{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T22:27:19Z","timestamp":1725575239138},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642181771"},{"type":"electronic","value":"9783642181788"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-18178-8_16","type":"book-chapter","created":{"date-parts":[[2011,1,15]],"date-time":"2011-01-15T11:09:47Z","timestamp":1295089787000},"page":"181-195","source":"Crossref","is-referenced-by-count":7,"title":["Misleading Malware Similarities Analysis by Automatic Data Structure Obfuscation"],"prefix":"10.1007","author":[{"given":"Zhi","family":"Xin","sequence":"first","affiliation":[]},{"given":"Huiyu","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Hao","family":"Han","sequence":"additional","affiliation":[]},{"given":"Bing","family":"Mao","sequence":"additional","affiliation":[]},{"given":"Li","family":"Xie","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"16_CR1","unstructured":"Lin, Z., Zhang, X., Xu, D.: Automatic Reverse Engineering of Data Structures from Binary Execution. In: Proceedings of the 17th Annual Network and Distributed System Security Symposium (2010)"},{"key":"16_CR2","unstructured":"Cozzie, A., Stratton, F., Xue, H., King, S.T.: Digging for Data Structures. In: The 8th USENIX Symposium on Operating Systems Design and Implementation (2008)"},{"key":"16_CR3","unstructured":"Anubis: Analyzing Unknown Binaries (2009), \n                    \n                      http:\/\/anubis.seclab.tuwien.ac.at"},{"key":"16_CR4","unstructured":"CWSandbox (2009), \n                    \n                      http:\/\/www.cwsandbox.org\/"},{"key":"16_CR5","doi-asserted-by":"crossref","unstructured":"Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (2003)","DOI":"10.1145\/948109.948149"},{"key":"16_CR6","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Songand, D., Bryant, R.E.: Semantics-Aware Malware Detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"16_CR7","unstructured":"Popov, I.V., Debray, S.K., Andrews, G.R.: Binary obfuscation using signals. In: Proceedings of the 16th USENIX Security Symposium (2007)"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of Static Analysis for Malware Detection. In: 23rd Annual Computer Security Applications Conference (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"16_CR9","unstructured":"Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D.X.: Automatically Identifying Trigger-based Behavior in Malware. In: Lee, W., et al. (eds.) Book chapter in Botnet Analysis and Defense (2007)"},{"key":"16_CR10","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring Multiple Execution Paths for Malware Analysis. In: Proceedings of the 28th IEEE Symposium on Security and Privacy (2007)","DOI":"10.1109\/SP.2007.17"},{"key":"16_CR11","doi-asserted-by":"crossref","unstructured":"Coogan, K., Debray, S.K., Kaochar, T., Townsend, G.M.: Automatic Static Unpacking of Malware Binaries. In: The 16th Working Conference on Reverse Engineering (2009)","DOI":"10.1109\/WCRE.2009.24"},{"key":"16_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1007\/978-3-540-24723-4_2","volume-title":"Compiler Construction","author":"G. Balakrishnan","year":"2004","unstructured":"Balakrishnan, G., Reps, T.: Analyzing Memory Accesses in x86 Executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol.\u00a02985, pp. 5\u201323. Springer, Heidelberg (2004)"},{"key":"16_CR13","unstructured":"Balakrishnan, G., Reps, T.W.: DIVINE: Discovering Variables IN Executables. In: Proceeding of Verification Model Checking and Abstract Interpretation (2007)"},{"key":"16_CR14","volume-title":"The Art of Computer Virus Research and Defense","author":"P. Szor","year":"2005","unstructured":"Szor, P.: The Art of Computer Virus Research and Defense. Addison Wesley, Reading (2005)"},{"key":"16_CR15","unstructured":"Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Proceedings of the 16th USENIX Security Symposium (2003)"},{"key":"16_CR16","unstructured":"Sharif, M.I., Lanzi, A., Giffin, J.T., Lee, W.: Impeding Malware Analysis Using Conditional Code Obfuscation. