{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T16:33:23Z","timestamp":1781109203553,"version":"3.54.1"},"publisher-location":"Berlin, Heidelberg","reference-count":40,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540705413","type":"print"},{"value":"9783540705420","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-70542-0_6","type":"book-chapter","created":{"date-parts":[[2008,8,12]],"date-time":"2008-08-12T16:07:43Z","timestamp":1218557263000},"page":"108-125","source":"Crossref","is-referenced-by-count":357,"title":["Learning and Classification of Malware Behavior"],"prefix":"10.1007","author":[{"given":"Konrad","family":"Rieck","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Carsten","family":"Willems","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Patrick","family":"D\u00fcssel","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Pavel","family":"Laskov","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","reference":[{"key":"6_CR1","unstructured":"Microsoft Security Intelligence Report (October 2007), \n                    \n                      http:\/\/www.microsoft.com\/downloads\/details.aspx?FamilyID=4EDE2572-1D39-46EA-94C6-4851750A2CB0"},{"key":"6_CR2","unstructured":"Avira. AntiVir PersonalEdition Classic (2007), \n                    \n                      http:\/\/www.avira.de\/en\/products\/personal.html"},{"key":"6_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/11856214_9","volume-title":"Recent Advances in Intrusion Detection","author":"P. Baecher","year":"2006","unstructured":"Baecher, P., Koetter, M., Holz, T., Dornseif, M., Freiling, F.C.: The Nepenthes Platform: An Efficient Approach to Collect Malware. In: Zamboni, D., Kr\u00fcgel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 165\u2013184. Springer, Heidelberg (2006)"},{"key":"6_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-540-74320-0_10","volume-title":"Recent Advances in Intrusion Detection","author":"M. Bailey","year":"2007","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated Classification and Analysis of Internet Malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 178\u2013197. Springer, Heidelberg (2007)"},{"key":"6_CR5","unstructured":"Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: A tool for analyzing malware. In: Proceedings of EICAR 2006 (April 2006)"},{"key":"6_CR6","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/s11416-006-0012-2","volume":"2","author":"U. Bayer","year":"2006","unstructured":"Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic analysis of malicious code. Journal in Computer Virology\u00a02, 67\u201377 (2006)","journal-title":"Journal in Computer Virology"},{"issue":"2","key":"6_CR7","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1023\/A:1009715923555","volume":"2","author":"C. Burges","year":"1998","unstructured":"Burges, C.: A tutorial on support vector machines for pattern recognition. Knowledge Discovery and Data Mining\u00a02(2), 121\u2013167 (1998)","journal-title":"Knowledge Discovery and Data Mining"},{"key":"6_CR8","unstructured":"Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 12th USENIX Security Symposium, p. 12(2003)"},{"key":"6_CR9","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proceedings of the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC\/FSE) (2007)","DOI":"10.1145\/1287624.1287628"},{"key":"6_CR10","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D.X., Bryant, R.E.: Semantics-aware malware detection. In: IEEE Symposium on Security and Privacy, pp. 32\u201346 (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"6_CR11","unstructured":"Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic spyware analysis. In: Proceedings of USENIX Annual Technical Conference (June 2007)"},{"key":"6_CR12","unstructured":"Flake, H.: Structural comparison of executable objects. In: Proceedings of Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2004) (2004)"},{"key":"6_CR13","unstructured":"Fogla, P., Sharif, M., Perdisci, R., Kolesnikov, O., Lee, W.: Polymorphic blending attacks. In: Proceedings of the 15th USENIX Security Symposium, pp. 241\u2013256 (2006)"},{"key":"6_CR14","unstructured":"Hunt, G.C., Brubacker, D.: Detours: Binary interception of Win32 functions. In: Proceedings of the 3rd USENIX Windows NT Symposium, pp. 135\u2013143 (1999)"},{"key":"6_CR15","unstructured":"Jiang, X., Xu, D.: Collapsar: A VM-based architecture for network attack detention center. In: Proceedings of the 13th USENIX Security Symposium (2004)"},{"key":"6_CR16","first-page":"137","volume-title":"Proceedings of the European Conference on Machine Learning","author":"T. Joachims","year":"1998","unstructured":"Joachims, T.: Text categorization with support vector machines: Learning with many relevant features. In: Proceedings of the European Conference on Machine Learning, pp. 137\u2013142. Springer, Heidelberg (1998)"},{"key":"6_CR17","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4615-0907-3","volume-title":"Learning to Classify Text using Support Vector Machines","author":"T. Joachims","year":"2002","unstructured":"Joachims, T.: Learning to Classify Text using Support Vector Machines. Kluwer Academic Publishers, Dordrecht (2002)"},{"issue":"1\u20132","key":"6_CR18","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1007\/s11416-005-0002-9","volume":"1","author":"M. Karim","year":"2005","unstructured":"Karim, M., Walenstein, A., Lakhotia, A., Laxmi, P.: Malware phylogeny generation using permutations of code. Journal in Computer Virology\u00a01(1\u20132), 13\u201323 (2005)","journal-title":"Journal in Computer Virology"},{"key":"6_CR19","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-based spyware