{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T10:19:33Z","timestamp":1776334773290,"version":"3.51.2"},"publisher-location":"Berlin, Heidelberg","reference-count":30,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540743194","type":"print"},{"value":"9783540743200","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-74320-0_10","type":"book-chapter","created":{"date-parts":[[2007,8,16]],"date-time":"2007-08-16T09:47:48Z","timestamp":1187257668000},"page":"178-197","source":"Crossref","is-referenced-by-count":242,"title":["Automated Classification and Analysis of Internet Malware"],"prefix":"10.1007","author":[{"given":"Michael","family":"Bailey","sequence":"first","affiliation":[]},{"given":"Jon","family":"Oberheide","sequence":"additional","affiliation":[]},{"given":"Jon","family":"Andersen","sequence":"additional","affiliation":[]},{"given":"Z. Morley","family":"Mao","sequence":"additional","affiliation":[]},{"given":"Farnam","family":"Jahanian","sequence":"additional","affiliation":[]},{"given":"Jose","family":"Nazario","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"10_CR1","unstructured":"Arbor malware library (AML) (2006), http:\/\/www.arbornetworks.com\/"},{"key":"10_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_9","volume-title":"Recent Advances in Intrusion Detection","author":"P. Baecher","year":"2006","unstructured":"Baecher, P., Koetter, M., Holz, T., Dornseif, M., Freiling, F.: The nepenthes platform: An efficient approach to collect malware. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, Springer, Heidelberg (2006)"},{"key":"10_CR3","volume-title":"Series: Advances in Information Security","author":"P. Barford","year":"2006","unstructured":"Barford, P., Yagneswaran, V.: An inside look at botnets. In: Series: Advances in Information Security, Springer, Heidelberg (2006)"},{"key":"10_CR4","unstructured":"Beck, D., Connolly, J.: The Common Malware Enumeration Initiative. In: Virus Bulletin Conference (October 2006)"},{"key":"10_CR5","unstructured":"Willems, C., Holz, T.: Cwsandbox ( 2007), http:\/\/www.cwsandbox.org\/"},{"key":"10_CR6","doi-asserted-by":"crossref","first-page":"32","DOI":"10.1109\/SP.2005.20","volume-title":"Proceedings of the 2005 IEEE Symposium on Security and Privacy (Oakland 2005)","author":"M. Christodorescu","year":"2005","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy (Oakland 2005), Oakland, CA, USA, May 2005, pp. 32\u201346. ACM Press, New York (2005)"},{"key":"10_CR7","volume-title":"Introduction to Algorithms","author":"T.H. Cormen","year":"1990","unstructured":"Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms. MIT Press, Cambridge, MA (1990)"},{"key":"10_CR8","volume-title":"Proceedings of ASPLOS","author":"J.R. Crandall","year":"2006","unstructured":"Crandall, J.R., Wassermann, G., de Oliveira, D.A.S., Su, Z., Wu, S.F., Chong, F.T.: Temporal Search: Detecting Hidden Malware Timebombs with Virtual Machines. In: Proceedings of ASPLOS, San Jose, CA, October 2006, ACM Press, New York (2006)"},{"key":"10_CR9","volume-title":"Proceedings of the ACM Workshop on Rapid Malcode (WORM 2004)","author":"D. Ellis","year":"2004","unstructured":"Ellis, D., Aiken, J., Attwood, K., Tenaglia, S.: A Behavioral Approach to Worm Detection. In: Proceedings of the ACM Workshop on Rapid Malcode (WORM 2004), October 2004, ACM Press, New York (2004)"},{"key":"10_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"19","DOI":"10.1007\/11856214_2","volume-title":"Recent Advances in Intrusion Detection","author":"D. Gao","year":"2006","unstructured":"Gao, D., Beck, D., Reiter, J.C.M.K., Song, D.X.: Behavioral distance measurement using hidden markov models. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 19\u201340. Springer, Heidelberg (2006)"},{"key":"10_CR11","doi-asserted-by":"crossref","DOI":"10.1007\/978-0-387-21606-5","volume-title":"The Elements of Statistical Learning: Data Mining, Inference, and Prediction","author":"T. Hastie","year":"2001","unstructured":"Hastie, T., Tibshirani, R., Friedman, J.: The Elements of Statistical Learning: Data Mining, Inference, and Prediction. Springer, Heidelberg (2001)"},{"key":"10_CR12","doi-asserted-by":"publisher","first-page":"223","DOI":"10.1145\/945445.945467","volume-title":"Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003)","author":"S.T. King","year":"2003","unstructured":"King, S.T., Chen, P.M.: Backtracking intrusions. