{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,24]],"date-time":"2025-11-24T07:08:12Z","timestamp":1763968092688},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642372995"},{"type":"electronic","value":"9783642373008"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-37300-8_6","type":"book-chapter","created":{"date-parts":[[2013,3,13]],"date-time":"2013-03-13T08:53:59Z","timestamp":1363164839000},"page":"102-122","source":"Crossref","is-referenced-by-count":32,"title":["A Static, Packer-Agnostic Filter to Detect Similar Malware Samples"],"prefix":"10.1007","author":[{"given":"Gr\u00e9goire","family":"Jacob","sequence":"first","affiliation":[]},{"given":"Paolo Milani","family":"Comparetti","sequence":"additional","affiliation":[]},{"given":"Matthias","family":"Neugschwandtner","sequence":"additional","affiliation":[]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"6_CR1","unstructured":"ANUBIS, http:\/\/anubis.iseclab.org"},{"key":"6_CR2","unstructured":"CWSandbox, http:\/\/www.mwanalysis.org"},{"key":"6_CR3","unstructured":"Norman Sandbox, http:\/\/www.norman.com\/technology\/norman_sandbox\/"},{"key":"6_CR4","unstructured":"ThreatExpert, http:\/\/www.threatexpert.com"},{"key":"6_CR5","unstructured":"VirusTotal, http:\/\/www.virustotal.com"},{"key":"6_CR6","unstructured":"Bayer, U., Comparetti, P., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: Proc. Symp. Network and Distributed System Security, NDSS (2009)"},{"key":"6_CR7","unstructured":"Carrera, E., Erdelyi, G.: Digital genome mapping. In: Virus Bulletin (2004)"},{"key":"6_CR8","unstructured":"Ebringer, T., Sun, L., Boztas, S.: A fast randomness test that preserves local detail. In: Virus Bulletin (2008)"},{"key":"6_CR9","unstructured":"Fogla, P., Sharif, M., Perdisci, R., Kolesnikov, O., Lee, W.: Polymorphic blending attacks. In: USENIX Security Symposium (2006)"},{"key":"6_CR10","unstructured":"Gheorghescu, M.: An automated virus classification system. In: Virus Bulletin (2005)"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Hu, X., Chiueh, T., Shin, K.G.: Large-scale malware indexing using function-call graphs. In: Proc. ACM Conf. Computer and Communications Security, CCS, pp. 611\u2013620. ACM (2009)","DOI":"10.1145\/1653662.1653736"},{"key":"6_CR12","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Poosankam, P., Yin, H.: Renovo: a hidden code extractor for packed executables. In: Proc. ACM Workshop Recurring Malcode, WORM, pp. 46\u201353. ACM (2007)","DOI":"10.1145\/1314389.1314399"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Karnik, A., Goswami, S., Guha, R.: Detecting obfuscated viruses using cosine similarity analysis. In: Proc. Asia Int. Conf. Modelling & Simulation, AMS, pp. 165\u2013170. IEEE Computer Society (2007)","DOI":"10.1109\/AMS.2007.31"},{"key":"6_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/11663812_11","volume-title":"Recent Advances in Intrusion Detection","author":"C. Kruegel","year":"2006","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic Worm Detection Using Structural Information of Executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 207\u2013226. Springer, Heidelberg (2006)"},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proc. ACM Conf. Computer and Communications Security, CCS. ACM (2003)","DOI":"10.1145\/948109.948144"},{"issue":"2","key":"6_CR16","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/MSP.2007.48","volume":"5","author":"R. Lyda","year":"2007","unstructured":"Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Security and Privacy\u00a05(2), 40\u201345 (2007)","journal-title":"IEEE Security and Privacy"},{"key":"6_CR17","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: Omniunpack: Fast, generic, and safe unpacking of malware. In: Proc. Annual Computer Security Applications Conf., ACSAC, pp. 431\u2013441 (2007)","DOI":"10.1109\/ACSAC.2007.15"},{"issue":"4","key":"6_CR18","doi-asserted-by":"publisher","first-page":"295","DOI":"10.1007\/s11416-009-0122-8","volume":"5","author":"R. Moskovitch","year":"2009","unstructured":"Moskovitch, R., Stopel, D., Feher, C., Nissim, N., Japkowicz, N., Elovici, Y.: Unknown malcode detection and the imbalance problem. J. Computer Virology\u00a05(4), 295\u2013308 (2009)","journal-title":"J. Computer Virology"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Neugschwandtner, M., Comparetti, P.M., Jacob, G., Kruegel, C.: FORECAST \u2013 Skimming off the malware cream. In: Proc. Annual Computer Security Applications Conf., ACSAC (2011)","DOI":"10.1145\/2076732.2076735"},{"issue":"14","key":"6_CR20","doi-asserted-by":"publisher","first-page":"1941","DOI":"10.1016\/j.patrec.2008.06.016","volume":"29","author":"R. Perdisci","year":"2008","unstructured":"Perdisci, R., Lanzi, A., Lee, W.: Classification of packed executables for accurate computer virus detection. Pattern Recognition Letters\u00a029(14), 1941\u20131946 (2008)","journal-title":"Pattern Recognition Letters"},{"key":"6_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/11961635_19","volume-title":"Information Systems Security","author":"D. Krishna Sandeep Reddy","year":"2006","unstructured":"Krishna Sandeep Reddy, D., Dash, S.K., Pujari, A.K.: New Malicious Code Detection Using Variable Length n-grams. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol.\u00a04332, pp. 276\u2013288. Springer, Heidelberg (2006)"},{"key":"6_CR22","doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: Polyunpack: Automating the hidden-code extraction of unpack-executing malware. In: Annual Computer Security Applications Conference (2006)","DOI":"10.1109\/ACSAC.2006.38"},{"key":"6_CR23","doi-asserted-by":"crossref","unstructured":"Rukhin, A., Soto, J., Nechvatal, J., Smid, M., Barker, E., Leigh, S., Levenson, M., Vangel, M., Banks, D., Heckert, A., Dray, J., Vo, S.: A statistical test suite for random and pseudorandom number generators for cryptographic applications. Technical Report 800-22, NIST (2001)","DOI":"10.6028\/NIST.SP.800-22"},{"key":"6_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"370","DOI":"10.1007\/978-3-642-14081-5_23","volume-title":"Information Security and Privacy","author":"L. Sun","year":"2010","unstructured":"Sun, L., Versteeg, S., Bozta\u015f, S., Yann, T.: Pattern Recognition Techniques for the Classification of Malware Packers. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol.\u00a06168, pp. 370\u2013390. Springer, Heidelberg (2010)"},{"key":"6_CR25","doi-asserted-by":"crossref","unstructured":"Tabish, S.M., Shafiq, M.Z., Farooq, M.: Malware detection using statistical analysis of byte-level file content. In: Proc. ACM SIGKDD Workshop CyberSecurity and Intelligence Informatics (2009)","DOI":"10.1145\/1599272.1599278"},{"key":"6_CR26","unstructured":"Walenstein, A., Venable, M., Hayes, M., Thompson, C., Lakhotia, A.: Exploiting similarity between variants to defeat malware. In: Proc. BlackHat DC Conf. (2007)"},{"key":"6_CR27","unstructured":"Wicherski, G.: peHash: A novel approach to fast malware clustering. In: USENIX Workshop Large-Scale Exploits and Emergent Threats, LEET (2009)"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-37300-8_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,10]],"date-time":"2019-07-10T23:12:07Z","timestamp":1562800327000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-37300-8_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642372995","9783642373008"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-37300-8_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}