{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T15:12:15Z","timestamp":1777734735390,"version":"3.51.4"},"publisher-location":"Berlin, Heidelberg","reference-count":29,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642043413","type":"print"},{"value":"9783642043420","type":"electronic"}],"license":[{"start":{"date-parts":[[2009,1,1]],"date-time":"2009-01-01T00:00:00Z","timestamp":1230768000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2009]]},"DOI":"10.1007\/978-3-642-04342-0_7","type":"book-chapter","created":{"date-parts":[[2009,9,28]],"date-time":"2009-09-28T23:00:22Z","timestamp":1254178822000},"page":"121-141","source":"Crossref","is-referenced-by-count":131,"title":["PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime"],"prefix":"10.1007","author":[{"given":"M. Zubair","family":"Shafiq","sequence":"first","affiliation":[]},{"given":"S. Momina","family":"Tabish","sequence":"additional","affiliation":[]},{"given":"Fauzan","family":"Mirza","sequence":"additional","affiliation":[]},{"given":"Muddassar","family":"Farooq","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","unstructured":"AVG Free Antivirus, http:\/\/free.avg.com\/ ."},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"Axelsson, S.: The base-rate fallacy and its implications for the difficulty of intrusion detection. In: ACM Conference on Computer and Communications Security (CCS), Singapore, pp. 1\u20137 (1999)","DOI":"10.1145\/319709.319710"},{"key":"7_CR3","doi-asserted-by":"crossref","unstructured":"Cheng, J., Wong, S.H.Y., Yang, H., Lu, S.: SmartSiren: virus detection and alert for smartphones. In: International Conference on Mobile Systems, Applications and Services (MobiSys), USA, pp. 258\u2013271 (2007)","DOI":"10.1145\/1247660.1247690"},{"key":"7_CR4","unstructured":"DUMPBIN utility, Article ID 177429, Revision 4.0, Micorsoft Help and Support (2005)"},{"key":"7_CR5","unstructured":"Fawcett, T.: ROC Graphs: Notes and Practical Considerations for Researchers, TR HPL-2003-4, HP Labs, USA (2004)"},{"key":"7_CR6","unstructured":"F-Secure Corporation, F-Secure Reports Amount of Malware Grew by 100% during 2007, Press release (2007)"},{"key":"7_CR7","unstructured":"F-Secure Virus Description Database, http:\/\/www.f-secure.com\/v-descs\/"},{"key":"7_CR8","unstructured":"hash_map, Visual C++ Standard Library, http:\/\/msdn.microsoft.com\/en-us\/library\/6x7w9f6z.aspx"},{"key":"7_CR9","unstructured":"Hnatiw, N., Robinson, T., Sheehan, C., Suan, N.: PIMP MY PE: Parsing Malicious and Malformed Executables. In: Virus Bulletin Conference (VB), Austria (2007)"},{"key":"7_CR10","unstructured":"Kendall, K., McMillan, C.: Practical Malware Analysis. In: Black Hat Conference, USA (2007)"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: ACM International Conference on Knowledge Discovery and Data Mining (KDD), USA, pp. 470\u2013478 (2004)","DOI":"10.1145\/1014052.1014105"},{"key":"7_CR12","unstructured":"Microsoft Portable Executable and Common Object File Format Specification, Windows Hardware Developer Central, Updated March 2008 (2008), http:\/\/www.microsoft.com\/whdc\/system\/platform\/firmware\/PECOFF.mspx ."