{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,26]],"date-time":"2026-03-26T15:33:30Z","timestamp":1774539210087,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":44,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642545245","type":"print"},{"value":"9783642545252","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-642-54525-2_39","type":"book-chapter","created":{"date-parts":[[2014,2,7]],"date-time":"2014-02-07T14:26:22Z","timestamp":1391783182000},"page":"440-450","source":"Crossref","is-referenced-by-count":69,"title":["Static Malware Analysis Using Machine Learning Methods"],"prefix":"10.1007","author":[{"given":"Hiran V.","family":"Nath","sequence":"first","affiliation":[]},{"given":"Babu M.","family":"Mehtre","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"39_CR1","unstructured":"The \u2018ICEFOG\u2019 APT: A tale of cloak and three daggers. Kaspersky Lab Global Research And Analysis Team(GREAT) (2013)"},{"key":"39_CR2","doi-asserted-by":"crossref","unstructured":"Balduzzi, M., Ciangaglini, V., McArdle, R.: Targeted attacks detection with spunge. Trend Micro Research, EMEA (2013)","DOI":"10.1109\/PST.2013.6596053"},{"key":"39_CR3","doi-asserted-by":"crossref","unstructured":"Becker, G.T., Regazzoni, F., Paar, C., Burleson, W.P.: Stealthy dopant-level hardware trojans (2013)","DOI":"10.1007\/978-3-642-40349-1_12"},{"issue":"4","key":"39_CR4","doi-asserted-by":"publisher","first-page":"971","DOI":"10.3390\/fi4040971","volume":"4","author":"B. Bencs\u00e1th","year":"2012","unstructured":"Bencs\u00e1th, B., P\u00e9k, G., Butty\u00e1n, L., F\u00e9legyh\u00e1zi, M.: The cousins of stuxnet: Duqu, flame, and gauss. Future Internet\u00a04(4), 971\u20131003 (2012)","journal-title":"Future Internet"},{"issue":"2","key":"39_CR5","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1504\/IJESDF.2007.016865","volume":"1","author":"D. Bilar","year":"2007","unstructured":"Bilar, D.: Opcodes as predictor for malware. International Journal of Electronic Security and Digital Forensics\u00a01(2), 156\u2013168 (2007)","journal-title":"International Journal of Electronic Security and Digital Forensics"},{"key":"39_CR6","unstructured":"Blonce, A., Filiol, E., Frayssignes, L.: Portable document format (pdf) security analysis and malware threats. Tech. rep., Virology and Cryptology Laboratory, French Army Signals Academy (2008)"},{"key":"39_CR7","first-page":"115","volume":"95","author":"W.W. Cohen","year":"1995","unstructured":"Cohen, W.W.: Fast effective rule induction. ICML\u00a095, 115\u2013123 (1995)","journal-title":"ICML"},{"key":"39_CR8","unstructured":"Desnos, A., Erra, R., Filiol, E.: Processor-dependent malware... and codes. arXiv preprint arXiv:1011.1638 (2010)"},{"key":"39_CR9","doi-asserted-by":"crossref","unstructured":"Dube, T., Raines, R., Peterson, G., Bauer, K., Grimaila, M., Rogers, S.: Malware type recognition and cyber situational awareness. In: Second International Conference on Social Computing (SocialCom), pp. 938\u2013943. IEEE (2010)","DOI":"10.1109\/SocialCom.2010.139"},{"issue":"1","key":"39_CR10","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1016\/j.cose.2011.09.002","volume":"31","author":"T. Dube","year":"2012","unstructured":"Dube, T., Raines, R., Peterson, G., Bauer, K., Grimaila, M., Rogers, S.: Malware target recognition via static heuristics. Computers & Security\u00a031(1), 137\u2013147 (2012)","journal-title":"Computers & Security"},{"key":"39_CR11","unstructured":"Dube, T.E.: A Novel Malware Target Recognition Architecture for Enhanced Cyberspace Situation Awareness. Ph.D Thesis, Air Force Institute of Technology, Wright-Patterson Air Force Base, Ohio (September 2011)"},{"key":"39_CR12","doi-asserted-by":"crossref","unstructured":"Dube, T.E., Raines, R.A., Grimaila, M.R., Bauer, K., Rogers, S.: Malware target recognition of unknown threats. IEEE Systems Journal\u00a07(3) (September 2013)","DOI":"10.1109\/JSYST.2012.2221913"},{"key":"39_CR13","unstructured":"Dube, T.E., Raines, R.A., Rogers, S.K.: Malware target recognition. US Patent 20, 120, 260, 342 (October 11, 2012)"},{"issue":"2","key":"39_CR14","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/s11416-007-0044-2","volume":"3","author":"E. Filiol","year":"2007","unstructured":"Filiol, E.: Formalisation and implementation aspects of k-ary (malicious) codes. Journal in Computer Virology\u00a03(2), 75\u201386 (2007)","journal-title":"Journal in Computer Virology"},{"key":"39_CR15","unstructured":"Filiol, E.: Malicious cryptography