{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,4,1]],"date-time":"2022-04-01T12:41:07Z","timestamp":1648816867814},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"5","license":[{"start":{"date-parts":[[2012,9,9]],"date-time":"2012-09-09T00:00:00Z","timestamp":1347148800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2012,10]]},"DOI":"10.1007\/s10207-012-0170-9","type":"journal-article","created":{"date-parts":[[2012,9,8]],"date-time":"2012-09-08T10:50:11Z","timestamp":1347101411000},"page":"293-304","source":"Crossref","is-referenced-by-count":3,"title":["Replacement attacks: automatically evading behavior-based software birthmark"],"prefix":"10.1007","volume":"11","author":[{"given":"Zhi","family":"Xin","sequence":"first","affiliation":[]},{"given":"Huiyu","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Xinche","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Liu","sequence":"additional","affiliation":[]},{"given":"Sencun","family":"Zhu","sequence":"additional","affiliation":[]},{"given":"Bing","family":"Mao","sequence":"additional","affiliation":[]},{"given":"Li","family":"Xie","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2012,9,9]]},"reference":[{"key":"170_CR1","doi-asserted-by":"crossref","unstructured":"Aucsmith, D.: Tamper resistant software: an implementation. In: Anderson, R.J. (ed.) Proceedings of the First International Workshop on Information Hiding, pp. 317\u2013333. Springer (1996)","DOI":"10.1007\/3-540-61996-8_49"},{"key":"170_CR2","unstructured":"Bayer, U., Milani, P., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: The 16th Annual Network and Distributed System Security Symposium (2009)"},{"key":"170_CR3","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: Proceedings of the 6th Joint Meeting of the European Software Engineering Conference and ACM SIGSOFT Symposium on The Foundations of Software Engineering (2007)","DOI":"10.1145\/1287624.1287628"},{"key":"170_CR4","volume-title":"A Taxonomy of Obfuscating Transformations. Technical Report 148","author":"C. Collberg","year":"1997","unstructured":"Collberg C., Thomborson C.: A Taxonomy of Obfuscating Transformations. Technical Report 148. The University of Auckland, New Zealand (1997)"},{"key":"170_CR5","unstructured":"Collberg, C., Thomborson, C.: On the Limits of Software Watermarking. The University of Auckland. Accessed 10 June 2012. https:\/\/researchspace.auckland.ac.nz\/handle\/2292\/3498 (1998)"},{"issue":"8","key":"170_CR6","doi-asserted-by":"crossref","first-page":"735","DOI":"10.1109\/TSE.2002.1027797","volume":"28","author":"C. Collberg","year":"2002","unstructured":"Collberg C., Thomborson C.: Watermarking, tamper-proffing, and obfuscation: tools for software protection. IEEE Trans. Softw. Eng. 28(8), 735\u2013746 (2002)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"170_CR7","unstructured":"Collberg, C., Thomborson, C.: Software watermarking: models and dynamic embeddings. In: Proceedings of the 26th ACM SIGPLAN\u2013SIGACT Symposium on Principles of Programming Languages (2009)"},{"key":"170_CR8","doi-asserted-by":"crossref","unstructured":"Collberg, C., Carter, E., Debray, .S, Huntwork, A., Kececioglu, J., Linn, C., Stepp, M.: Dynamic path-based software watermarking. In: Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (2004)","DOI":"10.1145\/996841.996856"},{"issue":"4","key":"170_CR9","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MSECP.2003.1219058","volume":"1","author":"C. Collberg","year":"2003","unstructured":"Collberg C., Myles G., Huntwork A.: Sandmark\u2014A tool for software protection research. IEEE Secur. Priv. 1(4), 40\u201349 (2003)","journal-title":"IEEE Secur. Priv."},{"key":"170_CR10","unstructured":"Cordella, L., Foggia, P., Sansone, C., Vento, M.: Performance evaluation of the VF graph matching algorithm. In: Proceedings of the Proc. 10th International Conference on Image Analysis and Processing (1998)"},{"key":"170_CR11","doi-asserted-by":"crossref","unstructured":"Cordella, L.P., Foggia, P., Sansone, C., Vento, M.: A (sub)graph isomorphism algorithm for matching large graphs. In: IEEE Trans. Pattern Anal. Mach. Intell., vol. 26, p. 10 (2004)","DOI":"10.1109\/TPAMI.2004.75"},{"key":"170_CR12","unstructured":"David, W., Paolo, S.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (2002)"},{"key":"170_CR13","unstructured":"ERESI Team.: The ERESI Reverse Engineering Software Interface. Accessed 10 June 2012. http:\/\/www.eresi-project.org\/ (2011)"},{"key":"170_CR14","unstructured":"Foggia, P., Sansone, C., Vento, M.: A performance comparison of five algorithms for graph isomorphism. In: Proceedings of the 3rd IAPR TC-15 Workshop on Graph-based Representations in Pattern Recognition, pp. 188\u2013199 (2001)"},{"key":"170_CR15","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A.: The evolution of system-call monitoring. In: Proceedings of the Annual Computer Security Applications Conference (2008)","DOI":"10.1109\/ACSAC.2008.54"},{"key":"170_CR16","volume-title":"Practical Graph Isomorphism","author":"M.R. Garey","year":"1981","unstructured":"Garey M.R.: Practical Graph Isomorphism. Congressus Numerantium, Canberra (1981)"},{"key":"170_CR17","unstructured":"Hagberg, A., Schult, D., Swart, P.: Networkx, the Python Package for the Creation, Manipulation, and the Study of