{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T12:38:00Z","timestamp":1742992680662,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":31,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642019562"},{"type":"electronic","value":"9783642019579"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-01957-9_13","type":"book-chapter","created":{"date-parts":[[2009,5,15]],"date-time":"2009-05-15T11:24:25Z","timestamp":1242386665000},"page":"201-218","source":"Crossref","is-referenced-by-count":4,"title":["Malyzer: Defeating Anti-detection for Application-Level Malware Analysis"],"prefix":"10.1007","author":[{"given":"Lei","family":"Liu","sequence":"first","affiliation":[]},{"given":"Songqing","family":"Chen","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"13_CR1","unstructured":"http:\/\/www.pctools.com\/mrc\/infections\/id\/Webbuying\/"},{"key":"13_CR2","unstructured":"http:\/\/news.softpedia.com\/newsTag\/Graybird"},{"key":"13_CR3","unstructured":"http:\/\/blogs.windowsecurity.com\/parker\/2006\/07\/11\/malware-packers\/"},{"key":"13_CR4","unstructured":"http:\/\/research.microsoft.com\/sn\/detours\/"},{"key":"13_CR5","unstructured":"http:\/\/www.oreans.com\/ThemidaWhatsNew.php"},{"key":"13_CR6","unstructured":"http:\/\/www.codeproject.com\/KB\/system\/hooksys.aspx"},{"key":"13_CR7","unstructured":"Taxonomy of botnet threats (November 2006), \n                    \n                      http:\/\/us.trendmicro.com\/imperia\/md\/content\/us\/pdf\/threats\/securitylibrary\/botnettaxonomywhitepapernovember2006.pdf"},{"key":"13_CR8","doi-asserted-by":"crossref","unstructured":"Brumley, D., Newsome, J., Song, D., Wang, H., Jha, S.: Towards automatic generation of vulnerability-based signatures. In: Proceedings of IEEE Symposium on Security and Privacy, Berkely\/Oakland, CA (May 2006)","DOI":"10.1109\/SP.2006.41"},{"key":"13_CR9","unstructured":"Butler, J., Hoglund, G.: Vice-catch the hookers! (July 2004)"},{"key":"13_CR10","unstructured":"Chiang, K., Lloyd, L.: A case study of the rustock rootkit and spam bot. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA (April 2007)"},{"key":"13_CR11","doi-asserted-by":"crossref","unstructured":"Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of the 13th USENIX Security Symposium (August 2004)","DOI":"10.1145\/1133572.1133599"},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: End-to-end containment of internet worms. In: Proceedings of SOSP, Brighton, United Kingdom (October 2005)","DOI":"10.1145\/1095810.1095824"},{"key":"13_CR13","unstructured":"Dimitrov, C.: Playing with the stack, \n                    \n                      http:\/\/www.codeproject.com\/tips\/stackdumper.asp"},{"key":"13_CR14","unstructured":"Desclaux Fabrice. Skype uncovered, \n                    \n                      http:\/\/www.ossir.org\/windows\/supports\/2005\/2005-11-07\/EADS-CCR_Fabrice_Skype.pdf"},{"key":"13_CR15","unstructured":"Grizzard, J., Sharma, V., Nunnery, C., Kang, B., Dagon, D.: Peer-to-peer botnets: Overview and case study. In: Proceedings of the HotBots, Cambridge, MA (April 2007)"},{"key":"13_CR16","unstructured":"Gu, G., Zhang, J., Lee, W.: Botsniffer: Detecting botnet command and control channels in network traffic. In: Proceedings of the 15th NDSS, San Diego, CA (February 2008)"},{"key":"13_CR17","doi-asserted-by":"crossref","unstructured":"Kang, M., Poosankam, P., Yin, H.: Renovo: A hidden code extractor for packed executables. In: Proceedings of WORM, Alexandria, VA (November 2007)","DOI":"10.1145\/1314389.1314399"},{"key":"13_CR18","unstructured":"Keong, T.: Dynamic forking of win32 exe, \n                    \n                      http:\/\/www.security.org.sg\/code\/loadexe.html"},{"key":"13_CR19","unstructured":"Kim, H., Karp, B.: Autograph: Toward automated distributed worm signature detection. In: Proceedings of USENIX Security, San Diego, CA (August 2004)"},{"key":"13_CR20","unstructured":"Li, Z., Sanghi, M., Chen, Y., Kao, M., Chavez, B.: Hamsa: Fast signature generation for zero-day polymorphic worms with provable attack resilience. In: Proceedings of IEEE Symposium on Security and Privacy, Berkely\/Oakland, CA (May 2006)"},{"key":"13_CR21","unstructured":"Liu, L., Chen, S., Yan, G., Zhang, Z.: Bottracer: Execution-based bot-like malware detection. In: Proceedings of the 11th Information Security Conference, Taipei, China (September 2008)"},{"key":"13_CR22","unstructured":"Moshchuk, A., Bragin, T., Deville, D., Gribble, S., Levy, H.: Spyproxy: Execution-based detection of malicious web content. In: Proceedings of the 16th USENIX Security Symposium, Boston, MA (August 2007)"},{"key":"13_CR23","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: Proceedings of IEEE Symposium on Security and Privacy, Oakland, CA (May 2005)"},{"key":"13_CR24","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of the 12th NDSS (February 2005)"},{"key":"13_CR25","unstructured":"Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser analysis of web-based malware. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA (April 2007)"},{"key":"13_CR26","unstructured":"Richter, J.: Programming applications for microsoft windows"},{"key":"13_CR27","unstructured":"Rutkowaska, J.: System virginity verifier: Defining the roadmap for malware detection on windows systems (September 2005)"},{"key":"13_CR28","unstructured":"Singh, S., Estan, C., Varghese, G., Savage, S.: Automated worm fingerprinting. In: Proceedings of OSDI, San Francisco, CA (2004)"},{"key":"13_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/978-3-540-73614-1_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"E. Stinson","year":"2007","unstructured":"Stinson, E., Mitchell, J.C.: Characterizing the remote control behavior of bots. In: H\u00e4mmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol.\u00a04579, pp. 89\u2013108. Springer, Heidelberg (2007)"},{"key":"13_CR30","unstructured":"Wang, Y., Roussev, R., Verbowski, C., Johnson, A., Wu, M., Huang, Y., Kuo, S.: Gatekeeper: Monitoring auto-start extensibility points (aseps) for spyware management. In: Proceedings of LISA (November 2004)"},{"key":"13_CR31","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: Proceedings of ACM CCS, Alexandria, VA (October 2007)","DOI":"10.1145\/1315245.1315261"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-01957-9_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,19]],"date-time":"2019-05-19T12:15:43Z","timestamp":1558268143000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-01957-9_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642019562","9783642019579"],"references-count":31,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-01957-9_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2009]]}}}