techniques for unreversable (malicious or not) binaries. arXiv preprint arXiv:1009.4000 (2010)"},{"issue":"3-4","key":"39_CR16","doi-asserted-by":"publisher","first-page":"55","DOI":"10.1007\/s11416-005-0008-3","volume":"1","author":"E. Filiol","year":"2006","unstructured":"Filiol, E., Helenius, M., Zanero, S.: Open problems in computer virology. Journal in Computer Virology\u00a01(3-4), 55\u201366 (2006)","journal-title":"Journal in Computer Virology"},{"key":"39_CR17","first-page":"2721","volume":"7","author":"J.Z. Kolter","year":"2006","unstructured":"Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. The Journal of Machine Learning Research\u00a07, 2721\u20132744 (2006)","journal-title":"The Journal of Machine Learning Research"},{"key":"39_CR18","first-page":"2755","volume":"8","author":"J.Z. Kolter","year":"2007","unstructured":"Kolter, J.Z., Maloof, M.A.: Dynamic weighted majority: An ensemble method for drifting concepts. The Journal of Machine Learning Research\u00a08, 2755\u20132790 (2007)","journal-title":"The Journal of Machine Learning Research"},{"key":"39_CR19","doi-asserted-by":"crossref","unstructured":"Kolter, J.Z., Maloof, M.A.: Learning to detect malicious executables in the wild. In: Proceedings of the Tenth ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 470\u2013478. ACM (2004)","DOI":"10.1145\/1014052.1014105"},{"key":"39_CR20","doi-asserted-by":"crossref","unstructured":"Kolter, J.Z., Maloof, M.A.: Using additive expert ensembles to cope with concept drift. In: Proceedings of the 22nd International Conference on Machine Learning, pp. 449\u2013456. ACM (2005)","DOI":"10.1145\/1102351.1102408"},{"key":"39_CR21","doi-asserted-by":"crossref","unstructured":"Li, F., Lai, A., Ddl, D.: Evidence of advanced persistent threat: A case study of malware for political espionage. In: 6th International Conference on Malicious and Unwanted Software (Malware), pp. 102\u2013109. IEEE (2011)","DOI":"10.1109\/MALWARE.2011.6112333"},{"key":"39_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"382","DOI":"10.1007\/978-3-642-04138-9_27","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2009","author":"L. Lin","year":"2009","unstructured":"Lin, L., Kasper, M., G\u00fcneysu, T., Paar, C., Burleson, W.: Trojan side-channels: Lightweight hardware trojans through side-channel engineering. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol.\u00a05747, pp. 382\u2013395. Springer, Heidelberg (2009)"},{"key":"39_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"226","DOI":"10.1007\/978-3-642-35416-8_16","volume-title":"Information Security Applications","author":"S.-T. Liu","year":"2012","unstructured":"Liu, S.-T., Chen, Y.-M., Hung, H.-C.: N-victims: An approach to determine n-victims for apt investigations. In: Lee, D.H., Yung, M. (eds.) WISA 2012. LNCS, vol.\u00a07690, pp. 226\u2013240. Springer, Heidelberg (2012)"},{"issue":"2","key":"39_CR24","first-page":"57","volume":"39","author":"Y. Lu","year":"2010","unstructured":"Lu, Y., Din, S., Zheng, C., Gao, B.: Using multi-feature and classifier ensembles to improve malware detection. Journal of CCIT\u00a039(2), 57\u201372 (2010)","journal-title":"Journal of CCIT"},{"issue":"2","key":"39_CR25","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/MSP.2007.48","volume":"5","author":"R. Lyda","year":"2007","unstructured":"Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Security & Privacy\u00a05(2), 40\u201345 (2007)","journal-title":"IEEE Security & Privacy"},{"key":"39_CR26","unstructured":"McDonald, G., Murchu, L.O., Doherty, S., Chien, E.: Stuxnet 0.5: The missing link. Symantec Security Response (online) 26 (2013)"},{"key":"39_CR27","unstructured":"Menn, J.: Key internet operator verisign hit by hackers. Reuters (February 2, 2012)"},{"key":"39_CR28","unstructured":"Muttik, I.: Zero-day malware. In: Virus Bulletin Conference (2010)"},{"key":"39_CR29","unstructured":"Prosecutors, Public: Messiah spyware infects middle east targets"},{"key":"39_CR30","unstructured":"Rafiq, N., Mao, Y.: Improving heuristics. In: Virus Bulletin Conference, pp. 9\u201312 (2008)"},{"key":"39_CR31","unstructured":"Raymond, D., Conti, G., Cross, T., Fanelli, R.: A control measure framework to limit collateral damage and propagation of cyber weapons. In: Fifth International Conference on Cyber Conflict (CyCon), pp. 1\u201316. IEEE (2013)"},{"issue":"4","key":"39_CR32","doi-asserted-by":"publisher","first-page":"220","DOI":"10.1049\/iet-ifs.2010.0180","volume":"5","author":"I. Santos","year":"2011","unstructured":"Santos, I., Brezo, F., Sanz, B., Laorden, C., Bringas, P.G.: Using opcode sequences in single-class learning to detect unknown malware. IET Information Security\u00a05(4), 220\u2013227 (2011)","journal-title":"IET Information Security"},{"key":"39_CR33","unstructured":"Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Information Sciences (2011)"},{"key":"39_CR34","doi-asserted-by":"crossref","unstructured":"Santos, I., Nieves, J., Bringas, P.G.: Semi-supervised learning for unknown malware detection. In: Abraham, A., Corchado, J.M., Gonz\u00e1lez, S.R., De Paz Santana, J.F. (eds.) International Symposium on DCAI. AISC, vol.