{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,26]],"date-time":"2025-02-26T05:33:38Z","timestamp":1740548018917,"version":"3.38.0"},"publisher-location":"Berlin, Heidelberg","reference-count":56,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540231233"},{"type":"electronic","value":"9783540301431"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2004]]},"DOI":"10.1007\/978-3-540-30143-1_5","type":"book-chapter","created":{"date-parts":[[2010,9,18]],"date-time":"2010-09-18T23:59:24Z","timestamp":1284854364000},"page":"82-101","source":"Crossref","is-referenced-by-count":5,"title":["Detecting Unknown Massive Mailing Viruses Using Proactive Methods"],"prefix":"10.1007","author":[{"given":"Ruiqi","family":"Hu","sequence":"first","affiliation":[]},{"given":"Aloysius K.","family":"Mok","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"5_CR1","volume-title":"Proceedings of the ACM New Security Paradigms Workshop","author":"B. Blakley","year":"1996","unstructured":"Blakley, B.: The Emperor\u2019s Old Armor. In: Proceedings of the ACM New Security Paradigms Workshop, Lake Arrowhead, California (1996)"},{"key":"5_CR2","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1016\/0167-4048(87)90122-2","volume":"6","author":"F. Cohen","year":"1987","unstructured":"Cohen, F.: Computer Viruses: Theory and Experiments. Computers and Security\u00a06, 22\u201335 (1987)","journal-title":"Computers and Security"},{"key":"5_CR3","unstructured":"Chess, D.M., White, S.R.: An Undetectable Computer Virus. In: Proceedings of the 2000 Virus Bulletin International Conference, Orlando, Florida (2000)"},{"key":"5_CR4","unstructured":"Gryaznov, D.: Scanners of the Year 2000: Heuristics. In: Proceedings of the 5th Virus Bulletin International Conference, Boston, Massachusetts, pp. 225\u2013234 (1999)"},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Kephart, J.O., Arnold, W.C.: Automatic Extraction of Computer Virus Signatures. In: Proceedings of the 4th Virus Bulletin International Conference, Abingdon, England, pp. 178\u2013184 (1994)","DOI":"10.1016\/0142-0496(94)90045-0"},{"key":"5_CR6","unstructured":"Arnold, W., Tesauro, G.: Automatically Generated Win32 Heuristic Virus Detection. In: Proceedings of the 2000 Virus Bulletin International Conference, Orlando, Florida (2000)"},{"key":"5_CR7","doi-asserted-by":"crossref","unstructured":"Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: Data Mining Methods for Detection of New Malicious Executables. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, California, pp. 38\u201349 (2001)","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"5_CR8","unstructured":"Schultz, M.G., Eskin, E., Zadok, E., Bhattacharyya, M., Stolfo, S.J.: MEF: Malicious Email Filter \u2014 A UNIX Mail Filter that Detects Malicious Windows Executables. In: Proceedings of the Annual USENIX Technical Conference, FREENIX Track, Boston, Massechusetts, pp. 245\u2013252 (2001)"},{"key":"5_CR9","first-page":"131","volume":"9","author":"M. Bishop","year":"1996","unstructured":"Bishop, M., Dilger, M.: Checking for Race Conditions in File Accesses. Computing Systems\u00a09, 131\u2013152 (1996)","journal-title":"Computing Systems"},{"key":"5_CR10","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/64.511768","volume":"11","author":"G. Tesauro","year":"1996","unstructured":"Tesauro, G., Kephart, J., Sorkin, G.: Neural Networks for Computer Virus Recognition. IEEE Expert\u00a011, 5\u20136 (1996)","journal-title":"IEEE Expert"},{"key":"5_CR11","doi-asserted-by":"publisher","first-page":"541","DOI":"10.1016\/0167-4048(95)00012-W","volume":"14","author":"R.W. Lo","year":"1995","unstructured":"Lo, R.W., Levitt, K.N., Olsson, R.A.: MCF: A Malicious Code Filter. Computers and Security\u00a014, 541\u2013566 (1995)","journal-title":"Computers and Security"},{"key":"5_CR12","unstructured":"Anderson, J.P.: Computer Security Technology Planning Study. Technical report, ESD-TR-73-51, U.S. Air Force Electronic Systems Division, Deputy for Command andManagement Systems, HQ Electronic Systems Division (AFSC), Bedford, Massachusetts (1972)"},{"key":"5_CR13","unstructured":"Viswanathan, M.: Foundations for the Run-time Analysis of Software Systems. PhD thesis, University of Pennsylvania (2000)"},{"key":"5_CR14","unstructured":"Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability Classes for Enforcement Mechanisms. Technical report, TR 2003-1908, Cornell University, Dept. of Computer Science (2003)"},{"key":"5_CR15","unstructured":"Bauer, L., Ligatti, J., Walker, D.: More Enforceable Security Policies. In: Foundations of Computer