{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:52:30Z","timestamp":1771699950445,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":22,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642043413","type":"print"},{"value":"9783642043420","type":"electronic"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-04342-0_5","type":"book-chapter","created":{"date-parts":[[2009,9,28]],"date-time":"2009-09-28T23:00:22Z","timestamp":1254178822000},"page":"81-100","source":"Crossref","is-referenced-by-count":18,"title":["Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language"],"prefix":"10.1007","author":[{"given":"Gr\u00e9goire","family":"Jacob","sequence":"first","affiliation":[]},{"given":"Herv\u00e9","family":"Debar","sequence":"additional","affiliation":[]},{"given":"Eric","family":"Filiol","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"5_CR1","unstructured":"Charlier, B.L., Mounji, A., Swimmer, M.: Dynamic detection and classification of computer viruses using general behaviour patterns. Virus Bulletin (1995)"},{"key":"5_CR2","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proc. of the Network and Distributed System Security Symposium, NDSS (2005)"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Bhatkar, S., Chaturvedi, A., Sekar, R.: Dataflow anomaly detection. In: Proc. of the IEEE Symposium on Security and Privacy (SSP), pp. 48\u201362 (2006)","DOI":"10.1109\/SP.2006.12"},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behaviour. In: Proc. of the 6th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineeering, pp. 5\u201314 (2007)","DOI":"10.1145\/1287624.1287628"},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Morales, J.A., Clarke, P.J., Deng, Y.: Identification of file infecting viruses through detection of self-reference replication. Journal in Computer Virology\u00a0Online (2008)","DOI":"10.1007\/s11416-008-0101-5"},{"key":"5_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/978-3-540-87403-4_5","volume-title":"Recent Advances in Intrusion Detection","author":"L. Martignoni","year":"2008","unstructured":"Martignoni, L., Stinson, E., Fredrikson, M., Jha, S., Mitchell, J.C.: A layered architecture for detecting malicious behaviors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 78\u201397. Springer, Heidelberg (2008)"},{"key":"5_CR7","first-page":"127","volume":"2","author":"D.E. Knuth","year":"1968","unstructured":"Knuth, D.E.: Semantics of context-free grammars. Theory of Computing Systems\u00a02, 127\u2013145 (1968)","journal-title":"Theory of Computing Systems"},{"issue":"3","key":"5_CR8","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1007\/s11416-008-0085-1","volume":"4","author":"G. Jacob","year":"2008","unstructured":"Jacob, G., Filiol, E., Debar, H.: Malwares as interactive machines: A new framework for behavior modelling. Journal in Computer Virology\u00a04(3), 235\u2013250 (2008)","journal-title":"Journal in Computer Virology"},{"key":"5_CR9","doi-asserted-by":"crossref","unstructured":"Jacob, G., Filiol, E., Debar, H.: Functional polymorphic engines: Formalisation, implementation and use cases. Journal in Computer Virology\u00a0Online (2008)","DOI":"10.1007\/s11416-008-0095-z"},{"key":"5_CR10","unstructured":"US Department of Defense: \u201cOrange Book\u201d - Trusted Computer System Evaluation Criteria. Rainbow Series (1983)"},{"key":"5_CR11","unstructured":"NTInternals: The undocumented functions microsoft windows nt\/2k\/xp\/2003, http:\/\/undocumented.ntinternals.net"},{"key":"5_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-39650-5_19","volume-title":"Computer Security \u2013 ESORICS 2003","author":"C. Kruegel","year":"2003","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol.\u00a02808, pp. 326\u2013343. Springer, Heidelberg (2003)"},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Cuppens, F., Mi\u00e8ge, A.: Alert correlation in a cooperative intrusion detection framework. In: Proc. of the IEEE Symposium on Security and Privacy (SSP), p. 202 (2002)","DOI":"10.1109\/SECPRI.2002.1004372"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Al-Mamory, S.O., Zhang, H.: Ids alerts correlation using grammar-based approach. Journal in Computer Virology\u00a0Online (2008)","DOI":"10.1007\/s11416-008-0103-3"},{"key":"5_CR15","unstructured":"NtTrace: Native api tracing for windows, http:\/\/www.howzatt.demon.co.uk\/NtTrace\/"},{"key":"5_CR16","unstructured":"QEMU: Processor emulator, http:\/\/fabrice.bellard.free.fr\/qemu\/"},{"key":"5_CR17","unstructured":"Marion, J.Y., Reynaud-Plantey, D.: Practical obfuscation by interpretation. In: 3rd Workshop on the Theory of Computer Viruses, WTCV (2008)"},{"key":"5_CR18","unstructured":"MSDN: Vbscript language reference, http:\/\/msdn.microsoft.com\/en-us\/library\/d1wf56tt.aspx"},{"key":"5_CR19","unstructured":"VXHeaven: Repository, http:\/\/vx.netlux.org\/"},{"key":"5_CR20","unstructured":"OffensiveComputing: Repository, http:\/\/www.offensivecomputing.net\/"},{"key":"5_CR21","unstructured":"Carrera, E.: Malware - behavior, tools, scripting and advanced analysis. In: HITBSec Conf. (2008)"},{"key":"5_CR22","unstructured":"Anubis: Analyzing unknown malware, http:\/\/anubis.iseclab.org\/"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-04342-0_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T11:48:07Z","timestamp":1739360887000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-04342-0_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642043413","9783642043420"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-04342-0_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009]]}}}