{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,16]],"date-time":"2026-03-16T09:30:01Z","timestamp":1773653401922,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":28,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642331664","type":"print"},{"value":"9783642331671","type":"electronic"}],"license":[{"start":{"date-parts":[[2012,1,1]],"date-time":"2012-01-01T00:00:00Z","timestamp":1325376000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012]]},"DOI":"10.1007\/978-3-642-33167-1_46","type":"book-chapter","created":{"date-parts":[[2012,8,18]],"date-time":"2012-08-18T10:07:05Z","timestamp":1345284425000},"page":"806-823","source":"Crossref","is-referenced-by-count":16,"title":["Abstraction-Based Malware Analysis Using Rewriting and Model Checking"],"prefix":"10.1007","author":[{"given":"Philippe","family":"Beaucamps","sequence":"first","affiliation":[]},{"given":"Isabelle","family":"Gnaedig","sequence":"additional","affiliation":[]},{"given":"Jean-Yves","family":"Marion","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"issue":"1","key":"46_CR1","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1016\/0167-4048(87)90122-2","volume":"6","author":"F. Cohen","year":"1987","unstructured":"Cohen, F.: Computer viruses: Theory and experiments. Computers and Security\u00a06(1), 22\u201335 (1987)","journal-title":"Computers and Security"},{"key":"46_CR2","unstructured":"Le Charlier, B., Mounji, A., Swimmer, M.: Dynamic detection and classification of computer viruses using general behaviour patterns. In: International Virus Bulletin Conference, pp. 1\u201322 (1995)"},{"key":"46_CR3","doi-asserted-by":"crossref","unstructured":"Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automaton-based method for detecting anomalous program behaviors. In: IEEE Symposium on Security and Privacy, pp. 144\u2013155. IEEE Computer Society (2001)","DOI":"10.1109\/SECPRI.2001.924295"},{"issue":"3","key":"46_CR4","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/s11416-007-0077-6","volume":"4","author":"J. Morales","year":"2007","unstructured":"Morales, J., Clarke, P., Deng, Y., Kibria, G.: Characterization of virus replication. Journal in Computer Virology\u00a04(3), 221\u2013234 (2007)","journal-title":"Journal in Computer Virology"},{"key":"46_CR5","unstructured":"Bergeron, J., Debbabi, M., Desharnais, J., Erhioui, M., Lavoie, Y., Tawbi, N.: Static detection of malicious code in executable programs. In: Symposium on Requirements Engineering for Information Security (2001)"},{"key":"46_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"174","DOI":"10.1007\/11506881_11","volume-title":"Intrusion and Malware Detection and Vulnerability Assessment","author":"J. Kinder","year":"2005","unstructured":"Kinder, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Detecting Malicious Code by Model Checking. In: Julisch, K., Kruegel, C. (eds.) DIMVA 2005. LNCS, vol.\u00a03548, pp. 174\u2013187. Springer, Heidelberg (2005)"},{"key":"46_CR7","doi-asserted-by":"crossref","unstructured":"Singh, P.K., Lakhotia, A.: Static verification of worm and virus behavior in binary executables using model checking. In: Information Assurance Workshop, pp. 298\u2013300. IEEE Computer Society (2003)","DOI":"10.1109\/SMCSIA.2003.1232440"},{"key":"46_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/978-3-540-87403-4_5","volume-title":"Recent Advances in Intrusion Detection","author":"L. Martignoni","year":"2008","unstructured":"Martignoni, L., Stinson, E., Fredrikson, M., Jha, S., Mitchell, J.C.: A Layered Architecture for Detecting Malicious Behaviors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 78\u201397. Springer, Heidelberg (2008)"},{"key":"46_CR9","unstructured":"Bayer, U., Milani Comparetti, P., Hlauscheck, C., Kruegel, C., Kirda, E.: Scalable, Behavior-Based Malware Clustering. In: 16th Symposium on Network and Distributed System Security, NDSS (2009)"},{"key":"46_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1007\/978-3-642-04342-0_5","volume-title":"RAID 2009","author":"G. Jacob","year":"2009","unstructured":"Jacob, G., Debar, H., Filiol, E.: Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language. In: Balzarotti, D. (ed.) RAID 2009. LNCS, vol.\u00a05758, pp. 81\u2013100. Springer, Heidelberg (2009)"},{"key":"46_CR11","doi-asserted-by":"crossref","unstructured":"Preda, M.D., Christodorescu, M., Jha, S., Debray, S.: A semantics-based approach to malware detection. In: 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 377\u2013388. ACM (2007)","DOI":"10.1145\/1190216.1190270"},{"key":"46_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"214","DOI":"10.1007\/978-3-540-93900-9_19","volume-title":"Verification, Model Checking, and Abstract Interpretation","author":"J. Kinder","year":"2009","unstructured":"Kinder, J., Zuleger, F., Veith, H.: An Abstract Interpretation-Based Framework for Control Flow Reconstruction from Binaries. In: Jones, N.D., M\u00fcller-Olm, M. (eds.) VMCAI 2009. LNCS, vol.