},{"key":"7_CR13","unstructured":"Munro, J.: Antivirus Research and Detection Techniques, Antivirus Research and Detection Techniques, Extreme Tech. (2002), http:\/\/www.extremetech.com\/article2\/0,2845,367051,00.asp"},{"key":"7_CR14","unstructured":"Panda Antivirus, http:\/\/www.pandasecurity.com\/"},{"key":"7_CR15","unstructured":"PE file format, Webster Technical Documentation, http:\/\/webster.cs.ucr.edu\/Page_TechDocs\/pe.txt"},{"key":"7_CR16","unstructured":"PEiD, http:\/\/www.peid.info\/"},{"issue":"14","key":"7_CR17","doi-asserted-by":"publisher","first-page":"1941","DOI":"10.1016\/j.patrec.2008.06.016","volume":"29","author":"R. Perdisci","year":"2008","unstructured":"Perdisci, R., Lanzi, A., Lee, W.: Classification of Packed Executables for Accurate Computer Virus Detection. Elsevier Pattern Recognition Letters\u00a029(14), 1941\u20131946 (2008)","journal-title":"Elsevier Pattern Recognition Letters"},{"key":"7_CR18","doi-asserted-by":"crossref","first-page":"301","DOI":"10.1109\/ACSAC.2008.22","volume-title":"Annual Computer Security Applications Conference (ACSAC)","author":"R. Perdisci","year":"2008","unstructured":"Perdisci, R., Lanzi, A., Lee, W.: McBoost: Boosting Scalability in Malware Collection and Analysis Using Statistical Classification of Executables. In: Annual Computer Security Applications Conference (ACSAC), pp. 301\u2013310. IEEE Press, USA (2008)"},{"key":"7_CR19","unstructured":"Protection ID - the ultimate Protection Scanner, http:\/\/pid.gamecopyworld.com\/"},{"key":"7_CR20","unstructured":"Pietrek, M.: An In-Depth Look into the Win32 Portable Executable File Format, Part 2. MSDN Magazine (March 2002)"},{"key":"7_CR21","unstructured":"Project Malfease, http:\/\/malfease.oarci.net\/"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: IEEE Symposium on Security and Privacy (S&P), USA, pp. 38\u201349 (2001)","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"Shafiq, M.Z., Tabish, S.M., Mirza, F., Farooq, M.: A Framework for Efficient Mining of Structural Information to Detect Zero-Day Malicious Portable Executables, Technical Report, TR-nexGINRC-2009-21 (January 2009), http:\/\/www.nexginrc.org\/papers\/tr21-zubair.pdf","DOI":"10.1007\/978-3-642-04342-0_7"},{"key":"7_CR24","doi-asserted-by":"crossref","unstructured":"Shafiq, M.Z., Tabish, S.M., Farooq, M.: PE-Probe: Leveraging Packer Detection and Structural Information to Detect Malicious Portable Executables. In: Virus Bulletin Conference (VB), Switzerland (2009)","DOI":"10.1007\/978-3-642-04342-0_7"},{"key":"7_CR25","unstructured":"Symantec Internet Security Threat Reports I-XI (January 2002-January 2008)"},{"key":"7_CR26","unstructured":"Veldman, F.: Heuristic Anti-Virus Technology. In: International Virus Bulletin Conference, USA, pp. 67\u201376 (1993)"},{"key":"7_CR27","unstructured":"VX Heavens Virus Collection, VX Heavens website, http:\/\/vx.netlux.org"},{"issue":"13","key":"7_CR28","doi-asserted-by":"publisher","first-page":"2025","DOI":"10.1002\/sim.2103","volume":"24","author":"S.D. Walter","year":"2005","unstructured":"Walter, S.D.: The partial area under the summary ROC curve. Statistics in Medicine\u00a024(13), 2025\u20132040 (2005)","journal-title":"Statistics in Medicine"},{"key":"7_CR29","volume-title":"Data mining: Practical machine learning tools and techniques","author":"I.H. Witten","year":"2005","unstructured":"Witten, I.H., Frank, E.: Data mining: Practical machine learning tools and techniques, 2nd edn. Morgan Kaufmann, USA (2005)","edition":"2"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-04342-0_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,5,26]],"date-time":"2023-05-26T23:04:52Z","timestamp":1685142292000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-04342-0_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2009]]},"ISBN":["9783642043413","9783642043420"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-04342-0_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2009]]}}}