{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T16:57:24Z","timestamp":1725555444213},"publisher-location":"Berlin, Heidelberg","reference-count":30,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642128264"},{"type":"electronic","value":"9783642128271"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-12827-1_12","type":"book-chapter","created":{"date-parts":[[2010,5,5]],"date-time":"2010-05-05T19:15:11Z","timestamp":1273086911000},"page":"153-171","source":"Crossref","is-referenced-by-count":2,"title":["Using Purpose Capturing Signatures to Defeat Computer Virus Mutating"],"prefix":"10.1007","author":[{"given":"Xiaoqi","family":"Jia","sequence":"first","affiliation":[]},{"given":"Xi","family":"Xiong","sequence":"additional","affiliation":[]},{"given":"Jiwu","family":"Jing","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"12_CR1","doi-asserted-by":"crossref","unstructured":"Cohen, F.B.: Operating system protection through program evolution. Computers & Security\u00a012(6) (1993)","DOI":"10.1016\/0167-4048(93)90054-9"},{"key":"12_CR2","doi-asserted-by":"crossref","unstructured":"Collberg, C., Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Principles of Programming Languages (POPL 1998), San Diego, CA, USA (1998)","DOI":"10.1145\/268946.268962"},{"key":"12_CR3","doi-asserted-by":"crossref","unstructured":"Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th. ACM Conference on Computer and Communications Security (CCS 2003), Washingtion DC, USA (2003)","DOI":"10.1145\/948109.948149"},{"key":"12_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1007\/11961635_26","volume-title":"Information Systems Security","author":"A. Majumdar","year":"2006","unstructured":"Majumdar, A., Thomborson, C., Drape, S.: A survey of control-flow obfuscations. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol.\u00a04332, pp. 353\u2013356. Springer, Heidelberg (2006)"},{"key":"12_CR5","unstructured":"Popov, I., Debray, S., Andrews, G.: Binary obfuscation using signals. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (Security 2007), Berkeley, CA, USA, pp. 1\u20136 (2007)"},{"key":"12_CR6","unstructured":"Szor, P., Ferrie, P.: Hunting for metamorphic. In: Proceedings of Virus Bulletin Conference, pp. 123\u2013144 (2001)"},{"key":"12_CR7","unstructured":"Sharif, M., Lanzi, A., Giffin, J., Lee, W.: Impeding malware analysis using conditional code obfuscation. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2008), San Diego, CA, USA (2008)"},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"Sharif, M., Lanzi, A., Giffin, J., Lee, W.: Automatic Reverse Engineering of Malware Emulators. In: Proceedings of The 2009 IEEE Symposium on Security and Privacy (Oakland 2009), Oakland, CA, USA (2009)","DOI":"10.1109\/SP.2009.27"},{"key":"12_CR9","unstructured":"Detristan, T., Ulenspiegel, T., Malcom, Y., von Underduk, M.S.: Polymorphic shellcode engine using spectrum analysis. Phrack 11(61) (2003), http:\/\/www.phrack.org"},{"key":"12_CR10","unstructured":"Mohanty, D.: Anti-virus evasion techniques and countermeasures (2005), http:\/\/www.hackingspirits.com\/eth-hac\/papers\/whitepapers.asp"},{"key":"12_CR11","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S.: Testing malware detectors. In: Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2004 (2004)","DOI":"10.1145\/1007512.1007518"},{"key":"12_CR12","unstructured":"Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of USENIX Security Symposium(Security 2003), Washingtion DC, USA (2003)"},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy (Oakland 2005), Oakland, CA, USA (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"12_CR14","unstructured":"Wroblewski, G.: General method of program code obfuscation. PhD thesis, Institute of Engineering Cybernetics, Wroclaw University of Technology, Wroclaw, Poland (2002)"},{"key":"12_CR15","doi-asserted-by":"crossref","unstructured":"Brumley, D., Wang, H., Jha, S., Song, D.: Creating Vulnerability Signatures Using Weakest Pre-conditions. In: Proceedings of Computer Security