{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:06:54Z","timestamp":1759133214687,"version":"3.41.0"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319934105"},{"type":"electronic","value":"9783319934112"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-93411-2_3","type":"book-chapter","created":{"date-parts":[[2018,6,7]],"date-time":"2018-06-07T11:49:28Z","timestamp":1528372168000},"page":"46-66","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Spearphishing Malware: Do We Really Know the Unknown?"],"prefix":"10.1007","author":[{"given":"Yanko","family":"Baychev","sequence":"first","affiliation":[]},{"given":"Leyla","family":"Bilge","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,6,8]]},"reference":[{"issue":"10","key":"3_CR1","doi-asserted-by":"publisher","first-page":"6562","DOI":"10.1073\/pnas.102102699","volume":"99","author":"C Ambroise","year":"2002","unstructured":"Ambroise, C., McLachlan, G.J.: Selection bias in gene extraction on the basis of microarray gene-expression data. Proc. Natl. Acad. Sci. 99(10), 6562\u20136566 (2002)","journal-title":"Proc. Natl. Acad. Sci."},{"key":"3_CR2","doi-asserted-by":"crossref","unstructured":"Anderson, B., Storlie, C., Lane, T.: Improving malware classification: bridging the static\/dynamic gap. In: Proceedings of the 5th ACM Workshop on Security and Artificial Intelligence, pp. 3\u201314. ACM (2012)","DOI":"10.1145\/2381896.2381900"},{"key":"3_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-540-74320-0_10","volume-title":"Recent Advances in Intrusion Detection","author":"M Bailey","year":"2007","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol. 4637, pp. 178\u2013197. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-74320-0_10"},{"key":"3_CR4","unstructured":"Barbosa, G.N., Branco, R.R.: Prevalent characteristics in modern malware. Black Hat USA (2014)"},{"key":"3_CR5","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS, vol. 9, pp. 8\u201311 (2009)"},{"key":"3_CR6","unstructured":"Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: a tool for analyzing malware. na (2006)"},{"key":"3_CR7","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: finding malicious domains using passive DNS analysis. In: Ndss (2011)"},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Chen, X.W., Jeong, J.C.: Enhanced recursive feature elimination. In: Sixth International Conference on Machine Learning and Applications, ICMLA 2007, pp. 429\u2013435. IEEE (2007)","DOI":"10.1109\/ICMLA.2007.35"},{"key":"3_CR9","unstructured":"Christopher, K.: Evasive malware exposed and deconstructed. In: RSA Conference (2015)"},{"issue":"2","key":"3_CR10","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1145\/2089125.2089126","volume":"44","author":"M Egele","year":"2012","unstructured":"Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. (CSUR) 44(2), 6 (2012)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"3_CR11","unstructured":"Guarnieri, C., Tanasi, A., Bremer, J., Schloesser, M.: The cuckoo sandbox (2012)"},{"key":"3_CR12","unstructured":"Harrell, C.: Prefetch file meet process hollowing (2014). https:\/\/journeyintoir.blogspot.be\/2014\/12\/prefetch-file-meet-process-hollowing_17.html"},{"issue":"2","key":"3_CR13","doi-asserted-by":"publisher","first-page":"646","DOI":"10.1016\/j.jnca.2012.10.004","volume":"36","author":"R Islam","year":"2013","unstructured":"Islam, R., Tian, R., Batten, L.M., Versteeg, S.: Classification of malware based on integrated static and dynamic features. J. Netw. Comput. Appl. 36(2), 646\u2013656 (2013)","journal-title":"J. Netw. Comput. Appl."},{"key":"3_CR14","doi-asserted-by":"crossref","unstructured":"Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 470\u2013478. ACM (2004)","DOI":"10.1145\/1014052.1014105"},{"key":"3_CR15","unstructured":"M-Labs: Reversing malware command and control: From sockets to com. FireEye (2010). https:\/\/www.fireeye.com\/blog\/threat-research\/2010\/08\/reversing-malware-command-control-sockets.html"},{"key":"3_CR16","unstructured":"Microsoft: Common folder variables (2015). https:\/\/www.microsoft.com\/security\/portal\/mmpc\/shared\/variables.aspx"},{"key":"3_CR17","unstructured":"MITRE: Process hollowing (2016). https:\/\/attack.mitre.org\/wiki\/Technique\/T1093"},{"key":"3_CR18","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1016\/j.cose.2015.04.001","volume":"52","author":"A Mohaisen","year":"2015","unstructured":"Mohaisen, A., Alrawi, O., Mohaisen, M.: Amal: high-fidelity, behavior-based automated malware analysis and classification. Comput. Secur. 52, 251\u2013266 (2015)","journal-title":"Comput. Secur."