{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T21:06:33Z","timestamp":1769115993584,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":39,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642392344","type":"print"},{"value":"9783642392351","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-39235-1_3","type":"book-chapter","created":{"date-parts":[[2013,7,13]],"date-time":"2013-07-13T04:07:36Z","timestamp":1373688456000},"page":"41-61","source":"Crossref","is-referenced-by-count":46,"title":["Exploring Discriminatory Features for Automated Malware Classification"],"prefix":"10.1007","author":[{"given":"Guanhua","family":"Yan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nathan","family":"Brown","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Deguang","family":"Kong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"issue":"4","key":"3_CR1","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/s11416-011-0152-x","volume":"7","author":"B. Anderson","year":"2011","unstructured":"Anderson, B., Quist, D., Neil, J., Storlie, C., Lane, T.: Graph-based malware detection using dynamic analysis. Journal of Computer Virology\u00a07(4), 247\u2013258 (2011)","journal-title":"Journal of Computer Virology"},{"key":"3_CR2","unstructured":"http:\/\/anubis.iseclab.org\/"},{"key":"3_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-540-74320-0_10","volume-title":"Recent Advances in Intrusion Detection","author":"M. Bailey","year":"2007","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 178\u2013197. Springer, Heidelberg (2007)"},{"key":"3_CR4","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS 2009 (2009)"},{"key":"3_CR5","unstructured":"http:\/\/www.sophos.com\/en-us\/threat-center\/threat-analyses\/viruses-and-spyware\/Troj~Bifrose-ZI\/detailed-analysis.aspx"},{"key":"3_CR6","doi-asserted-by":"crossref","unstructured":"Canali, D., Lanzi, A., Balzarotti, D., Christoderescu, M., Kruegel, C., Kirda, E.: A quantitative study of accuracy in system call-based malware detection. In: ISSTA (2012)","DOI":"10.1145\/2338965.2336768"},{"key":"3_CR7","doi-asserted-by":"crossref","unstructured":"He, H., Garcia, E.A.: Learning from imbalanced data. IEEE Transactions on Knowledge and Data Engineering\u00a021 (2009)","DOI":"10.1109\/TKDE.2008.239"},{"key":"3_CR8","doi-asserted-by":"crossref","unstructured":"Hu, X., Chiueh, T.-C., Shin, K.G.: Large-scale malware indexing using function-call graphs. In: CCS 2009 (2009)","DOI":"10.1145\/1653662.1653736"},{"key":"3_CR9","unstructured":"http:\/\/www.pintool.org\/"},{"key":"3_CR10","doi-asserted-by":"crossref","unstructured":"Jang, J., Brumley, D., Venkataraman, S.: Bitshred: feature hashing malware for scalable triage and semantic analysis. In: Proceedings of ACM CCS 2011 (2011)","DOI":"10.1145\/2046707.2046742"},{"key":"3_CR11","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: USENIX Security 2009 (2009)"},{"key":"3_CR12","first-page":"2721","volume":"7","author":"J.Z. Kolter","year":"2006","unstructured":"Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. Journal of Maching Learning Research\u00a07, 2721\u20132744 (2006)","journal-title":"Journal of Maching Learning Research"},{"key":"3_CR13","unstructured":"Kong, D., Ding, C., Huang, H., Zhao, H.: Multi-label relieff and f-statistic feature selections for image annotation. In: IEEE CVPR 2012 (2012)"},{"key":"3_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1007\/3-540-57868-4_57","volume-title":"Machine Learning: ECML-94","author":"I. Kononenko","year":"1994","unstructured":"Kononenko, I.: Estimating attributes: analysis and extensions of relief. In: Bergadano, F., De Raedt, L. (eds.) ECML 1994. LNCS, vol.\u00a0784, pp. 171\u2013182. Springer, Heidelberg (1994)"},{"key":"3_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/11663812_11","volume-title":"Recent Advances in Intrusion Detection","author":"C. Kruegel","year":"2006","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol.\u00a03858, pp. 207\u2013226. Springer, Heidelberg (2006)"},{"key":"3_CR16","doi-asserted-by":"crossref","unstructured":"Li, Y.: Building a Decision Cluster Classification Model by a Clustering Algorithm to Classify Large High Dimensional Data with Multiple Classes. PhD thesis, The Hong Kong Polytechnic University (2010)","DOI":"10.1007\/978-3-642-05224-8_21"},{"key":"3_CR17","unstructured":"http:\/\/code.google.com\/p\/libdasm\/"},{"key":"3_CR18","unstructured":"Liu, H., Li, J., Wong, L.: A comparative study on feature selection and classification methods using gene expression profiles and proteomic patterns. Genome Informatics\u00a013 (2002)"},{"key":"3_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-642-25560-1_10","volume-title":"Information Systems Security","author":"F. Maggi","year":"2011","unstructured":"Maggi, F., Bellini, A., Salvaneschi, G., Zanero, S.: Finding non-trivial malware naming inconsistencies. