{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,16]],"date-time":"2026-03-16T09:30:01Z","timestamp":1773653401562,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":35,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642221095","type":"print"},{"value":"9783642221101","type":"electronic"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-22110-1_10","type":"book-chapter","created":{"date-parts":[[2011,7,4]],"date-time":"2011-07-04T13:08:45Z","timestamp":1309784925000},"page":"116-131","source":"Crossref","is-referenced-by-count":29,"title":["Malware Analysis with Tree Automata Inference"],"prefix":"10.1007","author":[{"given":"Domagoj","family":"Babi\u0107","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Reynaud","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dawn","family":"Song","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"10_CR1","volume-title":"Compilers: principles, techniques, and tools","author":"A.V. Aho","year":"1986","unstructured":"Aho, A.V., Sethi, R., Ullman, J.D.: Compilers: principles, techniques, and tools. Addison-Wesley Longman Publishing Co., Inc. Redwood City (1986)"},{"key":"10_CR2","unstructured":"Babi\u0107, D.: Exploiting Structure for Scalable Software Verification. Ph.D. thesis, University of British Columbia, Vancouver, Canada (2008)"},{"key":"10_CR3","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1007\/s11416-008-0102-4","volume":"5","author":"G. Bonfante","year":"2009","unstructured":"Bonfante, G., Kaczmarek, M., Marion, J.Y.: Architecture of a morphological malware detector. Journal in Computer Virology\u00a05, 263\u2013270 (2009)","journal-title":"Journal in Computer Virology"},{"key":"10_CR4","first-page":"65","volume-title":"Botnet Detection Countering the Largest Security Threat, Advances in Information Security","author":"D. Brumley","year":"2008","unstructured":"Brumley, D., Hartwig, C., Zhenkai Liang, J.N., Song, D., Yin, H.: Automatically Identifying Trigger-based Behavior in Malware. In: Botnet Detection Countering the Largest Security Threat, Advances in Information Security, vol.\u00a036, pp. 65\u201388. Springer, Heidelberg (2008)"},{"key":"10_CR5","doi-asserted-by":"crossref","unstructured":"Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proc.\u00a0of 13th USENIX Security Symp. (2004)","DOI":"10.1145\/1133572.1133599"},{"key":"10_CR6","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1145\/1007512.1007518","volume-title":"ISSTA 2004: Proc.\u00a0of the 2004 ACM SIGSOFT Int.\u00a0Symp.\u00a0on Software Testing and Analysis","author":"M. Christodorescu","year":"2004","unstructured":"Christodorescu, M., Jha, S.: Testing malware detectors. In: ISSTA 2004: Proc.\u00a0of the 2004 ACM SIGSOFT Int.\u00a0Symp.\u00a0on Software Testing and Analysis, pp. 34\u201344. ACM Press, New York (2004)"},{"key":"10_CR7","first-page":"5","volume-title":"Proc.\u00a0of the the 6th Joint Meeting of the European Software Engineering Conf.\u00a0and the ACM SIGSOFT Symp.\u00a0on The Foundations of Software Engineering","author":"M. Christodorescu","year":"2007","unstructured":"Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proc.\u00a0of the the 6th Joint Meeting of the European Software Engineering Conf.\u00a0and the ACM SIGSOFT Symp.\u00a0on The Foundations of Software Engineering, pp. 5\u201314. ACM Press, New York (2007)"},{"key":"10_CR8","first-page":"32","volume-title":"SP 2005: Proc.\u00a0of the 2005 IEEE Symp.\u00a0on Security and Privacy","author":"M. Christodorescu","year":"2005","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: SP 2005: Proc.\u00a0of the 2005 IEEE Symp.\u00a0on Security and Privacy, pp. 32\u201346. IEEE Computer Society Press, Los Alamitos (2005)"},{"key":"10_CR9","unstructured":"Comon, H., Dauchet, M., Gilleron, R., L\u00f6ding, C., Jacquemard, F., Lugiez, D., Tison, S., Tommasi, M.: Tree Automata Techniques and Applications (2007)"},{"key":"10_CR10","volume-title":"Introduction to Algorithms","author":"T.H. Cormen","year":"2001","unstructured":"Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 2nd edn. The MIT Press, Cambridge (2001)","edition":"2"},{"key":"10_CR11","first-page":"221","volume-title":"the Proc.\u00a0of the 37th Int.\u00a0Symp.