{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T21:04:09Z","timestamp":1725570249715},"publisher-location":"Berlin, Heidelberg","reference-count":33,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642161605"},{"type":"electronic","value":"9783642161612"}],"license":[{"start":{"date-parts":[[2010,1,1]],"date-time":"2010-01-01T00:00:00Z","timestamp":1262304000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-16161-2_1","type":"book-chapter","created":{"date-parts":[[2010,11,26]],"date-time":"2010-11-26T22:17:14Z","timestamp":1290809834000},"page":"1-19","source":"Crossref","is-referenced-by-count":7,"title":["SAS: Semantics Aware Signature Generation for Polymorphic Worm Detection"],"prefix":"10.1007","author":[{"given":"Deguang","family":"Kong","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yoon-Chan","family":"Jhi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Tao","family":"Gong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sencun","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hongsheng","family":"Xi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"1_CR1","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Proceedings of the 23rd Annual Computer Security Applications Conference (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"1_CR2","unstructured":"Kim, H.A., Karp, B.: Autograph: Toward automated, distributed worm signature detection. In: Proceedings of the 13th Usenix Security Symposium (2004)"},{"key":"1_CR3","doi-asserted-by":"crossref","unstructured":"Kreibich, C., Crowcroft., J.: Honeycomb: creating intrusion detection signatures using honeypots. In: Proceedings of the Workshop on Hot Topics in Networks, HotNets (2003)","DOI":"10.1145\/972374.972384"},{"key":"1_CR4","unstructured":"Singh, S., Estan, C., Varghese, G., Savage, S.: Earlybird system for real-time detection of unknown worms. Technical report, Univ. of California, San Diego (2003)"},{"key":"1_CR5","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: Automatic signature generation for polymorphic worms. In: IEEE Symposium on Security and Privacy (2005)"},{"key":"1_CR6","unstructured":"Li, Z., Sanghi, M., Chen, Y., Kao, M.Y., Chavez, B.: Hamsa: Fast signature generation for zero-day polymorphic worms with provable attack resilience. In: IEEE Symposium on Security and Privacy (2006)"},{"key":"1_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"236","DOI":"10.1007\/978-3-540-74320-0_13","volume-title":"Recent Advances in Intrusion Detection","author":"S.P. Chung","year":"2007","unstructured":"Chung, S.P., Mok, A.K.: Advanced allergy attacks: Does a corpus really help. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 236\u2013255. Springer, Heidelberg (2007)"},{"key":"1_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1007\/11856214_5","volume-title":"Recent Advances in Intrusion Detection","author":"J. Newsome","year":"2006","unstructured":"Newsome, J., Karp, B., Song, D.: Paragraph: Thwarting signature learning by training maliciously. In: Zamboni, D., Kr\u00fcgel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 81\u2013105. Springer, Heidelberg (2006)"},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Perdisci, R., Dagon, D., Lee, W.: Misleading worm signature generators using deliberate noise injection. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy (2006)","DOI":"10.1109\/SP.2006.26"},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"Liang, Z., Sekar., R.: Fast and automated generation of attack signatures: A basis for building self-protecting servers. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (2005)","DOI":"10.1145\/1102120.1102150"},{"key":"1_CR11","unstructured":"Newsome, J., Song, D.: Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. In: Proceedings of Network and Distributed System Security Symposium (2005)"},{"key":"1_CR12","unstructured":"Liang, Z., Sekar., R.: Automatic generation of buffer overflow attack signatures: An approach based on program behavior models. In: Proceedings of the Annual Computer Security Applications Conference (2005)"},{"key":"1_CR13","unstructured":"Wang, X., Pan, C.C., Liu, P., Zhu, S.: Sigfree: A signature-free buffer overflow attack blocker. In: 15th Usenix Security Symposium (2006)"},{"key":"1_CR14","doi-asserted-by":"crossref","unstructured":"Borders, K., Prakash, A., Zielinski., M.: Spector:automatically analyzing shell code. In: Proceedings of the 23rd Annual Computer Security Applications Conference, pp. 501\u2013514 (2007)","DOI":"10.1109\/ACSAC.2007.4413015"},{"key":"1_CR15","doi-asserted-by":"crossref","unstructured":"Wang, X., Jhi, Y.C., Zhu, S., Liu, P.: Still: Exploit code detection via static taint and initialization analyses. In: Proceedings of Anual Computer Security Applications Conference, ACSAC (2008)","DOI":"10.1109\/ACSAC.2008.37"},{"key":"1_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"87","DOI":"10.1007\/978-3-540-74320-0_5","volume-title":"Recent Advances in Intrusion Detection","author":"C. Kr\u00fcgel","year":"2007","unstructured":"Kr\u00fcgel, C., Lippmann, R., Clark, A.: Emulation-based detection of non-self-contained polymorphic shellcode. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 87\u2013106. Springer, Heidelberg (2007)"},{"key":"1_CR17","unstructured":"Baecher, P., Koetter, M.: Getting around non-executable stack (and fix), http:\/\/libemu.carnivore.it\/"},{"key":"1_CR18","first-page":"112","volume-title":"The Art of Computer Virus Research and Defense","author":"P. Szor","year":"2005","unstructured":"Szor, P.: The Art of Computer Virus Research and Defense, pp. 112\u2013134. Addison-Wesley, Reading (2005)"},{"key":"1_CR19","unstructured":"Bania, P.: Evading network-level emulation, http:\/\/www.packetstormsecurity.org\/papers\/bypass\/pbania-evading-nemu2009.pdf"},{"key":"1_CR20","unstructured":"Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Technical Report 148, University of Auckland (1997)"},{"key":"1_CR21","unstructured":"Detristan, T., Ulenspiegel, T., Malcom, Y., Superbus, M., Underduk, V.: Polymorphic shellcode engine using spectrum analysis, http:\/\/www.phrack.org\/show.php?p=61-a=9"},{"key":"1_CR22","unstructured":"Ray, E.: Ms-sql worm, http:\/\/www.sans.org\/resources\/malwarefaq\/ms-sql-exploit.php"},{"key":"1_CR23","doi-asserted-by":"crossref","unstructured":"Song, Y., Locasto, M.E., Stavrou, A., Keromytis, A.D., Stolfo, S.J.: On the infeasibility of modeling polymorphic shellcode. In: Proceedings of the 14th ACM conference on Computer and communications security (CCS), pp. 541\u2013551 (2007)","DOI":"10.1145\/1315245.1315312"},{"issue":"2","key":"1_CR24","doi-asserted-by":"publisher","first-page":"257","DOI":"10.1109\/5.18626","volume":"77","author":"L.R. Rabiner","year":"1999","unstructured":"Rabiner, L.R.: A tutorial on hidden markov models and selected applications in speech recognition. Proceedings of the IEEE\u00a077(2), 257\u2013286 (1999)","journal-title":"Proceedings of the IEEE"},{"key":"1_CR25","unstructured":"Moore, H.: The metasploit project, http:\/\/www.metasploit.com"},{"key":"1_CR26","doi-asserted-by":"crossref","unstructured":"Gundy, M.V., Chen, H., Su, Z., Vigna, G.: Feature omission vulnerabilities: Thwarting signature generation for polymorphic worms. In: Proceeding of Annual Computer Security Applications Conference, ACSAC (2007)","DOI":"10.1109\/ACSAC.2007.42"},{"key":"1_CR27","unstructured":"Fogla, P., Sharif, M., Perdisci, R., Kolesnikov, O., Lee, W.: Polymorphic blending attacks. In: Proceedings of the 15th USENIX Security Symposium (2006)"},{"key":"1_CR28","unstructured":"Venkataraman, S., Blum, A., Song, D.: Limits of learning-based signature generation with adversaries. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (2008)"},{"key":"1_CR29","unstructured":"Gundy, M.V., Balzarotti, D., Vigna, G.: Catch me, if you can: Evading network signatures with web-based polymorphic worms. In: Proceedings of the First USENIX Workshop on Offensive Technologies (WOOT), Boston, MA (2007)"},{"key":"1_CR30","unstructured":"Pedro, N.D., Domingos, P., Sumit, M., Verma, S.D.: Adversarial classification. In: 10th ACM SIGKDD Conference On Knowledge Discovery and Data mining, pp. 99\u2013108 (2004)"},{"key":"1_CR31","unstructured":"Brumley, D., Caballero, J., Liang, Z., Newsome, J., Song, D.: Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation. In: Proceedings of the 16th USENIX Security (2007)"},{"key":"1_CR32","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.: Semantics-aware malware detection. In: 2005 IEEE Symposium on Security and Privacy (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"1_CR33","doi-asserted-by":"crossref","unstructured":"Krugel, C., Kirda, E.: Polymorphic worm detection using structural information of executables. In: 2005 International Symposium on Recent Advances in Intrusion Detecion (2005)","DOI":"10.1007\/11663812_11"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-16161-2_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,6]],"date-time":"2019-06-06T11:45:12Z","timestamp":1559821512000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-16161-2_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642161605","9783642161612"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-16161-2_1","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2010]]}}}