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol.\u00a07093, pp. 144\u2013159. Springer, Heidelberg (2011)"},{"key":"3_CR20","unstructured":"Microsoft security intelligence report (January-June 2006)"},{"key":"3_CR21","doi-asserted-by":"crossref","unstructured":"Nataraj, L., Yegneswaran, V., Porras, P., Zhang, J.: A comparative assessment of malware classification using binary texture analysis and dynamic analysis. In: ACM AISec 2011 (2011)","DOI":"10.1145\/2046684.2046689"},{"key":"3_CR22","unstructured":"http:\/\/www.offensivecomputing.net\/ (accessed in March 2012)"},{"key":"3_CR23","unstructured":"http:\/\/orange.biolab.si\/"},{"key":"3_CR24","unstructured":"http:\/\/code.google.com\/p\/pefile\/"},{"key":"3_CR25","doi-asserted-by":"crossref","unstructured":"Perdisci, R., Lanzi, A., Lee, W.: Mcboost: Boosting scalability in malware collection and analysis using statistical classification of executables. In: ACSAC 2008 (2008)","DOI":"10.1109\/ACSAC.2008.22"},{"key":"3_CR26","unstructured":"Raman, K.: Selecting features to classify malware. In: Proc. of InfoSec Southwest (2012)"},{"key":"3_CR27","doi-asserted-by":"crossref","unstructured":"Rieck, K., Krueger, T., Dewald, A.: Cujo: efficient detection and prevention of drive-by-download attacks. In: ACSAC 2010 (2010)","DOI":"10.1145\/1920261.1920267"},{"issue":"4","key":"3_CR28","doi-asserted-by":"crossref","first-page":"639","DOI":"10.3233\/JCS-2010-0410","volume":"19","author":"K. Rieck","year":"2011","unstructured":"Rieck, K., Trinius, P., Willems, C., Holz, T.: Automatic analysis of malware behavior using machine learning. J. Comput. Secur.\u00a019(4), 639\u2013668 (2011)","journal-title":"J. Comput. Secur."},{"key":"3_CR29","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Grier, C., Kreibich, C., Paxson, V., Pohlmann, N., Bos, H., van Steen, M.: Prudent practices for designing malware experiments: Status quo and outlook. In: IEEE Symposium on Security and Privacy (May 2012)","DOI":"10.1109\/SP.2012.14"},{"key":"3_CR30","volume-title":"NIPS 2004","author":"V. Roth","year":"2004","unstructured":"Roth, V., Lange, T.: Feature selection in clustering problems. In: NIPS 2004. MIT Press, Cambridge (2004)"},{"key":"3_CR31","doi-asserted-by":"crossref","unstructured":"Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proc. of IEEE Symposium on Security and Privacy (2001)","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"3_CR32","unstructured":"http:\/\/scikit-learn.org\/"},{"key":"3_CR33","unstructured":"http:\/\/www.honeynet.org\/node\/53"},{"key":"3_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-642-04342-0_7","volume-title":"Recent Advances in Intrusion Detection","author":"M.Z. Shafiq","year":"2009","unstructured":"Shafiq, M.Z., Tabish, S.M., Mirza, F., Farooq, M.: PE-Miner: Mining structural information to detect malicious executables in realtime. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol.\u00a05758, pp. 121\u2013141. Springer, Heidelberg (2009)"},{"key":"3_CR35","unstructured":"http:\/\/www.symantec.com\/about\/news\/release\/article.jsp?prid=20110404_03"},{"key":"3_CR36","unstructured":"https:\/\/www.virustotal.com\/"},{"key":"3_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"318","DOI":"10.1007\/978-3-642-23644-0_17","volume-title":"Recent Advances in Intrusion Detection","author":"C. Yang","year":"2011","unstructured":"Yang, C., Harkreader, R.C., Gu, G.: Die free or live hard? Empirical evaluation and new design for fighting evolving twitter spammers. In: Sommer, R., Balzarotti, D., Maier, G. (eds.) RAID 2011. LNCS, vol.\u00a06961, pp. 318\u2013337. Springer, Heidelberg (2011)"},{"key":"3_CR38","doi-asserted-by":"crossref","unstructured":"Ye, Y., Wang, D., Li, T., Ye, D., Jiang, Q.: An intelligent pe-malware detection system based on association mining. Journal in Computer Virology (2008)","DOI":"10.1007\/s11416-008-0082-4"},{"issue":"1-2","key":"3_CR39","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/s10994-010-5221-8","volume":"85","author":"H.-F. Yu","year":"2011","unstructured":"Yu, H.-F., Huang, F.-L., Lin, C.-J.: Dual coordinate descent methods for logistic regression and maximum entropy models. Machine Learning\u00a085(1-2), 41\u201375 (2011)","journal-title":"Machine Learning"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-39235-1_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,18]],"date-time":"2019-07-18T04:04:10Z","timestamp":1563422650000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-39235-1_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642392344","9783642392351"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-39235-1_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}