{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:10:32Z","timestamp":1759133432913,"version":"3.40.3"},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319934105"},{"type":"electronic","value":"9783319934112"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-93411-2_18","type":"book-chapter","created":{"date-parts":[[2018,6,7]],"date-time":"2018-06-07T07:49:28Z","timestamp":1528357768000},"page":"393-403","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Extended Abstract: Toward Systematically Exploring Antivirus Engines"],"prefix":"10.1007","author":[{"given":"Davide","family":"Quarta","sequence":"first","affiliation":[]},{"given":"Federico","family":"Salvioni","sequence":"additional","affiliation":[]},{"given":"Andrea","family":"Continella","sequence":"additional","affiliation":[]},{"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,6,8]]},"reference":[{"key":"18_CR1","unstructured":"VirusTotal, About Page. \n                      https:\/\/www.virustotal.com\/en\/about\/"},{"key":"18_CR2","unstructured":"Just-In-Time Malware Assembly: Advanced Evasion Techniques. Invincea white paper (2015)"},{"key":"18_CR3","unstructured":"Al-Saleh, M.I., Crandall, J.R.: Application-level reconnaissance: timing channel attacks against antivirus software. In: LEET (2011)"},{"key":"18_CR4","unstructured":"Blackthorne, J., Bulazel, A., Fasano, A., Biernat, P., Yener, B.: AVLeak: fingerprinting antivirus emulators through black-box testing. In: USENIX Workshop on Offensive Technologies (WOOT). USENIX Association, Austin, TX (2016)"},{"key":"18_CR5","unstructured":"Chen, X., Andersen, J., Mao, Z.M., Bailey, M., Nazario, J.: Towards an understanding of anti-virtualization and anti-debugging behavior inmodern malware, June 2008"},{"issue":"4","key":"18_CR6","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1145\/1013886.1007518","volume":"29","author":"Mihai Christodorescu","year":"2004","unstructured":"Christodorescu, M., Jha, S.: Testing Malware Detectors. In: SIGSOFT Software Engineering Notes, July 2004","journal-title":"ACM SIGSOFT Software Engineering Notes"},{"key":"18_CR7","unstructured":"AV comparatives: Independent tests of anti-virus software"},{"key":"18_CR8","unstructured":"Cova, M.: Uncloaking Advanced Malware: How to Spot and Stop an Evasion (2015)"},{"key":"18_CR9","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/s11416-016-0282-2","volume":"13","author":"M Dalla Preda","year":"2017","unstructured":"Dalla Preda, M., Maggi, F.: Testing android malware detectors against code obfuscation: a systematization of knowledge and unified methodology. J. Comput. Virol. Hacking Tech. 13, 209\u2013232 (2017)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"18_CR10","unstructured":"Economou, K.: Escaping the avast sandbox using a single IOCTL (2016)"},{"key":"18_CR11","unstructured":"Ferrie, P.: Attacks on more virtual machine emulators (2007)"},{"key":"18_CR12","unstructured":"Ilsun, Y., Kangbin, Y.: Malware obfuscation techniques: A brief survey (2010)"},{"key":"18_CR13","unstructured":"Jung, P.: Bypassing sandboxes for fun (2014)"},{"key":"18_CR14","unstructured":"Keragala, D.: Detecting malware and sandbox evasion techniques (2016)"},{"key":"18_CR15","unstructured":"Marpaung, J.A.P., Sain, M., Lee, H.-J.: Survey on malware evasion techniques: State of the art and challenges, Feb 2012"},{"key":"18_CR16","unstructured":"Mourad, H.: Sleeping your way out of the sandbox (2015)"},{"key":"18_CR17","unstructured":"Nasi, E.: Bypass antivirus dynamic analysis (2014)"},{"key":"18_CR18","unstructured":"Ormandy, T.: Comodo antivirus: emulator stack buffer overflow handling psubusb packed subtract unsigned with saturation"},{"key":"18_CR19","unstructured":"Ormandy, T.: Comodo: integer overflow leading to heap overflow in win32 emulation"},{"key":"18_CR20","unstructured":"Ormandy, T.: Eset nod32 heap