\u00a05403, pp. 214\u2013228. Springer, Heidelberg (2009)"},{"key":"46_CR13","unstructured":"Brumley, D., Hartwig, C., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Song, D.: BitScope: Automatically dissecting malicious binaries. Technical Report CS-07-133, School of Computer Science, Carnegie Mellon University (2007)"},{"key":"46_CR14","unstructured":"Security Issue on AMO, http:\/\/blog.mozilla.com\/addons\/2010\/02\/04\/please-read-security-issue-on-amo"},{"key":"46_CR15","unstructured":"Aftermath of the Droid Dream Android Market Malware Attack, http:\/\/nakedsecurity.sophos.com\/2011\/03\/03\/droid-dream-android-market-malware-attack-aftermath\/"},{"key":"46_CR16","doi-asserted-by":"crossref","unstructured":"Yee, B., Sehr, D., Dardyk, G., Chen, J.B., Muth, R., Ormandy, T., Okasaka, S., Narula, N., Fullagar, N.: Native client: A sandbox for portable, untrusted x86 native code. In: 30th IEEE Symposium on Security and Privacy (S&P 2009), pp. 79\u201393. IEEE Computer Society (2009)","DOI":"10.1109\/SP.2009.25"},{"key":"46_CR17","unstructured":"Kr\u00f6ger, F., Merz, S.: Temporal Logic and State Systems. Texts in Theoretical Computer Science. An EATCS Series. Springer (2008)"},{"key":"46_CR18","unstructured":"Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley Professional (2003)"},{"key":"46_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"372","DOI":"10.1007\/978-3-642-19835-9_33","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"H. Garavel","year":"2011","unstructured":"Garavel, H., Lang, F., Mateescu, R., Serwe, W.: CADP 2010: A Toolbox for the Construction and Analysis of Distributed Processes. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol.\u00a06605, pp. 372\u2013387. Springer, Heidelberg (2011)"},{"key":"46_CR20","doi-asserted-by":"crossref","unstructured":"Chen, F., Ro\u015fu, G.: MOP: An Efficient and Generic Runtime Verification Framework. In: Object-Oriented Programming, Systems, Languages and Applications, pp. 569\u2013588. ACM (2007)","DOI":"10.1145\/1297105.1297069"},{"key":"46_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"168","DOI":"10.1007\/978-3-642-16612-9_14","volume-title":"Runtime Verification","author":"P. Beaucamps","year":"2010","unstructured":"Beaucamps, P., Gnaedig, I., Marion, J.-Y.: Behavior Abstraction in Malware Analysis. In: Barringer, H., Falcone, Y., Finkbeiner, B., Havelund, K., Lee, I., Pace, G., Ro\u015fu, G., Sokolsky, O., Tillmann, N. (eds.) RV 2010. LNCS, vol.\u00a06418, pp. 168\u2013182. Springer, Heidelberg (2010)"},{"key":"46_CR22","unstructured":"Comon, H., Dauchet, M., Gilleron, R., L\u00f6ding, C., Jacquemard, F., Lugiez, D., Tison, S., Tommasi, M.: Tree automata techniques and applications (2007), http:\/\/www.grappa.univ-lille3.fr\/tata"},{"key":"46_CR23","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: IEEE Symposium on Security and Privacy, pp. 32\u201346. IEEE Computer Society (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"46_CR24","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based Spyware Detection. In: Proceedings of the 15th USENIX Security Symposium (2006)"},{"key":"46_CR25","unstructured":"Beaucamps, P., Gnaedig, I., Marion, J.Y.: Behavior Analysis of Malware by Rewriting-based Abstraction - Extended Version. HAL-INRIA Open Archive Number inria-00594396 (2011)"},{"key":"46_CR26","doi-asserted-by":"crossref","first-page":"157","DOI":"10.3233\/FI-1995-24127","volume":"24","author":"R. Gilleron","year":"1995","unstructured":"Gilleron, R., Tison, S.: Regular Tree Languages and Rewrite Systems. Fundamenta Informaticae\u00a024, 157\u2013176 (1995)","journal-title":"Fundamenta Informaticae"},{"key":"46_CR27","unstructured":"Devine, C., Richaud, N.: A study of anti-virus\u2019 response to unknown threats. In: 18th Conference of the European Institute for Computer Anti-Virus Research, EICAR (2009)"},{"key":"46_CR28","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pp. 5\u201314. ACM (2007)","DOI":"10.1145\/1287624.1287628"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2012"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-33167-1_46","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,6]],"date-time":"2025-04-06T23:44:10Z","timestamp":1743983050000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-33167-1_46"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012]]},"ISBN":["9783642331664","9783642331671"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-33167-1_46","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012]]}}}