detection. In: Proceedings of the 15th USENIX Security Symposium, p. 19 (2006)"},{"key":"6_CR20","first-page":"2721","volume":"7","author":"J. Kolter","year":"2006","unstructured":"Kolter, J., Maloof, M.: Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research\u00a07, 2721\u20132744 (2006)","journal-title":"Journal of Machine Learning Research"},{"key":"6_CR21","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Robertson, W., Vigna, G.: Detecting kernel-level rootkits through binary analysis. In: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC) (2004)","DOI":"10.1109\/CSAC.2004.19"},{"key":"6_CR22","unstructured":"Lee, T., Mody, J.J.: Behavioral classification. In: Proceedings of EICAR 2006 (April 2006)"},{"key":"6_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_10","volume-title":"Recent Advances in Intrusion Detection","author":"C. Leita","year":"2006","unstructured":"Leita, C., Dacier, M., Massicotte, F.: Automatic Handling of Protocol Dependencies and Reaction to 0-Day Attacks with ScriptGen Based Honeypots. In: Zamboni, D., Kr\u00fcgel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219. Springer, Heidelberg (2006)"},{"key":"6_CR24","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of 2007 IEEE Symposium on Security and Privacy (2007)","DOI":"10.1109\/SP.2007.17"},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC) (to appear, 2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"6_CR26","unstructured":"Norman. Norman sandbox information center (accessed, 2007), \n                    \n                      http:\/\/sandbox.norman.no\/"},{"key":"6_CR27","volume-title":"Advances in Large Margin Classifiers","author":"J. Platt","year":"2001","unstructured":"Platt, J.: Probabilistic outputs for Support Vector Machines and comparison to regularized likelihood methods. In: Smola, A., Bartlett, P., Sch\u00f6lkopf, B., Schuurmans, D. (eds.) Advances in Large Margin Classifiers. MIT Press, Cambridge (2001)"},{"key":"6_CR28","unstructured":"Pouget, F., Dacier, M., Pham, V.H.: Leurre.com: on the advantages of deploying a large scale distributed honeypot platform. In: ECCE 2005, E-Crime and Computer Conference, March 29-30, Monaco (March 2005)"},{"key":"6_CR29","first-page":"23","volume":"9","author":"K. Rieck","year":"2008","unstructured":"Rieck, K., Laskov, P.: Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research\u00a09, 23\u201348 (2008)","journal-title":"Journal of Machine Learning Research"},{"issue":"11","key":"6_CR30","doi-asserted-by":"publisher","first-page":"613","DOI":"10.1145\/361219.361220","volume":"18","author":"G. Salton","year":"1975","unstructured":"Salton, G., Wong, A., Yang, C.: A vector space model for automatic indexing. Communications of the ACM\u00a018(11), 613\u2013620 (1975)","journal-title":"Communications of the ACM"},{"key":"6_CR31","volume-title":"Learning with Kernels","author":"B. Sch\u00f6lkopf","year":"2002","unstructured":"Sch\u00f6lkopf, B., Smola, A.: Learning with Kernels. MIT Press, Cambridge (2002)"},{"key":"6_CR32","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511809682","volume-title":"Kernel Methods for Pattern Analysis","author":"J. Shawe-Taylor","year":"2004","unstructured":"Shawe-Taylor, J., Cristianini, N.: Kernel Methods for Pattern Analysis. Cambridge University Press, Cambridge (2004)"},{"key":"6_CR33","first-page":"1531","volume":"7","author":"S. Sonnenburg","year":"2006","unstructured":"Sonnenburg, S., R\u00e4tsch, G., Sch\u00e4fer, C., Sch\u00f6lkopf, B.: Large scale multiple kernel learning. Journal of Maching Learning Research\u00a07, 1531\u20131565 (2006)","journal-title":"Journal of Maching Learning Research"},{"key":"6_CR34","volume-title":"The Art of Computer Virus Research and Defense","author":"P. Szor","year":"2005","unstructured":"Szor, P.: The Art of Computer Virus Research and Defense. Addison-Wesley, Reading (2005)"},{"key":"6_CR35","volume-title":"Statistical Learning Theory","author":"V. Vapnik","year":"1998","unstructured":"Vapnik, V.: Statistical Learning Theory. John Wiley & Sons, Chichester (1998)"},{"key":"6_CR36","unstructured":"Virus Bulletin. AVK tops latest AV-Test charts (August 2007), \n                    \n                      http:\/\/www.virusbtn.com\/news\/2007\/08_22a.xml"},{"issue":"5","key":"6_CR37","doi-asserted-by":"publisher","first-page":"148","DOI":"10.1145\/1095809.1095825","volume":"39","author":"M. Vrable","year":"2005","unstructured":"Vrable, M., Ma, J., Chen, J., Moore, D., Vandekieft, E., Snoeren, A.C., Voelker, G.M., Savage, S.: Scalability, fidelity, and containment in the potemkin virtual honeyfarm. SIGOPS Oper. Syst. Rev.\u00a039(5), 148\u2013162 (2005)","journal-title":"SIGOPS Oper. Syst. Rev."},{"key":"6_CR38","doi-asserted-by":"crossref","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 255\u2013264 (2002)","DOI":"10.1145\/586110.586145"},{"key":"6_CR39","doi-asserted-by":"crossref","unstructured":"Willems, C., Holz, T., Freiling, F.: CWSandbox: Towards automated dynamic binary analysis. IEEE Security and Privacy\u00a05(2) (2007)","DOI":"10.1109\/MSP.2007.45"},{"key":"6_CR40","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: Proceedings of ACM Conference on Computer and Communication Security (October 2007)","DOI":"10.1145\/1315245.1315261"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-70542-0_6.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,5,3]],"date-time":"2021-05-03T04:21:53Z","timestamp":1620015713000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-70542-0_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540705413","9783540705420"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-70542-0_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[]}}