{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,24]],"date-time":"2026-06-24T11:32:27Z","timestamp":1782300747853,"version":"3.54.5"},"publisher-location":"Berlin, Heidelberg","reference-count":54,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642412837","type":"print"},{"value":"9783642412844","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-41284-4_10","type":"book-chapter","created":{"date-parts":[[2013,10,22]],"date-time":"2013-10-22T17:35:11Z","timestamp":1382463311000},"page":"184-203","source":"Crossref","is-referenced-by-count":6,"title":["Detecting Traditional Packers, Decisively"],"prefix":"10.1007","author":[{"given":"Denis","family":"Bueno","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kevin J.","family":"Compton","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Karem A.","family":"Sakallah","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Michael","family":"Bailey","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","reference":[{"key":"10_CR1","doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: PolyUnpack: Automating the hidden-code extraction of unpack-executing malware. In: Annual Computer Security Applications Conference, pp. 289\u2013300. IEEE Computer Society (2006)","DOI":"10.1109\/ACSAC.2006.38"},{"key":"10_CR2","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D.X., Bryant, R.E.: Semantics-aware malware detection. In: Security and Privacy, pp. 32\u201346. IEEE Computer Society Press (2005)","DOI":"10.1109\/SP.2005.20"},{"issue":"2","key":"10_CR3","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1109\/MSP.2005.40","volume":"3","author":"R. Oppliger","year":"2005","unstructured":"Oppliger, R., Rytz, R.: Does trusted computing remedy computer security problems? IEEE Security Privacy\u00a03(2), 16\u201319 (2005)","journal-title":"IEEE Security Privacy"},{"key":"10_CR4","doi-asserted-by":"crossref","unstructured":"Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D.X., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Botnet Detection, pp. 65\u201388. Springer (2008)","DOI":"10.1007\/978-0-387-68768-1_4"},{"key":"10_CR5","first-page":"311","volume-title":"ACM Conference on Computer and Communications Security, CCS 2006","author":"J. Newsome","year":"2006","unstructured":"Newsome, J., Brumley, D., Franklin, J., Song, D.: Replayer: automatic protocol replay by binary analysis. In: ACM Conference on Computer and Communications Security, CCS 2006, pp. 311\u2013321. ACM, New York (2006)"},{"key":"10_CR6","doi-asserted-by":"crossref","unstructured":"Bayer, U., Kirda, E., Kruegel, C.: Improving the efficiency of dynamic malware analysis. In: Proceedings of the 2010 ACM Symposium on Applied Computing, pp. 1871\u20131878. ACM (2010)","DOI":"10.1145\/1774088.1774484"},{"key":"10_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"98","DOI":"10.1007\/978-3-540-87403-4_6","volume-title":"Recent Advances in Intrusion Detection","author":"F. Guo","year":"2008","unstructured":"Guo, F., Ferrie, P., Chiueh, T.-c.: A study of the packer problem and its solutions. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 98\u2013115. Springer, Heidelberg (2008)"},{"issue":"4","key":"10_CR8","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1016\/S0022-0000(73)80029-7","volume":"7","author":"S.A. Cook","year":"1973","unstructured":"Cook, S.A., Reckhow, R.A.: Time bounded random access machines. J. Comput. Syst. Sci.\u00a07(4), 354\u2013375 (1973)","journal-title":"J. Comput. Syst. Sci."},{"key":"10_CR9","first-page":"309","volume-title":"ACM Conference on Computer and Communications Security, CCS 2011","author":"J. Jang","year":"2011","unstructured":"Jang, J., Brumley, D., Venkataraman, S.: Bitshred: feature hashing malware for scalable triage and semantic analysis. In: ACM Conference on Computer and Communications Security, CCS 2011, pp. 309\u2013320. ACM, New York (2011)"},{"key":"10_CR10","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Computer Security Applications Conference, pp. 421\u2013430 (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"10_CR11","doi-asserted-by":"crossref","unstructured":"Zhang, Q., Reeves, D.S.: MetaAware: Identifying metamorphic malware. In: Annual Computer Security Applications Conference, pp. 411\u2013420. IEEE Computer Society Press (2007)","DOI":"10.1109\/ACSAC.2007.9"},{"key":"10_CR12","doi-asserted-by":"crossref","unstructured":"Sharif, M.I., Lanzi, A., Giffin, J.T., Lee, W.: Automatic reverse