{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T02:14:27Z","timestamp":1743041667623,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":45,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819635306"},{"type":"electronic","value":"9789819635313"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-3531-3_21","type":"book-chapter","created":{"date-parts":[[2025,3,13]],"date-time":"2025-03-13T12:12:27Z","timestamp":1741867947000},"page":"428-449","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Revisiting Binary Code Authorship Analysis"],"prefix":"10.1007","author":[{"given":"Saed","family":"Alrabaee","sequence":"first","affiliation":[]},{"given":"Mousa","family":"Al-kfairy","sequence":"additional","affiliation":[]},{"given":"Mohammad Bany","family":"Taha","sequence":"additional","affiliation":[]},{"given":"Omar","family":"Alfandi","sequence":"additional","affiliation":[]},{"given":"Fatma","family":"Taher","sequence":"additional","affiliation":[]},{"given":"Jie","family":"Tang","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,14]]},"reference":[{"key":"21_CR1","doi-asserted-by":"crossref","unstructured":"Deyannis, D., Papadogiannaki, E., Kalivianakis, G., Vasiliadis, G., Ioannidis, S.: Trustav: practical and privacy preserving malware analysis in the cloud. In: Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy, pp. 39\u201348 (2020)","DOI":"10.1145\/3374664.3375748"},{"key":"21_CR2","doi-asserted-by":"crossref","unstructured":"D\u2019Elia, D.C., Coppa, E., Palmaro, F., Cavallaro, L.: On the dissection of evasive malware. IEEE Trans. Inf. Forens. Secur. 15, 2750\u20132765 (2020)","DOI":"10.1109\/TIFS.2020.2976559"},{"key":"21_CR3","unstructured":"Saed, M.D., Wang, L.: CPA: accurate cross-platform binary authorship characterization using LDA. IEEE Trans. Inf. Forens. Secur. (2020)"},{"key":"21_CR4","doi-asserted-by":"crossref","unstructured":"Alrabaee, S., Shirani, P., Wang, L., Debbabi, M., Hanna, A.: Decoupling coding habits from functionality for effective binary authorship attribution. J. Comput. Secur. (Preprint), 1\u201336 (2019)","DOI":"10.3233\/JCS-191292"},{"key":"21_CR5","doi-asserted-by":"crossref","unstructured":"Caliskan, A., et al.: When coding style survives compilation: de-anonymizing programmers from executable binaries. In: NDSS 2018 (2015)","DOI":"10.14722\/ndss.2018.23304"},{"key":"21_CR6","volume-title":"Big Game Hunting: The Peculiarities in Nation-State Malware Research","author":"M Marquis-Boire","year":"2015","unstructured":"Marquis-Boire, M., Marschalek, M., Guarnieri, C.: Big Game Hunting: The Peculiarities in Nation-State Malware Research. Black Hat, Las Vegas (2015)"},{"key":"21_CR7","unstructured":"Moran, N., Bennett, J.T.: Supply chain analysis: from quartermaster to sunshop (Vol. 11). FireEye (2013)"},{"key":"21_CR8","doi-asserted-by":"publisher","unstructured":"Meng, X., Miller, B.P., Jun, K.-S.: Identifying multiple authors in a binary program. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 286\u2013304. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66399-9_16","DOI":"10.1007\/978-3-319-66399-9_16"},{"key":"21_CR9","unstructured":"Krsul, I.: Authorship analysis: identifying the author of a program, Technical report CSD-TR-94-030, Department of Computer Sciences, Purdue University, West Lafayette, Indiana (1994)"},{"issue":"3","key":"21_CR10","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1016\/S0167-4048(97)00005-9","volume":"16","author":"I Krsul","year":"1997","unstructured":"Krsul, I., Spafford, E.H.: Authorship analysis: identifying the author of a program. Comput. Secur. 16(3), 233\u2013257 (1997)","journal-title":"Comput. Secur."},{"key":"21_CR11","unstructured":"MacDonell, S.G., Gray, A.R., MacLennan, G., Sallis, P.J.: Software forensics for discriminating between program authors using case-based reasoning, feed-forward neural networks and multiple discriminant analysis. In: the Sixth International Conference on Neural Information Processing, Perth, Australia, pp. 66\u201371. IEEE Computer Society Press (1999)"},{"issue":"1","key":"21_CR12","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1016\/S0164-1212(03)00049-9","volume":"72","author":"H Ding","year":"2004","unstructured":"Ding, H., Samadzadeh, M.H.: Extraction of Java program fingerprints for software authorship identification. J. Syst. Softw. 72(1), 49\u201357 (2004)","journal-title":"J. Syst. Softw."