{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T20:12:56Z","timestamp":1743019976098,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":21,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642224379"},{"type":"electronic","value":"9783642224386"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-22438-6_20","type":"book-chapter","created":{"date-parts":[[2011,7,18]],"date-time":"2011-07-18T18:21:44Z","timestamp":1311013304000},"page":"252-267","source":"Crossref","is-referenced-by-count":5,"title":["Dynamic Behavior Matching: A Complexity Analysis and New Approximation Algorithms"],"prefix":"10.1007","author":[{"given":"Matthew","family":"Fredrikson","sequence":"first","affiliation":[]},{"given":"Mihai","family":"Christodorescu","sequence":"additional","affiliation":[]},{"given":"Somesh","family":"Jha","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"20_CR1","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781139172752","volume-title":"Term rewriting and all that","author":"F. Baader","year":"1998","unstructured":"Baader, F., Nipkow, T.: Term rewriting and all that. Cambridge University Press, Cambridge (1998)"},{"key":"20_CR2","unstructured":"Bayer, U.: Large-Scale Dynamic Malware Analysis. PhD thesis, Technical University of Vienna (2009)"},{"key":"20_CR3","doi-asserted-by":"crossref","unstructured":"Beaucamps, P., Gnaedig, I., Marion, J.-Y.: Behavior abstraction in malware analysis. Runtime Verification (2010)","DOI":"10.1007\/978-3-642-16612-9_14"},{"key":"20_CR4","doi-asserted-by":"crossref","unstructured":"Bloom, B.H.: Space\/time trade-offs in hash coding with allowable errors. Communications of the ACM\u00a013 (1970)","DOI":"10.1145\/362686.362692"},{"key":"20_CR5","unstructured":"Comon, H., Dauchet, M., Gilleron, R., L\u00f6ding, C., Jacquemard, F., Lugiez, D., Tison, S., Tommasi, M.: Tree automata techniques and applications (2007) (release October 12, 2007)"},{"key":"20_CR6","doi-asserted-by":"crossref","unstructured":"Comparetti, P.M., Salvaneschi, G., Kirda, E., Kolbitsch, C., Kruegel, C., Zanero, S.: Identifying dormant functionality in malware programs. In: Proceedings of the IEEE Symposium on Security and Privacy (2010)","DOI":"10.1109\/SP.2010.12"},{"key":"20_CR7","unstructured":"En, N., Srensson, N.: An extensible SAT-solver. In: SAT (2004)"},{"key":"20_CR8","doi-asserted-by":"crossref","unstructured":"Fredrikson, M., Christodorescu, M., Jha, S.: Dynamic behavior matching: A complexity analysis and new approximation algorithms. Technical report (2011), http:\/\/www.cs.wisc.edu\/~mfredrik\/matching-tr.pdf","DOI":"10.1007\/978-3-642-22438-6_20"},{"key":"20_CR9","doi-asserted-by":"crossref","unstructured":"Fredrikson, M., Christodorescu, M., Jha, S., Sailer, R., Yang, X.: Synthesizing near-optimal specifications of malicious behavior. In: Proceedings of the IEEE Symposium of Security and Privacy (2010)","DOI":"10.1109\/SP.2010.11"},{"key":"20_CR10","volume-title":"Introduction to Automata Theory, Languages, and Computation","author":"J.E. Hopcroft","year":"1979","unstructured":"Hopcroft, J.E., Ullman, J.D.: Introduction to Automata Theory, Languages, and Computation. Adison-Wesley Publishing Company, Reading (1979)"},{"key":"20_CR11","doi-asserted-by":"crossref","unstructured":"Jacob, G., Debar, H., Filiol, E.: Malware behavioral detection by attribute-automata using abstraction from platform and language. In: Recent Advances in Intrusion Detection (2009)","DOI":"10.1007\/978-3-642-04342-0_5"},{"key":"20_CR12","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Zhou, X., Wang, X.: Efficient and effective malware detection at the end host. In: Proceedings of the Usenix Security Symposium (2009)"},{"key":"20_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/978-3-540-87403-4_5","volume-title":"Recent Advances in Intrusion Detection","author":"L. Martignoni","year":"2008","unstructured":"Martignoni, L., Stinson, E., Fredrikson, M., Jha, S., Mitchell, J.C.: A layered architecture for detecting malicious behaviors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 78\u201397. Springer, Heidelberg (2008)"},{"key":"20_CR14","doi-asserted-by":"crossref","unstructured":"Neven, F., Schwentick, T., Vianu, V.: Finite state machines for strings over infinite alphabets. ACM Transactions on Computational Logic\u00a05 (2004)","DOI":"10.1145\/1013560.1013562"},{"key":"20_CR15","doi-asserted-by":"crossref","unstructured":"Park, Y., Reeves, D., Mulukutla, V., Sundaravel, B.: Fast malware classification by automated behavioral graph matching. In: Proceedings of the Workshop on Cyber Security and Information Intelligence Research (2010)","DOI":"10.1145\/1852666.1852716"},{"key":"20_CR16","doi-asserted-by":"crossref","unstructured":"Park, Y.-J., Zhang, Z., Chen, S.: Run-time detection of malware via dynamic control-flow inspection. In: Proceedings of the IEEE Conference on Application-specific Systems, Architectures and Processors (2009)","DOI":"10.1109\/ASAP.2009.30"},{"key":"20_CR17","unstructured":"Sekar, R., Uppuluri, P.: Synthesizing fast intrusion prevention\/detection systems from high-level specifications. In: Proceedings of the Usenix Security Symposium (1999)"},{"key":"20_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"698","DOI":"10.1007\/978-3-642-15497-3_42","volume-title":"Computer Security \u2013 ESORICS 2010","author":"A.G. Tokhtabayev","year":"2010","unstructured":"Tokhtabayev, A.G., Skormin, V.A., Dolgikh, A.M.: Expressive, efficient and obfuscation resilient behavior based IDS. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol.\u00a06345, pp. 698\u2013716. Springer, Heidelberg (2010)"},{"key":"20_CR19","doi-asserted-by":"crossref","unstructured":"Wang, X., Jhi, Y.-C., Zhu, S., Liu, P.: Behavior based software theft detection. In: Proceedings of the ACM Conference on Computer and Communications Security, CCS (2009)","DOI":"10.1145\/1653662.1653696"},{"key":"20_CR20","doi-asserted-by":"crossref","unstructured":"Werth, T., Wrlein, M., Dreweke, A., Fischer, I., Philippsen, M.: Dag mining for code compaction. In: Cao, L., Yu, P.S., Zhang, C., Zhang, H. (eds.) Data Mining for Business Applications (2009)","DOI":"10.1007\/978-0-387-79420-4_15"},{"key":"20_CR21","doi-asserted-by":"crossref","unstructured":"Zhao, C., Kong, J., Zhang, K.: Program behavior discovery and verification: A graph grammar approach. IEEE Transactions on Software Engineering\u00a036 (2010)","DOI":"10.1109\/TSE.2010.3"}],"container-title":["Lecture Notes in Computer Science","Automated Deduction \u2013 CADE-23"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-22438-6_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,12]],"date-time":"2019-06-12T23:19:28Z","timestamp":1560381568000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-22438-6_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642224379","9783642224386"],"references-count":21,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-22438-6_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2011]]}}}