: High-fidelity, behavior-based automated malware analysis and classification. Computers and Security 52, 251\u2013266 (2015)","journal-title":"Computers and Security"},{"key":"11_CR23","doi-asserted-by":"crossref","unstructured":"Mosli, R., Li, R., Yuan, B., Pan, Y.: Automated malware detection using artifacts in forensic memory images. In: Proceedings of the IEEE Symposium on Technologies for Homeland Security (2016)","DOI":"10.1109\/THS.2016.7568881"},{"key":"11_CR24","doi-asserted-by":"crossref","unstructured":"Nath, H., Mehtre, B.: Static malware analysis using machine learning methods. In: Proceedings of the Second International Conference on Recent Trends in Computer Networks and Distributed Systems Security, pp. 440\u2013450 (2014)","DOI":"10.1007\/978-3-642-54525-2_39"},{"issue":"12","key":"11_CR25","doi-asserted-by":"publisher","first-page":"2591","DOI":"10.1109\/TIFS.2015.2469253","volume":"10","author":"S Naval","year":"2015","unstructured":"Naval, S., Laxmi, V., Rajarajan, M., Gaur, M., Conti, M.: Employing program semantics for malware detection. IEEE Transactions on Information Forensics and Security 10(12), 2591\u20132604 (2015)","journal-title":"IEEE Transactions on Information Forensics and Security"},{"issue":"B","key":"11_CR26","doi-asserted-by":"publisher","first-page":"419","DOI":"10.1016\/j.cose.2013.09.006","volume":"39","author":"Y Park","year":"2013","unstructured":"Park, Y., Reeves, D., Stamp, M.: Deriving common malware behavior through graph clustering. Computers and Security 39(B), 419\u2013430 (2013)","journal-title":"Computers and Security"},{"key":"11_CR27","doi-asserted-by":"crossref","unstructured":"Pirscoveanu, R., Hansen, S., Larsen, T., Stevanovic, M., Pedersen, J., Czech, A.: Analysis of malware behavior: type classification using machine learning. In: Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment (2015)","DOI":"10.1109\/CyberSA.2015.7166115"},{"key":"11_CR28","unstructured":"Roberts, J.: VirusShare Project (2017). virusshare.com"},{"key":"11_CR29","unstructured":"Russinovich, M.: Pushing the limits of Windows: Handles, Mark\u2019s Blog, September 29, 2009. blogs.technet.microsoft.com\/markrussinovich\/2009\/09\/29\/pushing-the-limits-of-windows-handles"},{"key":"11_CR30","unstructured":"Russinovich, M.: Sysinternals Suite, Microsoft TechNet, Redmond, Washington (2017). technet.microsoft.com\/en-us\/sysinternals\/bb842062.aspx"},{"key":"11_CR31","volume-title":"Windows Internals","author":"M Russinovich","year":"2012","unstructured":"Russinovich, M., Solomon, D., Ionescu, A.: Windows Internals. Microsoft Press, Redmond (2012)"},{"key":"11_CR32","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1016\/j.ins.2011.08.020","volume":"231","author":"I Santos","year":"2013","unstructured":"Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Information Sciences 231, 64\u201382 (2013)","journal-title":"Information Sciences"},{"key":"11_CR33","doi-asserted-by":"crossref","unstructured":"Saxe, J., Berlin, K.: Deep neural network based malware detection using two dimensional binary program features. In: Proceedings of the Tenth International Conference on Malicious and Unwanted Software, pp. 11\u201320 (2015)","DOI":"10.1109\/MALWARE.2015.7413680"},{"key":"11_CR34","unstructured":"Schuster, A.: Enumerate Object Types. Computer Forensic Blog, April 7, 2009. computer.forensikblog.de\/en\/2009\/04\/enumerate-object-types.html"},{"issue":"S","key":"11_CR35","doi-asserted-by":"publisher","first-page":"S105","DOI":"10.1016\/j.diin.2013.06.012","volume":"10","author":"J Stuttgen","year":"2013","unstructured":"Stuttgen, J., Cohen, M.: Anti-forensic resilient memory acquisition. Digital Investigation 10(S), S105\u2013S115 (2013)","journal-title":"Digital Investigation"},{"key":"11_CR36","unstructured":"Teller, T., Hayon, A.: Enhancing automated malware analysis machines with memory analysis. Presented at Black Hat USA (2014)"},{"key":"11_CR37","unstructured":"Zaki, A., Humphrey, B.: Unveiling the kernel: Rootkit discovery using selective automated kernel memory differencing. Presented at the Virus Bulletin Conference (2014)"}],"container-title":["IFIP Advances in Information and Communication Technology","Advances in Digital Forensics XIII"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-67208-3_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,26]],"date-time":"2024-06-26T15:40:25Z","timestamp":1719416425000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-67208-3_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319672076","9783319672083"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-67208-3_11","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"31 August 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DigitalForensics","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Digital Forensics","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Orlando","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 January 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"1 February 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"digitalforensics2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ifip119.org\/Conferences\/ConferenceProgram2017.pdf","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}