overflow unpacking epoc installation files"},{"key":"18_CR21","unstructured":"Ormandy, T.: Symantec\/norton antivirus aspack remote heap\/pool memory corruption vulnerability cve-2016-2208 (2016)"},{"key":"18_CR22","unstructured":"Ormandy, T.: Sophail: a critical analysis of sophos antivirus (2011)"},{"key":"18_CR23","unstructured":"Ormandy, T.: Sophail: applied attacks against sophos antivirus (2012)"},{"key":"18_CR24","doi-asserted-by":"crossref","unstructured":"Paleari, R., Martignoni, L., Roglia, G.F., Bruschi, D.: A fistful of red-pills: how to automatically generate procedures to detect CPU emulators. In: Proceedings of the 3rd USENIX Conference on Offensive Technologies WOOT 2009. USENIX Association, Berkeley, CA, USA (2009)","DOI":"10.1145\/1572272.1572303"},{"key":"18_CR25","first-page":"39","volume":"7","author":"L Philips","year":"1990","unstructured":"Philips, L.: Hanging on the metaphone. Comput. Lang. 7, 39\u201344 (1990)","journal-title":"Comput. Lang."},{"key":"18_CR26","first-page":"74","volume":"12","author":"BB Rad","year":"2012","unstructured":"Rad, B.B., Masrom, M., Ibrahim, S.: Camouflage in malware : from encryption to metamorphism. IJCSNS 12, 74 (2012)","journal-title":"IJCSNS"},{"key":"18_CR27","unstructured":"Rad, B.B., Masrom, M., Ibrahim, S.: Evolution of computer virus concealment and anti-virus techniques: a short survey. CoRR (2011)"},{"key":"18_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"230","DOI":"10.1007\/978-3-319-45719-2_11","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"M Sebasti\u00e1n","year":"2016","unstructured":"Sebasti\u00e1n, M., Rivera, R., Kotzias, P., Caballero, J.: AVclass: a tool for massive malware labeling. In: Monrose, F., Dacier, M., Blanc, G., Garcia-Alfaro, J. (eds.) RAID 2016. LNCS, vol. 9854, pp. 230\u2013253. Springer, Cham (2016). \n                      https:\/\/doi.org\/10.1007\/978-3-319-45719-2_11"},{"key":"18_CR29","doi-asserted-by":"crossref","unstructured":"Sharma, A., Sahay, S.K.: Evolution and detection of polymorphic and metamorphic malwares: a survey. Int. J. Comput. Appl. (2014)","DOI":"10.5120\/15544-4098"},{"key":"18_CR30","doi-asserted-by":"crossref","unstructured":"Singh, S.: Breaking the sandbox (2014)","DOI":"10.1002\/9781118958247"},{"issue":"3","key":"18_CR31","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1109\/MC.2010.187","volume":"44","author":"Orathai Sukwong","year":"2011","unstructured":"Sukwong, O., Kim, H., Hoe, J.: Commercial antivirus software effectiveness: an empirical study. Computer, March 2011","journal-title":"Computer"},{"key":"18_CR32","volume-title":"The Art of Computer Virus Research and Defense","author":"P Szor","year":"2005","unstructured":"Szor, P.: The Art of Computer Virus Research and Defense. Pearson Education, London (2005)"},{"key":"18_CR33","doi-asserted-by":"crossref","unstructured":"Wressnegger, C., Freeman, K., Yamaguchi, F., Rieck, K.: Automatically inferring malware signatures for anti-virus assisted attacks. In: Proceedings of the ACM Asia Conference on Computer and Communications Security. ACM (2017)","DOI":"10.1145\/3052973.3053002"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-93411-2_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,3,3]],"date-time":"2020-03-03T03:19:30Z","timestamp":1583205570000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-93411-2_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319934105","9783319934112"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-93411-2_18","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"8 June 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Saclay","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 June 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 June 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.dimva2018.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}