\u00a0on Microarchitecture","author":"J. Crandall","year":"2005","unstructured":"Crandall, J., Chong, F.: Minos: Control data attack prevention orthogonal to memory model. In: the Proc.\u00a0of the 37th Int.\u00a0Symp.\u00a0on Microarchitecture, pp. 221\u2013232. IEEE Computer Society Press, Los Alamitos (2005)"},{"key":"10_CR12","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1109\/SECPRI.1996.502675","volume-title":"Proc.\u00a0of the 1996 IEEE Symp.\u00a0on Security and Privacy","author":"S. Forrest","year":"1996","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for unix processes. In: Proc.\u00a0of the 1996 IEEE Symp.\u00a0on Security and Privacy, pp. 120\u2013129. IEEE Computer Society Press, Los Alamitos (1996)"},{"key":"10_CR13","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1109\/SP.2010.11","volume-title":"Proc.\u00a0of the 2010 IEEE Symp. on Security and Privacy","author":"M. Fredrikson","year":"2010","unstructured":"Fredrikson, M., Jha, S., Christodorescu, M., Sailer, R., Yan, X.: Synthesizing near-optimal malware specifications from suspicious behaviors. In: Proc.\u00a0of the 2010 IEEE Symp. on Security and Privacy, pp. 45\u201360. IEEE Computer Society Press, Los Alamitos (2010)"},{"key":"10_CR14","volume-title":"Dept. Syst. Inform. Comput.","author":"P. Garc\u00eda","year":"1993","unstructured":"Garc\u00eda, P.: Learning k-testable tree sets from positive data. Tech. rep. In: Dept. Syst. Inform. Comput. Univ. Politecnica Valencia, Spain (1993)"},{"key":"10_CR15","doi-asserted-by":"publisher","first-page":"920","DOI":"10.1109\/34.57687","volume":"12","author":"P. Garc\u00eda","year":"1990","unstructured":"Garc\u00eda, P., Vidal, E.: Inference of k-testable languages in the strict sense and application to syntactic pattern recognition. IEEE Trans. Pattern Anal. Mach. Intell.\u00a012, 920\u2013925 (1990)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"10_CR16","first-page":"213","volume-title":"Proc.\u00a0of the ACM SIGPLAN Conf.\u00a0on Prog.\u00a0Lang.\u00a0Design and Impl.","author":"P. Godefroid","year":"2005","unstructured":"Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: Proc.\u00a0of the ACM SIGPLAN Conf.\u00a0on Prog.\u00a0Lang.\u00a0Design and Impl. pp. 213\u2013223. ACM Press, New York (2005)"},{"issue":"3","key":"10_CR17","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1016\/S0019-9958(78)90562-4","volume":"37","author":"E.M. Gold","year":"1978","unstructured":"Gold, E.M.: Complexity of automaton identification from given data. Information and Control\u00a037(3), 302\u2013320 (1978)","journal-title":"Information and Control"},{"key":"10_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"497","DOI":"10.1007\/978-3-540-75867-9_63","volume-title":"Computer Aided Systems Theory \u2013 EUROCAST 2007","author":"A. Holzer","year":"2007","unstructured":"Holzer, A., Kinder, J., Veith, H.: Using verification technology to specify and detect malware. In: Moreno D\u00edaz, R., Pichler, F., Quesada Arencibia, A. (eds.) EUROCAST 2007. LNCS, vol.\u00a04739, pp. 497\u2013504. Springer, Heidelberg (2007)"},{"key":"10_CR19","unstructured":"Kang, M.G., McCamant, S., Poosankam, P., Song, D.: DTA++: Dynamic taint analysis with targeted control-flow propagation. In: Proc. of the 18th Annual Network and Distributed System Security Symp.San Diego, CA (2011)"},{"key":"10_CR20","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4612-0171-7","volume-title":"Automata Theory and Its Applications","author":"B. Khoussainov","year":"2001","unstructured":"Khoussainov, B., Nerode, A.: Automata Theory and Its Applications. Birkh\u00e4user, Basel (2001)"},{"issue":"7","key":"10_CR21","doi-asserted-by":"publisher","first-page":"385","DOI":"10.1145\/360248.360252","volume":"19","author":"J.C. King","year":"1976","unstructured":"King, J.C.: Symbolic execution and program testing. Comm.\u00a0of the ACM\u00a019(7), 385\u2013394 (1976)","journal-title":"Comm.\u00a0of the ACM"},{"key":"10_CR22","doi-asserted-by":"publisher","first-page":"109","DOI":"10.1142\/9789812797919_0008","volume-title":"Advances in Structural and Syntactic Pattern Recognition: Proc. of the Int.\u00a0Workshop","author":"T. Knuutila","year":"1993","unstructured":"Knuutila, T.: Inference of k-testable tree languages. In: Bunke, H. (ed.) Advances in Structural and Syntactic Pattern Recognition: Proc. of the Int.