},{"key":"21_CR13","doi-asserted-by":"crossref","unstructured":"Frantzeskou, G., Gritzalis, S., MacDonell, S.G.: Source code authorship analysis for supporting the cybercrime investigation process. In: the First International Conference on E-business and Telecommunication Networks, Setubal, pp. 85\u201392. Kluwer Academic Publishers (2004)","DOI":"10.5220\/0001390300850092"},{"key":"21_CR14","doi-asserted-by":"crossref","unstructured":"Frantzeskou, G., Stamatatos, E., Gritzalis, S., Katsikas, S.: Source code author identification based on n-gram author profiles. In: Artificial Intelligence Applications and Innovations, New York City, NY, pp. 508\u2013515. Springer (2006)","DOI":"10.1007\/0-387-34224-9_59"},{"key":"21_CR15","unstructured":"Frantzeskou, G., Stamatatos, E., Gritzalis, S., Chaski, C.E., Howald, B.S.: Identifying authorship by byte-level n-grams: the source code author profile (SCAP) method. Int. J. Digit. Evid. 6(1) (2007)"},{"key":"21_CR16","doi-asserted-by":"crossref","unstructured":"Kothari, J., Shevertalov, M., Stehle, E., Mancoridis, S.: A probabilistic approach to source code authorship identification. In: The Fourth International Conference on Information Technology, Las Vegas, NV, pp. 243\u2013248. IEEE Computer Society Press (2007)","DOI":"10.1109\/ITNG.2007.17"},{"key":"21_CR17","doi-asserted-by":"crossref","unstructured":"Lange,R.C., Mancoridis, S.: Using code metric histograms and genetic algorithms to perform author identification for software forensics. In: The Ninth Annual Conference on Genetic and Evolutionary Computation, London, pp. 2082\u20132089. ACM Press (2007)","DOI":"10.1145\/1276958.1277364"},{"key":"21_CR18","unstructured":"Burrows, S., Tahaghoghi, S.M.M.: Source code authorship attribution using n-grams. In: Proceedings of the 12th Australasian Document Computing Symposium, Melbourne, Australia, pp. 32\u201339 (2007)"},{"key":"21_CR19","doi-asserted-by":"crossref","unstructured":"Burrows, S., Uitdenbogerd, A.L., Turpin, A.: Application of information retrieval techniques for source code authorship attribution. In: the Fourteenth International Conference on Database Systems for Advanced Applications, Brisbane, pp. 699\u2013713. Springer (2009)","DOI":"10.1007\/978-3-642-00887-0_61"},{"key":"21_CR20","unstructured":"Kilgour, R.I., Gray, A.R., Sallis, P., MacDonell, S.G.: A fuzzy logic approach to computer software source code authorship analysis. In: The Fourth International Conference on Neural Information Processing \u2013 The Annual Conference of the Asian Pacific Neural Network Assembly (ICONIP\u201997), Dunedin, New Zealand (1997)"},{"key":"21_CR21","doi-asserted-by":"crossref","unstructured":"Chen, R., Hong, L., Lu, C., Deng, W.: Author identification of software source code with program dependence graphs. In: The 34th Annual IEEE Computer Software and Applications Conference Workshops, Korea, Seoul, pp. 281\u2013286 (2010)","DOI":"10.1109\/COMPSACW.2010.56"},{"key":"21_CR22","unstructured":"Burrows, S.: Source code authorship attribution. Ph.D. Thesis, School of Computer Science and Information Technology, RMIT University, Melbourne, Australia (2010)"},{"key":"21_CR23","doi-asserted-by":"crossref","unstructured":"Burrows, S., Uitdenbogerd, A.L., Turpin, A.: Comparing Techniques for Authorship Attribution of Source Code. John Wiley and Sons (2012). https:\/\/doi.org\/10.1002","DOI":"10.1002\/spe.2146"},{"key":"21_CR24","unstructured":"Palmer, G.: A road map for digital forensic research. Technical Report DTR- T001-01, Digital Forensics Research Workshop (DFRWS) (2001)"},{"key":"21_CR25","unstructured":"The Paradyn project. http:\/\/pages.cs.wisc.edu\/~paradyn\/"},{"issue":"2","key":"21_CR26","first-page":"156","volume":"1","author":"D Bilar","year":"2007","unstructured":"Bilar, D.: Opcodes as predictor for malware. Int. J. Electron. Secur. Dig. Forens. 1(2), 156\u2013168 (2007)","journal-title":"Int. J. Electron. Secur. Dig. Forens."},{"key":"21_CR27","doi-asserted-by":"crossref","unstructured":"Santos, I., et al.: Opcodesequence- based malware detection. Lecture Notes in Computer Science, vol. 5965, pp. 35\u201343 (2010)","DOI":"10.1007\/978-3-642-11747-3_3"},{"key":"21_CR28","unstructured":"Santos, I., Brezo, F., Ugarte-Pedrero, X., Bringas, P.G.: Opcode sequences as representation of executables for data-mining-based unknown malware detection. Inf. Sci. (2011)"},{"key":"21_CR29","unstructured":"IDA Pro multi-processor disassembler and debugger. http:\/\/www.hexrays.com\/products\/ida\/index.shtml"},{"key":"21_CR30","unstructured":"Brucker, F.: Mod\u00e8les de classification en classes empi\u00e9tantes. Ph.D. Thesis, D\u00e9p. IASC de l\u2019\u00c9cole Nationale Sup\u00e9rieure des T\u00e9l\u00e9communications de Bretagne, France (2001)"},{"issue":"2","key":"21_CR31","doi-asserted-by":"publisher","first-page":"380","DOI":"10.3923\/itj.2013.380.384","volume":"12","author":"J Bai","year":"2013","unstructured":"Bai, J., Yang, Y., Mu, S., Ma, Y.: Malware detection through mining symbol table of Linux executables. Inf. Technol. J. 12(2), 380\u2013383 (2013)","journal-title":"Inf. Technol. J."