},{"key":"3_CR19","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-Third Annual Computer Security Applications Conference, ACSAC 2007, pp. 421\u2013430. IEEE (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"3_CR20","unstructured":"Optiv: Improving reliability of sandbox results (2014). https:\/\/www.optiv.com\/blog\/improving-reliability-of-sandbox-results"},{"key":"3_CR21","unstructured":"Ortega, A.: Pafish (paranoid fish) (2012). https:\/\/github.com\/a0rtega\/pafish\/"},{"key":"3_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-540-70542-0_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"K Rieck","year":"2008","unstructured":"Rieck, K., Holz, T., Willems, C., D\u00fcssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108\u2013125. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-70542-0_6"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings of 2001 IEEE Symposium on Security and Privacy, S&P 2001, pp. 38\u201349. IEEE (2001)","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"3_CR24","unstructured":"Spengler, B.: Modified edition of cuckoo. Github (2013). https:\/\/github.com\/brad-accuvant\/cuckoo-modified"},{"key":"3_CR25","unstructured":"Symantec: Internet Security Threat Report, vol. 21, April 2016. https:\/\/www.symantec.com\/security-center\/threat-report"},{"issue":"8","key":"3_CR26","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/S1353-4858(11)70086-1","volume":"2011","author":"C Tankard","year":"2011","unstructured":"Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16\u201319 (2011)","journal-title":"Netw. Secur."},{"key":"3_CR27","volume-title":"Enhancing Automated Malware Analysis Machines with Memory Analysis","author":"T Teller","year":"2014","unstructured":"Teller, T., Hayon, A.: Enhancing Automated Malware Analysis Machines with Memory Analysis. Black Hat, USA (2014)"},{"key":"3_CR28","doi-asserted-by":"crossref","unstructured":"Tian, R., Batten, L.M., Versteeg, S.: Function length as a tool for malware classification. In: 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, pp. 69\u201376. IEEE (2008)","DOI":"10.1109\/MALWARE.2008.4690860"},{"key":"3_CR29","doi-asserted-by":"crossref","unstructured":"Tian, R., Islam, R., Batten, L., Versteeg, S.: Differentiating malware from cleanware using behavioural analysis. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 23\u201330. IEEE (2010)","DOI":"10.1109\/MALWARE.2010.5665796"},{"key":"3_CR30","unstructured":"VirusShare: Virusshare.com - because sharing is caring (2017). https:\/\/virusshare.com\/"},{"key":"3_CR31","unstructured":"Virustotal: Virustotal - free online virus, malware and URL scanner (2012). https:\/\/www.virustotal.com\/"},{"key":"3_CR32","unstructured":"Virustotal: YARA - the pattern matching swiss knife for malware researchers (2014). https:\/\/virustotal.github.io\/yara\/"},{"key":"3_CR33","doi-asserted-by":"crossref","unstructured":"Virvilis, N., Gritzalis, D., Apostolopoulos, T.: Trusted computing vs. advanced persistent threats: can a defender win this game? In: 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 10th International Conference on Autonomic and Trusted Computing (UIC\/ATC), pp. 396\u2013403. IEEE (2013)","DOI":"10.1109\/UIC-ATC.2013.80"},{"key":"3_CR34","unstructured":"Walters, A.: The volatility framework: volatile memory artifact extraction utility framework (2007)"},{"issue":"2","key":"3_CR35","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MSP.2007.45","volume":"5","author":"C Willems","year":"2007","unstructured":"Willems, C., Holz, T., Freiling, F.: CWSandbox: towards automated dynamic binary analysis. IEEE Secur. Privacy 5(2), 32\u201339 (2007)","journal-title":"IEEE Secur. Privacy"},{"key":"3_CR36","unstructured":"Wilson, T.: Move over, apts - the ram-based advanced volatile threat is spinning up fast. DarkReading (2013). www.darkreading.com\/vulnerabilities--threats\/move-over-apts--the-ram-based-advanced-volatile-threat-is-spinning-up-fast\/d\/d-id\/1139211"},{"issue":"4","key":"3_CR37","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1007\/s11416-008-0082-4","volume":"4","author":"Y Ye","year":"2008","unstructured":"Ye, Y., Wang, D., Li, T., Ye, D., Jiang, Q.: An intelligent pe-malware detection system based on association mining. J. Comput. Virol. 4(4), 323\u2013334 (2008)","journal-title":"J. Comput. Virol."}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-93411-2_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,5]],"date-time":"2025-07-05T01:01:23Z","timestamp":1751677283000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-93411-2_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319934105","9783319934112"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-93411-2_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"8 June 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DIMVA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Saclay","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"France","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"28 June 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 June 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dimva2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.dimva2018.org\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}