\u00a0Workshop, pp. 109\u2013120. World Scientific, Singapore (1993)"},{"key":"10_CR23","unstructured":"Kolbitsch, C., Milani, P., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: The 18th USENIX Security Symp. (2009)"},{"issue":"4","key":"10_CR24","doi-asserted-by":"publisher","first-page":"1658","DOI":"10.1109\/TSMCB.2004.827190","volume":"34","author":"D. L\u00f3pez","year":"2004","unstructured":"L\u00f3pez, D., Sempere, J.M., Garc\u00eda, P.: Inference of reversible tree languages. IEEE Transactions on Systems, Man, and Cybernetics, Part B\u00a034(4), 1658\u20131665 (2004)","journal-title":"IEEE Transactions on Systems, Man, and Cybernetics, Part B"},{"key":"10_CR25","first-page":"190","volume-title":"Proc.\u00a0of the 2005 ACM SIGPLAN Conf.\u00a0on Prog.\u00a0Lang.\u00a0Design and Impl.","author":"C. Luk","year":"2005","unstructured":"Luk, C., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. In: Proc.\u00a0of the 2005 ACM SIGPLAN Conf.\u00a0on Prog.\u00a0Lang.\u00a0Design and Impl., pp. 190\u2013200. ACM Press, New York (2005)"},{"key":"10_CR26","unstructured":"Martignoni, L., Paleari, R.: The libwst library (a part of WUSSTrace) (2010), http:\/\/code.google.com\/p\/wusstrace\/"},{"key":"10_CR27","unstructured":"Matrosov, A., Rodionov, E., Harley, D., Malcho, J.: Stuxnet under the microscope. Tech. rep. Eset (2010)"},{"key":"10_CR28","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1109\/SP.2007.17","volume-title":"SP 2007: Proc.\u00a0of the IEEE Symp. on Security and Privacy","author":"A. Moser","year":"2007","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: SP 2007: Proc.\u00a0of the IEEE Symp. on Security and Privacy, pp. 231\u2013245. IEEE Computer Society Press, Los Alamitos (2007)"},{"key":"10_CR29","unstructured":"Newsome, J., Song, D.: Dynamic Taint Analysis: Automatic Detection, Analysis, and Signature Generation of Exploit Attacks on Commodity Software. In: Proc.\u00a0of the Network and Distributed Systems Security Symp. (2005)"},{"issue":"5","key":"10_CR30","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1145\/1037949.1024404","volume":"38","author":"G. Suh","year":"2004","unstructured":"Suh, G., Lee, J., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. ACM SIGOPS Operating Systems Review\u00a038(5), 85\u201396 (2004)","journal-title":"ACM SIGOPS Operating Systems Review"},{"key":"10_CR31","unstructured":"Symantec: Symantec global internet security threat report: Trends for 2009. Tech. rep.Symantec, vol.\u00a0XV (2010)"},{"key":"10_CR32","first-page":"156","volume-title":"Proc.\u00a0of the IEEE Symp. on Security and Privacy","author":"D. Wagner","year":"2001","unstructured":"Wagner, D., Dean, D.: Intrusion detection via static analysis. In: Proc.\u00a0of the IEEE Symp. on Security and Privacy, p. 156. IEEE Computer Society Press, Los Alamitos (2001)"},{"key":"10_CR33","first-page":"255","volume-title":"Proc.\u00a0of the 9th ACM Conf.\u00a0on Comp.\u00a0and Comm.\u00a0Security","author":"D. Wagner","year":"2002","unstructured":"Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proc.\u00a0of the 9th ACM Conf.\u00a0on Comp.\u00a0and Comm.\u00a0Security, pp. 255\u2013264. ACM Press, New York (2002)"},{"key":"10_CR34","doi-asserted-by":"crossref","unstructured":"You, I., Yim, K.: Malware Obfuscation Techniques: A Brief Survey. In: Int.\u00a0Conf.\u00a0on Broadband, Wireless Computing, Communication and Applications, pp. 297\u2013300 (2010)","DOI":"10.1109\/BWCCA.2010.85"},{"issue":"2","key":"10_CR35","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1016\/S0022-0000(72)80020-5","volume":"6","author":"Y. Zalcstein","year":"1972","unstructured":"Zalcstein, Y.: Locally testable languages. J. Comput. Syst. Sci.\u00a06(2), 151\u2013167 (1972)","journal-title":"J. Comput. Syst. Sci."}],"container-title":["Lecture Notes in Computer Science","Computer Aided Verification"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-22110-1_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,27]],"date-time":"2021-11-27T12:00:14Z","timestamp":1638014414000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-22110-1_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642221095","9783642221101"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-22110-1_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011]]}}}