engineering of malware emulators. In: Security and Privacy, pp. 94\u2013109. IEEE Computer Society (2009)","DOI":"10.1109\/SP.2009.27"},{"key":"10_CR13","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Poosankam, P., Yin, H.: Renovo: A hidden code extractor for packed executables. In: WORM. ACM (November 2007)","DOI":"10.1145\/1314389.1314399"},{"key":"10_CR14","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: OmniUnpack: Fast, generic, and safe unpacking of malware. In: Annual Computer Security Applications Conference, pp. 431\u2013441. IEEE Computer Society Press (2007)","DOI":"10.1109\/ACSAC.2007.15"},{"key":"10_CR15","series-title":"SpringerBriefs in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/978-1-4614-5523-3_3","volume-title":"Automatic Malware Analysis","author":"H. Yin","year":"2013","unstructured":"Yin, H., Song, D.: Hidden code extraction. In: Automatic Malware Analysis. SpringerBriefs in Computer Science, pp. 17\u201326. Springer, New York (2013)"},{"key":"10_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/978-3-642-11145-7_19","volume-title":"Information and Communications Security","author":"L. Liu","year":"2009","unstructured":"Liu, L., Ming, J., Wang, Z., Gao, D., Jia, C.: Denial-of-service attacks on host-based generic unpackers. In: Qing, S., Mitchell, C.J., Wang, G. (eds.) ICICS 2009. LNCS, vol.\u00a05927, pp. 241\u2013253. Springer, Heidelberg (2009)"},{"key":"10_CR17","doi-asserted-by":"publisher","first-page":"343","DOI":"10.4028\/www.scientific.net\/AMM.198-199.343","volume":"198\u2013199","author":"P.D. Xie","year":"2012","unstructured":"Xie, P.D., Li, M.J., Wang, Y.J., Su, J.S., Lu, X.C.: Unpacking techniques and tools in malware analysis. Applied Mechanics and Materials\u00a0198\u2013199, 343\u2013350 (2012)","journal-title":"Applied Mechanics and Materials"},{"issue":"14","key":"10_CR18","doi-asserted-by":"publisher","first-page":"1941","DOI":"10.1016\/j.patrec.2008.06.016","volume":"29","author":"R. Perdisci","year":"2008","unstructured":"Perdisci, R., Lanzi, A., Lee, W.: Classification of packed executables for accurate computer virus detection. Pattern Recognition Letters\u00a029(14), 1941\u20131946 (2008)","journal-title":"Pattern Recognition Letters"},{"issue":"1","key":"10_CR19","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1109\/TIT.2002.806137","volume":"49","author":"D. Spinellis","year":"2003","unstructured":"Spinellis, D.: Reliable identification of bounded-length viruses is NP-complete. IEEE Transactions on Information Theory\u00a049(1), 280\u2013284 (2003)","journal-title":"IEEE Transactions on Information Theory"},{"issue":"3","key":"10_CR20","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/s11416-008-0084-2","volume":"4","author":"J.M. Borello","year":"2008","unstructured":"Borello, J.M., M\u00e9, L.: Code obfuscation techniques for metamorphic viruses. Journal in Computer Virology\u00a04(3), 211\u2013220 (2008)","journal-title":"Journal in Computer Virology"},{"key":"10_CR21","doi-asserted-by":"crossref","unstructured":"Katz, J., Lindell, Y.: Introduction to Modern Cryptography. Chapman & Hall (2008)","DOI":"10.1201\/9781420010756"},{"issue":"4","key":"10_CR22","doi-asserted-by":"publisher","first-page":"365","DOI":"10.1145\/321239.321240","volume":"11","author":"C.C. Elgot","year":"1964","unstructured":"Elgot, C.C., Robinson, A.: Random-access stored-program machines, an approach to programming languages. J. ACM\u00a011(4), 365\u2013399 (1964)","journal-title":"J. ACM"},{"issue":"3","key":"10_CR23","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/BF01694180","volume":"5","author":"J. Hartmanis","year":"1971","unstructured":"Hartmanis, J.: Computational complexity of random access stored program machines. Mathematical Systems Theory\u00a05(3), 232\u2013245 (1971)","journal-title":"Mathematical Systems Theory"},{"key":"10_CR24","unstructured":"Aho, A.V., Hopcroft, J.E., Ullman, J.D.: The Design and Analysis of Computer Algorithms. Addison-Wesley (1974)"},{"key":"10_CR25","unstructured":"Cohen, F.: Computer Viruses. PhD thesis, University of Southern California (1986)"},{"issue":"4","key":"10_CR26","doi-asserted-by":"publisher","first-page":"297","DOI":"10.1016\/0167-4048(89)90089-8","volume":"8","author":"F. Cohen","year":"1989","unstructured":"Cohen, F.: Computational aspects of computer viruses. Computers & Security\u00a08(4), 297\u2013298 (1989)","journal-title":"Computers & Security"},{"key":"10_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"354","DOI":"10.1007\/0-387-34799-2_28","volume-title":"Advances in Cryptology - CRYPTO \u201988","author":"L.M. Adleman","year":"1990","unstructured":"Adleman, L.M.: An abstract theory of computer viruses. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol.\u00a0403, pp. 354\u2013374. Springer, Heidelberg (1990)"},{"issue":"7","key":"10_CR28","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1093\/comjnl\/41.7.444","volume":"41","author":"H. Thimbleby","year":"1998","unstructured":"Thimbleby, H., Anderson, S., Cairns, P.: A framework for modelling trojans and computer virus infection. The Computer Journal\u00a041(7), 444\u2013458 (1998)","journal-title":"The Computer Journal"},{"key":"10_CR29","unstructured":"Chess, D.M., White, S.R.: An undetectable computer virus. In: Proceedings of Virus Bulletin Conference, vol.\u00a05 (2000)"},{"issue":"2","key":"10_CR30","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/s11416-007-0041-5","volume":"3","author":"E. Filiol","year":"2007","unstructured":"Filiol, E., Josse, S.: A statistical model for undecidable viral detection. Journal in Computer Virology\u00a03(2), 65\u201374 (2007)","journal-title":"Journal in Computer Virology"},{"key":"10_CR31","unstructured":"Oreans Technologies, http:\/\/www.oreans.com\/themida.php"},{"key":"10_CR32","volume-title":"Introduction to the Theory of Computation","author":"M. Sipser","year":"2006","unstructured":"Sipser, M.: Introduction to the Theory of Computation, vol.\u00a027. Thomson Course Technology, Boston (2006)"},{"key":"10_CR33","doi-asserted-by":"crossref","unstructured":"Shaw, D.E., Deneroff, M.M., Dror, R.O., Kuskin, J.S., Larson, R.H., Salmon, J.K., Young, C., Batson, B., Bowers, K.J., Chao, J.C., et al.: Anton, a special-purpose machine for molecular dynamics simulation. In: ACM SIGARCH Computer Architecture News, vol.\u00a035, pp. 1\u201312. ACM (2007)","DOI":"10.1145\/1273440.1250664"},{"key":"10_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-540-72540-4_1","volume-title":"Advances in Cryptology - EUROCRYPT 2007","author":"M. Stevens","year":"2007","unstructured":"Stevens, M., Lenstra, A.K., de Weger, B.: Chosen-prefix collisions for MD5 and colliding X.509 certificates for different identities. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol.\u00a04515, pp. 1\u201322. Springer, Heidelberg (2007)"},{"key":"10_CR35","volume-title":"Computers and Intractability","author":"M.R. Garey","year":"1979","unstructured":"Garey, M.R., Johnson, D.S.: Computers and Intractability, vol.\u00a0174. Freeman, New York (1979)"},{"key":"10_CR36","series-title":"Lecture Notes in Computer Science","first-page":"52","volume-title":"Logic of Programs","author":"E.M. Clarke","year":"1981","unstructured":"Clarke, E.M., Emerson, E.A.: Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic. In: Engeler, E. (ed.) Logic of Programs 1979. LNCS, vol.\u00a0125, pp. 52\u201371. Springer, Heidelberg (1981)"},{"key":"10_CR37","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/3-540-11494-7_22","volume-title":"International Symposium on Programming","author":"J.P. Queille","year":"1982","unstructured":"Queille, J.P., Sifakis, J.: Specification and Verification of Concurrent Systems in CESAR. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) Programming 1982. LNCS, vol.\u00a0137, pp. 337\u2013351. Springer, Heidelberg (1982)"},{"key":"10_CR38","unstructured":"Clarke, E.M.: The Birth of Model Checking. In: Grumberg, O., Veith, H. (eds.) 25MC Festschrift. LNCS, vol.\u00a05000, pp. 1\u201326. Springer, Heidelberg (2008)"},{"issue":"3","key":"10_CR39","doi-asserted-by":"publisher","first-page":"733","DOI":"10.1145\/3828.3837","volume":"32","author":"A.P. Sistla","year":"1985","unstructured":"Sistla, A.P., Clarke, E.M.: The complexity of propositional linear temporal logics. J. ACM\u00a032(3), 733\u2013749 (1985)","journal-title":"J. ACM"},{"key":"10_CR40","doi-asserted-by":"crossref","unstructured":"Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic Verification of Finite State Concurrent Systems Using Temporal Logic Specifications: A Practical Approach. In: POPL, pp. 117\u2013126 (1983)","DOI":"10.1145\/567067.567080"},{"key":"10_CR41","doi-asserted-by":"crossref","unstructured":"Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L., Hwang, L.J.: Symbolic model checking: 1020 states and beyond. In: LICS, pp. 428\u2013439 (1990)","DOI":"10.1109\/LICS.1990.113767"},{"key":"10_CR42","doi-asserted-by":"crossref","unstructured":"Marques-Silva, J.A.P., Sakallah, K.A.: GRASP-A New Search Algorithm for Satisfiability. In: Digest of IEEE International Conference on Computer-Aided Design, ICCAD, San Jose, California, pp. 220\u2013227 (November 1996)","DOI":"10.1109\/ICCAD.1996.569607"},{"issue":"5","key":"10_CR43","doi-asserted-by":"publisher","first-page":"506","DOI":"10.1109\/12.769433","volume":"48","author":"J.A.P. Marques-Silva","year":"1999","unstructured":"Marques-Silva, J.A.P., Sakallah, K.A.: GRASP: A Search Algorithm for Propositional Satisfiability. IEEE Transactions on Computers\u00a048(5), 506\u2013521 (1999)","journal-title":"IEEE Transactions on Computers"},{"key":"10_CR44","doi-asserted-by":"crossref","unstructured":"Moskewicz, M.W., Madigan, C.F., Zhao, Y., Zhang, L., Malik, S.: Chaff: Engineering an Efficient SAT Solver. In: DAC, pp. 530\u2013535 (2001)","DOI":"10.1145\/378239.379017"},{"key":"10_CR45","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"193","DOI":"10.1007\/3-540-49059-0_14","volume-title":"Tools and Algorithms for the Construction of Analysis of Systems","author":"A. Biere","year":"1999","unstructured":"Biere, A., Cimatti, A., Clarke, E.M., Zhu, Y.: Symbolic Model Checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol.\u00a01579, pp. 193\u2013207. Springer, Heidelberg (1999)"},{"key":"10_CR46","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1023\/A:1011276507260","volume":"19","author":"E. Clarke","year":"2001","unstructured":"Clarke, E., Biere, A., Raimi, R., Zhu, Y.: Bounded Model Checking Using Satisfiability Solving. Form. Methods Syst. Des.\u00a019, 7\u201334 (2001)","journal-title":"Form. Methods Syst. Des."},{"key":"10_CR47","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1007\/10722167_15","volume-title":"Computer Aided Verification","author":"E. Clarke","year":"2000","unstructured":"Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-Guided Abstraction Refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol.\u00a01855, pp. 154\u2013169. Springer, Heidelberg (2000)"},{"key":"10_CR48","doi-asserted-by":"publisher","first-page":"752","DOI":"10.1145\/876638.876643","volume":"50","author":"E. Clarke","year":"2003","unstructured":"Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-Guided Abstraction Refinement for Symbolic Model Checking. J. ACM\u00a050, 752\u2013794 (2003)","journal-title":"J. ACM"},{"key":"10_CR49","doi-asserted-by":"crossref","unstructured":"Bradley, A.R., Manna, Z.: Checking Safety by Inductive Generalization of Counterexamples to Induction. In: Formal Methods in Computer Aided Design, FMCAD 2007, pp. 173\u2013180 (November 2007)","DOI":"10.1109\/FAMCAD.2007.15"},{"key":"10_CR50","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1007\/978-3-642-18275-4_7","volume-title":"Verification, Model Checking, and Abstract Interpretation","author":"A.R. Bradley","year":"2011","unstructured":"Bradley, A.R.: SAT-Based Model Checking without Unrolling. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol.\u00a06538, pp. 70\u201387. Springer, Heidelberg (2011)"},{"key":"10_CR51","unstructured":"Knuth, D.E.: Art of Computer Programming, 3rd edn. Fundamental Algorithms, vol.\u00a01. Addison-Wesley Professional (July 1997)"},{"key":"10_CR52","doi-asserted-by":"publisher","first-page":"483","DOI":"10.1145\/1465482.1465560","volume-title":"Proceedings of the Spring Joint Computer Conference, AFIPS 1967 (Spring)","author":"G.M. Amdahl","year":"1967","unstructured":"Amdahl, G.M.: Validity of the single processor approach to achieving large scale computing capabilities. In: Proceedings of the Spring Joint Computer Conference, AFIPS 1967 (Spring), April 18-20, pp. 483\u2013485. ACM, New York (1967)"},{"key":"10_CR53","unstructured":"Downey, R.G., Fellows, M.R., Stege, U.: Computational tractability: The view from mars. In: Bulletin of the European Association of Theoretical Computer Science, pp. 73\u201397"},{"key":"10_CR54","unstructured":"VMProtect Software, http:\/\/vmpsoft.com\/"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-41284-4_10","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T17:53:16Z","timestamp":1746035596000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-41284-4_10"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642412837","9783642412844"],"references-count":54,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-41284-4_10","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}