},{"key":"21_CR32","doi-asserted-by":"crossref","unstructured":"Rosenblum, N.E., Miller, B.P., Zhu, X.: Recovering the toolchain provenance of binary code. In: Proceedings of International Symposium on Software Testing and Analysis (2011)","DOI":"10.1145\/2001420.2001433"},{"key":"21_CR33","doi-asserted-by":"crossref","unstructured":"Rosenblum, N.E., Xiaojin, Z., Miller, P.: Who wrote this code? Identifying the authors of program binaries. In: Sixteenth European Symposium on Research in Computer Security (ESORICS), Leuven, Belgium (2011)","DOI":"10.1007\/978-3-642-23822-2_10"},{"key":"21_CR34","unstructured":"Authorship Attribution (SUPPLEMENTARY MATERIALS). http:\/\/pages.cs.wisc.edu\/~nater\/esorics-supp\/"},{"key":"21_CR35","doi-asserted-by":"crossref","unstructured":"Frantzeskou, G., Gritzalis, S., MacDonell, S.: Source code authorship analysis for supporting the cybercrime investigation process, In: 1st International Conference on eBusiness and Telecommunication Networks - Security and Reliability in Information Systems and Networks Track (ICETE04), pp. 85\u201392 (2004)","DOI":"10.5220\/0001390300850092"},{"key":"21_CR36","doi-asserted-by":"crossref","unstructured":"Caballero, J., Poosankam, P., McCamant, S.: Input generation via decomposition and re-stitching: finding bugs, In: Malware 17th ACM Conference on Computer and Communications Security, pp. 413\u2013425 (2010)","DOI":"10.1145\/1866307.1866354"},{"key":"21_CR37","unstructured":"Wang, X., Pan, C.-C., Liu, P., Zhu, S.: SigFree: a signature-free buffer overflow attack blocker. IEEE Trans. Depend. Secure Comput. (2010)"},{"key":"21_CR38","doi-asserted-by":"crossref","unstructured":"Knuth, D.E.: Backus normal form vs. backus naur form. Commun. ACM 7(12) (1964)","DOI":"10.1145\/355588.365140"},{"key":"21_CR39","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: RAID (2005)","DOI":"10.1007\/11663812_11"},{"key":"21_CR40","doi-asserted-by":"crossref","unstructured":"Caliskan, A., Yamaguchi, F., Dauber, E., Harang: When coding style survives compilation: de-anonymizing programmers from executable binaries. In: NDSS (2018)","DOI":"10.14722\/ndss.2018.23304"},{"key":"21_CR41","doi-asserted-by":"publisher","first-page":"S94","DOI":"10.1016\/j.diin.2014.03.012","volume":"11","author":"S Alrabaee","year":"2014","unstructured":"Alrabaee, S., Saleem, N., Preda, S., Wang, L., Debbabi, M.: Oba2: an onion approach to binary code authorship attribution. Digit. Investig. 11, S94\u2013S103 (2014)","journal-title":"Digit. Investig."},{"key":"21_CR42","doi-asserted-by":"publisher","unstructured":"Meng, X., Miller, B.P., Jun, K.-S.: Identifying multiple authors in a binary program. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 286\u2013304. Springer, Cham (2017). https:\/\/doi.org\/10.1007\/978-3-319-66399-9_16","DOI":"10.1007\/978-3-319-66399-9_16"},{"key":"21_CR43","doi-asserted-by":"publisher","first-page":"S3","DOI":"10.1016\/j.diin.2019.01.028","volume":"28","author":"S Alrabaee","year":"2019","unstructured":"Alrabaee, S., Debbabi, M., Wang, L.: On the feasibility of binary authorship characterization. Digit. Investig. 28, S3\u2013S11 (2019)","journal-title":"Digit. Investig."},{"key":"21_CR44","unstructured":"Focus on Source Code. http:\/\/ec.europa.eu\/internal_market\/copyright\/docs\/studies\/etd2005imd195recast_report_2006.pdf"},{"key":"21_CR45","unstructured":"Microsoft Malware Classification Challenge. https:\/\/www.kaggle.com\/c\/malware-classification\/data"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-3531-3_21","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,13]],"date-time":"2025-03-13T12:12:47Z","timestamp":1741867967000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-3531-3_21"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819635306","9789819635313"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-3531-3_21","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"14 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Abu Dhabi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Arab Emirates","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"21 November 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"23 November 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/nss-socialsec2024\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}