Foundations Symposium, Italy (2007)","DOI":"10.1109\/CSF.2007.17"},{"key":"12_CR16","doi-asserted-by":"crossref","unstructured":"Jia, X., Zhang, S., Jing, J., Liu, P.: Using Virtual Machines to Do Cross-Layer Damage Assessment. In: Proceedings of the ACM Workshop on Virtual Machine Security (VMSEC 2008), in association with ACM CCS, Washingtion DC, USA (2008)","DOI":"10.1145\/1456482.1456487"},{"key":"12_CR17","unstructured":"Sophos (2009), http:\/\/www.sophos.com\/products\/enterprise\/endpoint\/security-and-control\/8.0\/linux\/"},{"key":"12_CR18","unstructured":"Klein, T.: VMware Fingerprint Suite (2008), http:\/\/www.trapkit.de\/research\/vmm\/scoopydoo\/index.html"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: IEEE Symposium on Security and Privacy (Oakland 2007), pp. 231\u2013245 (2007)","DOI":"10.1109\/SP.2007.17"},{"issue":"3","key":"12_CR20","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/s11416-008-0102-4","volume":"5","author":"G. Bonfante","year":"2008","unstructured":"Bonfante, G., Kaczmarek, M., Marion, J.: Architecture of a Morphological Malware Detector. Journal in Computer Virology\u00a05(3), 263\u2013270 (2008)","journal-title":"Journal in Computer Virology"},{"key":"12_CR21","unstructured":"Bonfante, G., Kaczmarek, M., Marion, J.: Control Flow to Detect Malware. In: Inter-Regional Workshop on Rigorous System Development and Analysis (2007)"},{"key":"12_CR22","doi-asserted-by":"crossref","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: IEEE Symposium on Security and Privacy, pp. 226\u2013241 (2005)","DOI":"10.1109\/SP.2005.15"},{"key":"12_CR23","unstructured":"Rutkowska, J.: System virginity verifier: Defining the roadmap for malware detection on windows systems. In: Hack in the Box Security Conference (2005)"},{"key":"12_CR24","unstructured":"Wang, Y.M., Roussev, R., Verbowski, C., Johnson, A., Wu, M.W., Huang, Y., Kuo, S.Y.: Gatekeeper: Monitoring Auto-Start Extensibility Points (ASEPs) for spyware management. In: Proceedings of the Large Installation System Administration Conference, LISA 2004 (2004)"},{"key":"12_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-89862-7_1","volume-title":"Information Systems Security","author":"D. Song","year":"2008","unstructured":"Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol.\u00a05352, pp. 1\u201325. Springer, Heidelberg (2008)"},{"key":"12_CR26","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis. In: Proceedings of ACM Conference on Computer and Communications Security (CCS 2007), Alexandria, Virginia, USA (2007)","DOI":"10.1145\/1315245.1315261"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: Automatic Extraction of Protocal Message Format Using Dynamic Vinary Analysis. In: Proceedings of ACM Conference on Computer and Communications Security (CCS 2007), Alexandria, Virginia, USA (2007)","DOI":"10.1145\/1315245.1315286"},{"key":"12_CR28","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, Behavior-Based Malware Clustering. In: Proceedings of the Network and Distributed System Security Symposium (NDSS 2009), California, USA (2009)"},{"key":"12_CR29","unstructured":"Revealer (2008), http:\/\/www.sysinternals.com\/Files\/RootkitRevealer.zip"},{"key":"12_CR30","doi-asserted-by":"crossref","unstructured":"Wang, Y., Beck, D., Vo, B., Roussev, R., Verbowski, C.: Detecting stealth software with strider ghostbuster. In: Proceedings of the 2005 International Conference on Dependable Systems and Networks (DSN 2005), pp. 368\u2013377 (2005)","DOI":"10.1109\/DSN.2005.39"}],"container-title":["Lecture Notes in Computer Science","Information Security, Practice and Experience"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-12827-1_12.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T02:57:28Z","timestamp":1606186648000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-12827-1_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642128264","9783642128271"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-12827-1_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2010]]}}}