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003), Bolton Landing, NY, USA, October 2003, pp. 223\u2013236. ACM Press, New York (2003)"},{"key":"10_CR13","unstructured":"Kolter, J.Z., Maloof, M.A.: Learning to Detect and Classify Malicious Executables in the Wild. Journal of Machine Learning Research (2007)"},{"key":"10_CR14","unstructured":"Koutsofios, E., North, S.C.: Drawing graphs with dot. Technical report, AT&T Bell Laboratories, Murray Hill, NJ (October 8, 1993)"},{"key":"10_CR15","unstructured":"Lee, T., Mody, J.J.: Behavioral classification. In: Proceedings of EICAR 2006 (April 2006)"},{"key":"10_CR16","unstructured":"Li, M., Chen, X., Li, X., Ma, B., Vit\u00e1nyi, P.: The similarity metric. In: SODA 2003: Proceedings of the fourteenth annual ACM-SIAM symposium on Discrete algorithms, Philadelphia, PA, USA. Society for Industrial and Applied Mathematics, pp. 863\u2013872 (2003)"},{"key":"10_CR17","volume-title":"Proc. of IEEE Symposium on Security and Privacy","author":"Z. Li","year":"2006","unstructured":"Li, Z., Sanghi, M., Chen, Y., Kao, M., Chavez, B.: Hamsa: Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience. In: Proc. of IEEE Symposium on Security and Privacy, IEEE Computer Society Press, Los Alamitos (2006)"},{"key":"10_CR18","volume-title":"Proceedings of the USENIX\/ACM Internet Measurement Conference","author":"J. Ma","year":"2006","unstructured":"Ma, J., Dunagan, J., Wang, H., Savage, S., Voelker, G.: Finding Diversity in Remote Code Injection Exploits. In: Proceedings of the USENIX\/ACM Internet Measurement Conference, October 2006, ACM Press, New York (2006)"},{"key":"10_CR19","unstructured":"McAfee: W32\/Sdbot.worm (April 2003), http:\/\/vil.nai.com\/vil\/content\/v_100454.htm"},{"key":"10_CR20","unstructured":"Microsoft: Microsoft security intelligence report: (January-June 2006) (October 2006), http:\/\/www.microsoft.com\/technet\/security\/default.mspx"},{"key":"10_CR21","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy (Oakland 2007)","author":"A. Moser","year":"2007","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: Proceedings of the IEEE Symposium on Security and Privacy (Oakland 2007), May 2007, IEEE Computer Society Press, Los Alamitos (2007)"},{"key":"10_CR22","unstructured":"Moshchuk, A., Bragin, T., Gribble, S.D., Levy, H.M.: A Crawler-based Study of Spyware in the Web. In: Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA (2006)"},{"key":"10_CR23","volume-title":"Proceedings 2005 IEEE Symposium on Security and Privacy","author":"J. Newsome","year":"2005","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proceedings 2005 IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 8\u201311, 2005, IEEE Computer Society Press, Los Alamitos (2005)"},{"key":"10_CR24","doi-asserted-by":"crossref","unstructured":"Norman Solutions: Norman sandbox whitepaper (2003), http:\/\/download.norman.no\/whitepapers\/whitepaper_Norman_SandBox.pdf","DOI":"10.1093\/gmo\/9781561592630.article.J410100"},{"key":"10_CR25","unstructured":"Nykter, M., Yli-Harja, O., Shmulevich, I.: Normalized compression distance for gene expression analysis. In: Workshop on Genomic Signal Processing and Statistics (GENSIPS) (May 2005)"},{"key":"10_CR26","unstructured":"Prince, M.B., Dahl, B.M., Holloway, L., Keller, A.M., Langheinrich, E.: Understanding how spammers steal your e-mail address: An analysis of the first six months of data from project honey pot. In: Second Conference on Email and Anti-Spam (CEAS 2005) (July 2005)"},{"key":"10_CR27","unstructured":"Walters, B.: VMware virtual platform. j-LINUX-J 63 (July 1999)"},{"key":"10_CR28","unstructured":"Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.T.: Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2006, San Diego, California, USA (2006)"},{"key":"10_CR29","unstructured":"Wehner, S.: Analyzing worms and network traffic using compression. Technical report, CWI, Amsterdam (2005)"},{"key":"10_CR30","doi-asserted-by":"crossref","unstructured":"Yegneswaran, V., Giffin, J.T., Barford, P., Jha, S.: An Architecture for Generating Semantics-Aware Signatures. In: Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA, August 2005, pp. 97\u2013112 (2005)","DOI":"10.21236\/ADA449063"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-74320-0_10.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,19]],"date-time":"2020-11-19T00:21:32Z","timestamp":1605745292000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-74320-0_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540743194","9783540743200"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-74320-0_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[]}}