Complex Networks. Accessed 10 June 2012. http:\/\/networkx.lanl.gov\/ (2005)"},{"key":"170_CR18","unstructured":"International Planning and Research Corporation.: Seventh Annual BSA and IDC Global Software Piracy Study. Accessed 10 June 2012. http:\/\/portal.bsa.org\/globalpiracy2009\/studies\/09_Piracy_Study_Report_A4_final_111010.pdf (2009)"},{"key":"170_CR19","doi-asserted-by":"crossref","unstructured":"Myles, G., Collberg, C.: Detecting software theft via whole program path birthmarks. In: Information Security, Lecture Notes in Computer Science, pp. 404\u2013415. Springer, Heidelberg (2004)","DOI":"10.1007\/978-3-540-30144-8_34"},{"key":"170_CR20","doi-asserted-by":"crossref","unstructured":"Myles, G., Collberg, C.: K-gram based software birthmarks. In: Proceedings of the ACM Symposium on Applied Computing (2005)","DOI":"10.1145\/1066677.1066753"},{"key":"170_CR21","unstructured":"Parrack, D.: Microsoft Accuses Mexican Drug Cartel La Familia of Selling Bootleg Office software. Accessed 10 June 2012 (2011). http:\/\/vista.blorge.com\/2011\/02\/05\/microsoft-accuses-mexican-drug-cartel-la-familia-of-selling-bootleg-office-software\/"},{"key":"170_CR22","doi-asserted-by":"crossref","unstructured":"Schuler, D., Dallmeier, V., Lindig, C.: A dynamic birthmark for java. In: Proceedings of the Twenty-Second IEEE\/ACM International Conference on Automated Software Engineering (2007)","DOI":"10.1145\/1321631.1321672"},{"key":"170_CR23","volume-title":"Advanced Programming in the Unix Environment","author":"W.R. Stevens","year":"1992","unstructured":"Stevens W.R., Rago S.A.: Advanced Programming in the Unix Environment. 2nd edn. Addison-Wesley Professional, Reading (1992)","edition":"2"},{"key":"170_CR24","unstructured":"Tamada, H., Nakamura, M., Monden, A.: Design and evaluation of birthmarks for detecting theft of Java programs. In: Proceedings of the International Conference on Software Engineering (2004)"},{"key":"170_CR25","unstructured":"Tamada, H., Okamoto, K., Nakamura, M., Monden, A., Matsumoto, K.: Dynamic software birthmarks to detect the theft of Windows applications. In: Proceedings of International Symposium on Future Software Technology (2004)"},{"key":"170_CR26","unstructured":"Tamada, H., Nakamura, M., Monden, A., Matsumoto, K.: Design and evaluation of birthmarks for detecting theft of java programs. In: Proceedings of the International Conference on Software Engineering (2004)"},{"key":"170_CR27","unstructured":"Tamada, H., Okamoto, K., Nakamura, M., Monden, A., Matsumoto, K.: Design and Evaluation of Dynamic Software Birthmarks Based on Api Calls. Technical report. Nara Institute of Science and Technology (2007)"},{"issue":"1","key":"170_CR28","doi-asserted-by":"crossref","first-page":"31","DOI":"10.1145\/321921.321925","volume":"23","author":"J.R. Ullmann","year":"1976","unstructured":"Ullmann J.R.: An algorithm for subgraph isomorphism. J. Assoc. Comput. Mach. 23(1), 31\u201342 (1976)","journal-title":"J. Assoc. Comput. Mach."},{"key":"170_CR29","doi-asserted-by":"crossref","unstructured":"Wang, X, Jhi, Y.C., Zhu, S., Liu, P.: Behavior based software theft detection. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (2009)","DOI":"10.1145\/1653662.1653696"},{"key":"170_CR30","doi-asserted-by":"crossref","unstructured":"Wang, X., Jhi, Y.C., Zhu, S., Liu, P.: Detecting software theft via system call based birthmarks. In: Proceedings of Annual Computer Security Applications Conference (2009)","DOI":"10.1109\/ACSAC.2009.24"},{"key":"170_CR31","doi-asserted-by":"crossref","unstructured":"Wang, X., Jhi, Y.C., Zhu, S., Liu, P.: Detecting Software theft via system call based birthmarks. In: Proceedings of the 25th Annual Computer Security Applications Conference (2009)","DOI":"10.1109\/ACSAC.2009.24"},{"key":"170_CR32","doi-asserted-by":"crossref","unstructured":"Xin, Z., Chen, H., Wang, X., Liu, P., Zhu, S., Mao, B., Xie, L.: Replacement attacks on behavior based software birthmark. In: Lai, X., Zhou, J., Li, H. (eds.) Proceedings of the 14th International Conference on Information security, pp. 1\u201316. Springer, Heidelberg","DOI":"10.1007\/978-3-642-24861-0_1"},{"key":"170_CR33","unstructured":"Zelix Pty Ltd.: The Zelix KlassMaster Java obfuscator. Accessed 10 June 2012. http:\/\/www.zelix.com\/klassmaster\/"},{"key":"170_CR34","doi-asserted-by":"crossref","unstructured":"Zhu, W., Thomborson, C., Wang, F.: A survey of software watermarking. In: Kantor, P., Muresan, G., Roberts, F., Zeng, D., Wang, F. (eds.) Proceedings of the 2005 IEEE International Conference on Intelligence and Security Informatics, pp. 454\u2013458. Springer, Heidelberg","DOI":"10.1007\/11427995_42"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-012-0170-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10207-012-0170-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-012-0170-9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,3]],"date-time":"2019-07-03T12:22:40Z","timestamp":1562156560000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10207-012-0170-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,9,9]]},"references-count":34,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2012,10]]}},"alternative-id":["170"],"URL":"https:\/\/doi.org\/10.1007\/s10207-012-0170-9","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,9,9]]}}}