\u00a091, pp. 415\u2013422. Springer, Heidelberg (2011)","DOI":"10.1007\/978-3-642-19934-9_53"},{"key":"39_CR35","doi-asserted-by":"crossref","unstructured":"Schultz, M.G., Eskin, E., Zadok, F., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, S&P 2001, pp. 38\u201349. IEEE (2001)","DOI":"10.1109\/SECPRI.2001.924286"},{"issue":"1","key":"39_CR36","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1016\/j.istr.2009.03.003","volume":"14","author":"A. Shabtai","year":"2009","unstructured":"Shabtai, A., Moskovitch, R., Elovici, Y., Glezer, C.: Detection of malicious code by applying machine learning classifiers on static features: A state-of-the-art survey. Information Security Technical Report\u00a014(1), 16\u201329 (2009)","journal-title":"Information Security Technical Report"},{"key":"39_CR37","doi-asserted-by":"crossref","unstructured":"Shafiq, M., Tabish, S., Farooq, M.: Pe-probe: leveraging packer detection and structural information to detect malicious portable executables. In: Proceedings of the Virus Bulletin Conference (VB), pp. 29\u201333 (2009)","DOI":"10.1007\/978-3-642-04342-0_7"},{"key":"39_CR38","doi-asserted-by":"crossref","unstructured":"Shafiq, M.Z., Tabish, S.M., Mirza, F., Farooq, M.: A framework for efficient mining of structural information to detect zero-day malicious portable executables. Tech. rep., TR-nexGINRC-2009-21 (January 2009), http:\/\/www.nexginrc.org\/papers\/tr21-zubair.pdf","DOI":"10.1007\/978-3-642-04342-0_7"},{"key":"39_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1007\/978-3-642-04342-0_7","volume-title":"Recent Advances in Intrusion Detection","author":"M.Z. Shafiq","year":"2009","unstructured":"Shafiq, M.Z., Tabish, S.M., Mirza, F., Farooq, M.: Pe-miner: mining structural information to detect malicious executables in realtime. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) RAID 2009. LNCS, vol.\u00a05758, pp. 121\u2013141. Springer, Heidelberg (2009)"},{"key":"39_CR40","doi-asserted-by":"crossref","unstructured":"Sood, A., Enbody, R.: Targeted cyber attacks-a superset of advanced persistent threats. In: IEEE Computer and Reliability Societies, Michigan State University (2013)","DOI":"10.1109\/MSP.2012.90"},{"key":"39_CR41","doi-asserted-by":"crossref","unstructured":"Vasiliadis, G., Polychronakis, M., Ioannidis, S.: Gpu-assisted malware. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 1\u20136. IEEE (2010)","DOI":"10.1109\/MALWARE.2010.5665801"},{"key":"39_CR42","unstructured":"White, S.R.: Open problems in computer virus research. In: Virus Bulletin Conference (1998)"},{"key":"39_CR43","unstructured":"Zetter, K.: Google hack attack was ultra sophisticated, new details show. Wired Magazine\u00a014 (2010)"},{"key":"39_CR44","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"468","DOI":"10.1007\/978-3-540-73547-2_48","volume-title":"Autonomic and Trusted Computing","author":"B. Zhang","year":"2007","unstructured":"Zhang, B., Yin, J., Hao, J., Zhang, D., Wang, S.: Malicious codes detection based on ensemble learning. In: Xiao, B., Yang, L.T., Ma, J., Muller-Schloer, C., Hua, Y. (eds.) ATC 2007. LNCS, vol.\u00a04610, pp. 468\u2013477. Springer, Heidelberg (2007)"}],"container-title":["Communications in Computer and Information Science","Recent Trends in Computer Networks and Distributed Systems Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-54525-2_39","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T20:17:52Z","timestamp":1746130672000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-54525-2_39"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783642545245","9783642545252"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-54525-2_39","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"value":"1865-0929","type":"print"},{"value":"1865-0937","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}