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (2008)"},{"key":"16_CR17","unstructured":"Pearce, S.: Viral polymorphism. VX Heavens (2003)"},{"key":"16_CR18","unstructured":"The Mental Drille Metamorphism in practice or How I made MetaPHOR and what I\u2019ve learnt. VX Heavens (February 2002)"},{"key":"16_CR19","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.A.: Behavior-based spyware detection. In: Proceedings of the 15th Conference on USENIX Security Symposium (2006)"},{"key":"16_CR20","unstructured":"Stallman, R.: Using GCC: the GNU compiler collection reference manual. GNU Press (2009)"},{"key":"16_CR21","unstructured":"TESO. Burneye ELF encryption program (January 2004), \n                    \n                      http:\/\/teso.scene.at"},{"key":"16_CR22","unstructured":"Detristan, T., Ulenspiegel, T., Malcom, Y., von Underduk, M.S.: Polymorphic Shellcode Engine Using Spectrum Analysis. Phrack\u00a061 (2003)"},{"key":"16_CR23","unstructured":"Julus, L.: Metamorphism. VX heaven (March 2000), \n                    \n                      http:\/\/vx.netlux.org\/lib\/vlj00.html"},{"key":"16_CR24","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Robertson, W., Vigna, G.: Detecting Kernel-Level Rootkits Through Binary Analysis. In: Proceedings of the 20th Annual Computer Security Applications Conference (2004)","DOI":"10.1109\/CSAC.2004.19"},{"key":"16_CR25","doi-asserted-by":"crossref","unstructured":"Lin, Z., Riley, R.D., Xu, D.: Polymorphing Software by Randomizing Data Structure Layout. In: Proceedings of the 6th SIDAR Conference on Detection of Intrusions and Malware and Vulnerability Assessment (2009)","DOI":"10.1007\/978-3-642-02918-9_7"},{"key":"16_CR26","unstructured":"Balakrishnan, A., Schulze, C.: Code Obfuscation Literature Survey (2005), \n                    \n                      http:\/\/pages.cs.wisc.edu\/~arinib\/projects.htm"},{"key":"16_CR27","doi-asserted-by":"crossref","unstructured":"Colberg, Thomborson: Watermarking, Tamper-Proofing, and Obfuscation\u2013Tools for Software Protection. IEEE Transactions on Software Engineering\u00a028(8) (2002)","DOI":"10.1109\/TSE.2002.1027797"},{"key":"16_CR28","unstructured":"Bhatkar, S., Sekar, R., DuVarney, D.C.: Efficient techniques for comprehensive protection from memory error exploits. In: Proceedings of the 14th Conference on USENIX Security Symposium (2005)"},{"key":"16_CR29","unstructured":"Bhatkar, S., DuVarney, D.C., Sekar, R.: Address obfuscation: an efficient approach to combat a board range of memory error exploits. In: Proceedings of the 12th Conference on USENIX Security Symposium (2003)"},{"key":"16_CR30","doi-asserted-by":"crossref","unstructured":"Cifuentes, C., Gough, K.J.: Decompilation of Binary Programs. Software Practice & Experience (July 1995)","DOI":"10.1002\/spe.4380250706"},{"key":"16_CR31","doi-asserted-by":"crossref","unstructured":"Ramalingam, G., Field, J., Tip, F.: Aggregate structure identification and its application to program analysis. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (1999)","DOI":"10.1145\/292540.292553"},{"key":"16_CR32","unstructured":"Status of C99 features in GCC, GNU (1999), \n                    \n                      http:\/\/gcc.gnu.org\/c99status.html"},{"key":"16_CR33","volume-title":"Advanced Programming in the UNIX Environment","author":"W. Richard Stevens","year":"1992","unstructured":"Richard Stevens, W.: Advanced Programming in the UNIX Environment. Addison-Wesley, Reading (1992)"},{"key":"16_CR34","doi-asserted-by":"crossref","unstructured":"Shapiro, M., Horwitz, S.: The Effects of the Precision of Pointer Analysis. Lecture Notes in Computer Science (1997)","DOI":"10.1007\/BFb0032731"},{"key":"16_CR35","unstructured":"Collberg, C., Thomborson, C., Low, D.: A Taxonomy of Obfuscating Transformations. Technical Report 148, University of Auckland (1997)"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-18178-8_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,3,23]],"date-time":"2019-03-23T18:06:15Z","timestamp":1553364375000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-18178-8_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642181771","9783642181788"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-18178-8_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}