Security, Copenhagen, Denmark (2002)"},{"key":"5_CR16","unstructured":"Berman, A., Bourassa, V., Selberg, E.: TRON: Process-Specific File Protection for the UNIX Operating System. In: Proceedings of the 1995 Annual USENIX Technical Conference, New Orleans, Lousianna, pp. 165\u2013175 (1995)"},{"key":"5_CR17","unstructured":"Goldberg, I., Wagner, D., Thomas, R., Brewer, E.A.: A Secure Environment for Untrusted Helper Applications. In: Proceedings of the 6th USENIX Security Symposium, San Jose, California (1996)"},{"key":"5_CR18","unstructured":"Alexandrov, A., Kmiec, P., Schauser, K.: Consh: A Confined Execution Environment for Internet Computations. In: Proceedinges of the Annual USENIX Technical Conference, New Orleans, Louisianna (1998)"},{"key":"5_CR19","unstructured":"Acharya, A., Raje, M.: MAPbox: Using Parameterized Behavior Classes to Confine Untrusted Application. In: Proceedings of the 9th USENIX Security Symposium, Denver, Colorado (2000)"},{"key":"5_CR20","unstructured":"Cowan, C., Beattie, S., Kroah-Hartman, G., Pu, C., Wagle, P., Gligor, V.: Subdomain: Parsimonious Server Security. In: Proceedings of the 14th Systems Administration Conference, New Orleans, Louisianna (2000)"},{"key":"5_CR21","unstructured":"Provos, N.: Improving Host Security with System Call Policies. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC, pp. 257\u2013272 (2003)"},{"key":"5_CR22","unstructured":"Honeypots, Intrusion Detection, Incident Response, http:\/\/www.honeypots.net\/"},{"key":"5_CR23","unstructured":"The Honeynet Project, http:\/\/project.honeynet.org\/"},{"key":"5_CR24","unstructured":"Provos, N.: A Virtual Honeypot Framework. In: Proceedings of the 13th USENIX Security Symposium, San Diego, California (2004)"},{"key":"5_CR25","unstructured":"Jiang, X., Xu, D.: Collapsar: A VM-Based Architecture for Network Attack Detention Center. In: Proceedings of the 13th USENIX Security Symposium, San Diego, California (2004)"},{"key":"5_CR26","unstructured":"Spitzner, L.: Honeytokens: The Other Honeypot (2003), http:\/\/www.securityfocus.com\/infocus\/1713"},{"key":"5_CR27","unstructured":"Pontz, B.: Honeytoken. CERT Honeypot Archive (2004), http:\/\/cert.uni-stuttgart.de\/archive\/honeypots\/2004\/01\/msg00059.html"},{"key":"5_CR28","unstructured":"Somayaji, A., Forrest, S.: Automated Response Using System-Call Delays. In: Proceedings of the 9th USENIX Security Symposium, Denver, Colorado (2000)"},{"key":"5_CR29","unstructured":"LaBrea Sentry IPS: Next Generation Intrusion Prevention System, http:\/\/www.labreatechnologies.com\/"},{"key":"5_CR30","doi-asserted-by":"crossref","unstructured":"Williamson, M.M.: Throttling Viruses: Restricting propagation to defeat malicious mobile code. In: Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada (2002)","DOI":"10.1109\/CSAC.2002.1176279"},{"key":"5_CR31","doi-asserted-by":"crossref","unstructured":"Twycross, J., Williamson, M.M.: Implementing and Testing a Virus Throttle. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC (2003)","DOI":"10.1109\/CSAC.2003.1254312"},{"key":"5_CR32","doi-asserted-by":"crossref","unstructured":"Williamson, M.M.: Design, Implementation and Test of an Email Virus Throttle. In: Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, Nevada (2003)","DOI":"10.1109\/CSAC.2003.1254312"},{"key":"5_CR33","unstructured":"Anderson, J.P.: Computer Security Threat Monitoring and Surveillance. Technical report, James P. Anderson Company, Fort Washington, Pennsylvania (1980)"},{"issue":"2","key":"5_CR34","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"SE-13","author":"D.E. Denning","year":"1987","unstructured":"Denning, D.E.: An Intrusion\u2013Detection Model. IEEE Transactions on Software Engineering\u00a0SE-13(2), 222\u2013232 (1987)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"5_CR35","doi-asserted-by":"crossref","unstructured":"Porras, P.A., Kemmerer, R.A.: Penetration State Transition Analysis \u2013 A Rule- Based Intrusion Detection Approach. In: 8th Annual Computer Security Applications Conference, San Antonio, Texas, pp. 220\u2013229 (1992)","DOI":"10.1109\/CSAC.1992.228217"},{"key":"5_CR36","unstructured":"Kumar, S.: Classification and Detection of Computer Intrusions. PhD thesis, Purdue University (1995)"},{"key":"5_CR37","unstructured":"Lunt, T.F.: Detecting Intruders in Computer Systems. In: Proceedings of the Conference on Auditing and Computer Technology (1993)"},{"key":"5_CR38","unstructured":"Javitz, H.S., Valdes, A.: The NIDES Statistical Component: Description and Justification. Technical report, SRI International, Computer Science Laboratory, Menlo Park, California (1993)"},{"key":"5_CR39","unstructured":"Anderson, D., Lunt, T.F., Javitz, H., Tamaru, A., Valdes, A.: Detecting Unusual Program Behavior Using the Statistical Components of NIDES. Technical report, SRI-CSL-95-06, SRI International, Computer Science Laboratory, Menlo Park, California (1995)"},{"key":"5_CR40","doi-asserted-by":"crossref","unstructured":"Wagner, D., Dean, D.: Intrusion Detection via Static Analysis. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, California, pp. 156\u2013169 (2001)","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"5_CR41","unstructured":"Neumann, P.G., Porras, P.A.: Experience with EMERALD to Date. In: Proceedings of the 1st USENIX Workshop on Intrusion Detection and Network Monitoring, Santa Clara, California, pp. 73\u201380 (1999)"},{"key":"5_CR42","unstructured":"Giffin, J.T., Jha, S., Miller, B.P.: Detecting Manipulated Remote Call Streams. In: Proceedings of the 11th USENIX Security Symposium, San Francisco, California (2002)"},{"key":"5_CR43","unstructured":"Christodorescu, M., Jha, S.: Static Analysis of Executables to Detect Malicious Patterns. In: Proceedings of the 12th USENIX Security Symposium, Washington, DC (2003)"},{"key":"5_CR44","doi-asserted-by":"crossref","unstructured":"McHugh, J., Gates, C.: Locality: A New Paradigm for Thinking about Normal Behavior and Outsider Threat. In: Proceedings of the ACM New Security Paradigms Workshop, Ascona, Switzerland (2003)","DOI":"10.1145\/986655.986657"},{"key":"5_CR45","unstructured":"Jain, K., Sekar, R.: User-Level Infrastructure for System Call Interposition: A Platform for Intrusion Detection and Confinement. In: Proceedings of the Network and Distributed System Security Symposium, San Diego, California, pp. 19\u201334 (2000)"},{"key":"5_CR46","unstructured":"Ghormley, D.P., Petrou, D., Rodrigues, S.H., Anderson, T.E.: SLIC: An Extensibility System for Commodity Operating Systems. In: Proceedinges of the Annual USENIX Technical Conference, New Orleans, Louisianna, pp. 39\u201352 (1998)"},{"key":"5_CR47","doi-asserted-by":"crossref","unstructured":"Fraser, T., Badger, L., Feldman, M.: Hardening COTS Software with Generic Software Wrappers. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, California, pp. 2\u201316 (1999)","DOI":"10.1109\/SECPRI.1999.766713"},{"key":"5_CR48","unstructured":"Ko, C., Fraser, T., Badger, L., Kilpatrick, D.: Detecting and Countering System Intrusions Using Software Wrappers. In: Proceedings of the 9th USENIX Security Symposium, Denver, Colorado (2000)"},{"key":"5_CR49","unstructured":"Nebbett, G.: Windows NT\/2000 Native API Reference. 1st edn. MacMillan Technical Publishing (2000)"},{"key":"5_CR50","doi-asserted-by":"crossref","unstructured":"Solomon, D.A., Russinovich, M.E.: Inside Microsoft Windows 2000, 3rd edn. Microsoft Press (2000)","DOI":"10.1016\/S1361-3723(00)87596-X"},{"key":"5_CR51","doi-asserted-by":"crossref","unstructured":"Postel, J.B.: Simple Mail Transfer Protocol (1982), http:\/\/www.ietf.org\/rfc\/rfc0821.txt","DOI":"10.17487\/rfc0821"},{"key":"5_CR52","first-page":"133","volume":"SE6","author":"D.L. Russell","year":"1980","unstructured":"Russell, D.L.: State Restoration in Systems of Communicating Processes. IEEE Transactions on Software Engineering\u00a0SE6, 133\u2013144 (1980)","journal-title":"IEEE Transactions on Software Engineering"},{"key":"5_CR53","unstructured":"Liu, Y., Sevcenco, S.: W32.bugbear@mm. Symantec Security Response (2003), http:\/\/securityresponse.symantec.com\/avcenter\/venc\/data\/w32.bugbear.mm.html"},{"key":"5_CR54","unstructured":"Sevcenco, S.: Vbs.haptime.a@mm. Symantec Security Response (2004), http:\/\/securityresponse.symantec.com\/avcenter\/venc\/data\/vbs.haptime.a.mm.html"},{"key":"5_CR55","unstructured":"Gudmundsson, A., Chien, E.: W32.klez.e@mm. Symantec Security Response (2003), http:\/\/securityresponse.symantec.com\/avcenter\/venc\/data\/w32.klez.e.mm.html"},{"key":"5_CR56","unstructured":"Ferrie, P., Lee, T.: W32.mydoom.a@mm. Symantec Security Response (2004), http:\/\/securityresponse.symantec.com\/avcenter\/venc\/data\/w32.novarg.a.mm.html"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-30143-1_5.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,25]],"date-time":"2025-02-25T22:37:46Z","timestamp":1740523066000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-30143-1_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2004]]},"ISBN":["9783540231233","9783540301431"],"references-count":56,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-30143-1_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2004]]}}}