{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:57:33Z","timestamp":1772042253774,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":23,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642236433","type":"print"},{"value":"9783642236440","type":"electronic"}],"license":[{"start":{"date-parts":[[2011,1,1]],"date-time":"2011-01-01T00:00:00Z","timestamp":1293840000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-23644-0_3","type":"book-chapter","created":{"date-parts":[[2012,2,11]],"date-time":"2012-02-11T05:06:20Z","timestamp":1328936780000},"page":"41-60","source":"Crossref","is-referenced-by-count":62,"title":["Automated Identification of Cryptographic Primitives in Binary Programs"],"prefix":"10.1007","author":[{"given":"Felix","family":"Gr\u00f6bert","sequence":"first","affiliation":[]},{"given":"Carsten","family":"Willems","sequence":"additional","affiliation":[]},{"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"1","key":"3_CR1","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/s11416-006-0029-6","volume":"3","author":"P. Beaucamps","year":"2007","unstructured":"Beaucamps, P., Filiol, E.: On the Possibility of Practically Obfuscating Programs Towards a Unified Perspective of Code Protection. Journal in Computer Virology\u00a03(1), 3\u201321 (2007)","journal-title":"Journal in Computer Virology"},{"key":"3_CR2","doi-asserted-by":"crossref","unstructured":"Caballero, J., Poosankam, P., Kreibich, C., Song, D.: Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol Reverse-Engineering. In: ACM Conference on Computer and Communications Security, CCS (2009)","DOI":"10.1145\/1653662.1653737"},{"key":"3_CR3","doi-asserted-by":"crossref","unstructured":"Caballero, J., Poosankam, P., McCamant, S., Babi\u0107, D., Song, D.: Input Generation via Decomposition and Re-stitching: Finding Bugs in Malware. In: ACM Conference on Computer and Communications Security (2010)","DOI":"10.1145\/1866307.1866354"},{"key":"3_CR4","doi-asserted-by":"crossref","unstructured":"Caballero, J., Yin, H., Liang, Z., Song, D.: Polyglot: Automatic Extraction of Protocol Message Format Using Dynamic Binary Analysis. In: ACM Conference on Computer and Communications Security, CCS (2007)","DOI":"10.1145\/1315245.1315286"},{"key":"3_CR5","unstructured":"Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and Mitigation of Peer-to-Peer-based Botnets: A Case Study on Storm Worm. In: First USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET (2008)"},{"key":"3_CR6","first-page":"53","volume-title":"Annual Computer Security Applications Conference (ACSAC)","author":"C. Kruegel","year":"2007","unstructured":"Kruegel, C., Balzarotti, D., Robertson, W.K., Vigna, G.: Improving Signature Testing through Dynamic Data Flow Analysis. In: Annual Computer Security Applications Conference (ACSAC), pp. 53\u201363. IEEE Computer Society, Los Alamitos (2007)"},{"key":"3_CR7","unstructured":"Leder, F., Werner, T.: Know Your Enemy: Containing Conficker - To Tame A Malware. Know Your Enemy Series of the Honeynet Project (2009)"},{"issue":"1","key":"3_CR8","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1145\/357062.357071","volume":"1","author":"T. Lengauer","year":"1979","unstructured":"Lengauer, T., Tarjan, R.: A Fast Algorithm for Finding Dominators in a Flowgraph. ACM Transactions on Programming Languages and Systems\u00a01(1), 121\u2013141 (1979)","journal-title":"ACM Transactions on Programming Languages and Systems"},{"key":"3_CR9","unstructured":"Lin, Z., Jiang, X., Xu, D., Zhang, X.: Automatic Protocol Format Reverse Engineering through Context-Aware Monitored Execution. In: Network and Distributed System Security (NDSS). The Internet Society (2008)"},{"key":"3_CR10","doi-asserted-by":"crossref","unstructured":"Linn, C., Debray, S.: Obfuscation of Executable Code to Improve Resistance to Static Disassembly. In: ACM Conference on Computer and Communications Security, CCS (2003)","DOI":"10.1145\/948109.948149"},{"key":"3_CR11","first-page":"190","volume-title":"ACM SIGPLAN Conference on Programming Language Design and Implementation","author":"C. Luk","year":"2005","unstructured":"Luk, C., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V., Hazelwood, K.: Pin: Building Customized Program Analysis Tools with Dynamic Instrumentation. In: ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 190\u2013200. ACM, New York (2005)"},{"key":"3_CR12","unstructured":"Lutz, N.: Towards Revealing Attackers\u2019 Intent by Automatically Decrypting Network Traffic. Master\u2019s thesis, ETH Z\u00fcrich (2008)"},{"key":"3_CR13","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of Static Analysis for Malware Detection. In: Annual Computer Security Applications Conference, ACSAC (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"3_CR14","unstructured":"Newsome, J., Song, D.X.: Dynamic Taint Analysis for Automatic Detection, Analysis, and SignatureGeneration of Exploits on Commodity Software. In: Network and Distributed System Security, NDSS (2005)"},{"key":"3_CR15","unstructured":"Popov, I.V., Debray, S.K., Andrews, G.R.: Binary Obfuscation Using Signals. In: USENIX Security Symposium (2007)"},{"key":"3_CR16","unstructured":"Porras, P., Saidi, H., Yegneswaran, V.: Conficker C P2P Protocol and Implementation. Tech. rep., SRI International (2009)"},{"key":"3_CR17","unstructured":"Stewart, J.: Inside the Storm: Protocols and Encryption of the Storm Botnet. Black Hat USA (2008)"},{"key":"3_CR18","unstructured":"Tubella, J., Gonz\u00e1lez, A.: Control Speculation in Multithreaded Processors through Dynamic Loop Detection. In: 4th International Symposium on High-Performance Computer Architecture (1998)"},{"key":"3_CR19","unstructured":"Vigna, G.: Static Disassembly and Code Analysis. Malware Detection (2006)"},{"key":"3_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"200","DOI":"10.1007\/978-3-642-04444-1_13","volume-title":"Computer Security \u2013 ESORICS 2009","author":"Z. Wang","year":"2009","unstructured":"Wang, Z., Jiang, X., Cui, W., Wang, X., Grace, M.: ReFormat: Automatic Reverse Engineering of Encrypted Messages. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol.\u00a05789, pp. 200\u2013215. Springer, Heidelberg (2009)"},{"key":"3_CR21","unstructured":"Werner, T., Leder, F.: Waledac Isn\u2019t Good Either! InBot (2009)"},{"key":"3_CR22","unstructured":"Wondracek, G., Comparetti, P., Kruegel, C., Kirda, E.: Automatic Network Protocol Analysis. In: Network and Distributed System Security, NDSS (2008)"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Young, A., Yung, M.: Cryptovirology: Extortion-Based Security Threats and Countermeasures. In: IEEE Symposium on Security and Privacy. pp. 129\u2013141 (1996)","DOI":"10.1109\/SECPRI.1996.502676"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-23644-0_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,20]],"date-time":"2025-03-20T13:23:54Z","timestamp":1742477034000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-23644-0_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642236433","9783642236440"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-23644-0_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011]]}}}