{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T11:29:09Z","timestamp":1740137349981,"version":"3.37.3"},"reference-count":34,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,3,3]],"date-time":"2021-03-03T00:00:00Z","timestamp":1614729600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,3,3]],"date-time":"2021-03-03T00:00:00Z","timestamp":1614729600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["826404","823997"],"award-info":[{"award-number":["826404","823997"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100010661","name":"Horizon 2020 Framework Programme","doi-asserted-by":"publisher","award":["833685"],"award-info":[{"award-number":["833685"]}],"id":[{"id":"10.13039\/100010661","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2022,2]]},"DOI":"10.1007\/s10207-021-00541-y","type":"journal-article","created":{"date-parts":[[2021,3,3]],"date-time":"2021-03-03T18:20:09Z","timestamp":1614795609000},"page":"61-78","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["[m]allotROPism: a metamorphic engine for malicious software variation development"],"prefix":"10.1007","volume":"21","author":[{"given":"Christos","family":"Lyvas","sequence":"first","affiliation":[]},{"given":"Christoforos","family":"Ntantogian","sequence":"additional","affiliation":[]},{"given":"Christos","family":"Xenakis","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,3,3]]},"reference":[{"key":"541_CR1","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552\u2013561. ACM, New York (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"541_CR2","unstructured":"Bauer, J.M., Van Eeten, M.J., Chattopadhyay, T., Wu, Y.: Itu study on the financial aspects of network security: Malware and spam. ICT Applications and Cybersecurity Division, International Telecommunication Union, Final Report (July 2008)"},{"key":"541_CR3","unstructured":"PandaLabs, 2017 in Figures: The Exponential Growth of Malware (Accessed August 2, 2018). https:\/\/www.pandasecurity.com\/mediacenter\/malware\/2017-figures\/"},{"key":"541_CR4","unstructured":"Schwartz, E.J., Avgerinos, T., Brumley, D.: Q: exploit hardening made easy. In: USENIX Security Symposium, pp. 25\u201341 (2011)"},{"key":"541_CR5","unstructured":"Dullien, T., Kornau, T., Weinmann, R.-P.: A framework for automated architecture-independent gadget search. In: 4th USENIX Workshop on Offensive Technologies (WOOT 10) (2010)"},{"key":"541_CR6","doi-asserted-by":"crossref","unstructured":"Ma, H., Lu, K., Ma, X., Zhang, H., Jia C., Gao, D.: Software watermarking using return-oriented programming. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security, ASIA CCS\u201915. ACM, New York, NY, USA, pp. 369\u2013380 (2015)","DOI":"10.1145\/2714576.2714582"},{"key":"541_CR7","doi-asserted-by":"crossref","unstructured":"Lu, K., Xiong, S., Gao, D.: Ropsteg: program steganography with return oriented programming. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, CODASPY\u201914. ACM, New York, NY, USA, pp. 265\u2013272 (2014)","DOI":"10.1145\/2557547.2557572"},{"key":"541_CR8","doi-asserted-by":"crossref","unstructured":"Mu, D., Guo, J., Ding, W., Wang, Z., Mao, B., Shi, L.: Ropob: obfuscating binary code via return oriented programming. In: Security and Privacy in Communication Networks. Springer International Publishing, London (2018)","DOI":"10.1007\/978-3-319-78813-5_38"},{"key":"541_CR9","first-page":"244","volume":"22","author":"NR Weidler","year":"2019","unstructured":"Weidler, N.R., Brown, D., Mitchell, S.A., Anderson, J., Williams, J.R., Costley, A., Kunz, C., Wilkinson, C., Wehbe, R., Gerdes, R.: Return-oriented programming on a resource constrained device. Sustain. Comput. Inf. Syst. 22, 244\u2013256 (2019)","journal-title":"Sustain. Comput. Inf. Syst."},{"key":"541_CR10","unstructured":"Mohan, V., Hamlen, K.W.: Frankenstein: a tale of horror and logic programming. Book Reviews (02) (2017)"},{"key":"541_CR11","unstructured":"Mohan, V., Hamlen, K.W.: Frankenstein: stitching malware from benign binaries. In: 21s USENIX Workshop on Offensive Technologies (WOOT 12), Austin, TX, pp. 77\u201384 (2012)"},{"key":"541_CR12","unstructured":"Poulios, G., Ntantogian, C., Xenakis, C.: Ropinjector: using return oriented programming for polymorphism and antivirus evasion, Blackhat USA (2015)"},{"key":"541_CR13","unstructured":"Ming, J., Xu, D., Jiang, Y., Wu, D.: Binsim: trace-based semantic binary diffing via system call sliced segment equivalence checking. In: 26th USENIX Security Symposium (2017)"},{"key":"541_CR14","doi-asserted-by":"crossref","unstructured":"Jha, S., Gulwani, S., Seshia, S.A., Tiwari, A.: Oracle-guided component-based program synthesis. In: Proceedings of the 32nd ACM\/IEEE International Conference on Software Engineering-Volume 1. ACM, New York, pp. 215\u2013224 (2010)","DOI":"10.1145\/1806799.1806833"},{"key":"541_CR15","unstructured":"Rolles, R.: Synesthesia: a modern approach to shellcode generation (2016). http:\/\/www.msreverseengineering.com\/blog\/2016\/11\/8\/synesthesia-modern-shellcode-synthesis-ekoparty-2016-talk"},{"issue":"2","key":"541_CR16","first-page":"1","volume":"2","author":"B Dutertre","year":"2006","unstructured":"Dutertre, B., De Moura, L.: The yices smt solver, Tool paper at SRI. International 2(2), 1\u20135 (2006)","journal-title":"International"},{"key":"541_CR17","unstructured":"Blazytko, T., Contag, M., Aschermann, C., Holz, T.: Syntia: synthesizing the semantics of obfuscated code. In: USENIX Security Symposium (2017)"},{"key":"541_CR18","doi-asserted-by":"crossref","unstructured":"Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 298\u2013307. ACM, New York (2004)","DOI":"10.1145\/1030083.1030124"},{"issue":"1","key":"541_CR19","doi-asserted-by":"publisher","first-page":"4:1","DOI":"10.1145\/1609956.1609960","volume":"13","author":"M Abadi","year":"2009","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles. ACM Trans. Inf. Syst. Secur. 13(1), 4:1-4:40 (2009)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"541_CR20","unstructured":"Carlini, N., Wagner, D.: $$\\{$$ROP$$\\}$$ is still dangerous: breaking modern defenses. In: 23rd USENIX Security Symposium, pp. 385\u2013399 (2014)"},{"key":"541_CR21","doi-asserted-by":"crossref","unstructured":"Schaefer, T.J.: The complexity of satisfiability problems. In: Proceedings of the 10th Annual ACM Symposium on Theory of Computing, pp. 216\u2013226. ACM, New York (1978)","DOI":"10.1145\/800133.804350"},{"key":"541_CR22","doi-asserted-by":"crossref","unstructured":"De\u00a0Moura, L., Bj\u00f8rner, N.: Z3: an efficient SMT solver. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp. 337\u2013340. Springer, Berlin (2008)","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"541_CR23","doi-asserted-by":"crossref","unstructured":"Park, D., Zhang, Y., Saxena, M., Daian, P., Ro\u015fu, G.: A formal verification tool for ethereum vm bytecode. In: Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 912\u2013915. ACM, New York (2018)","DOI":"10.1145\/3236024.3264591"},{"key":"541_CR24","unstructured":"Vanhoef, M., Piessens, F.: Symbolic execution of security protocol implementations: handling cryptographic primitives. In: 12th USENIX Workshop on Offensive Technologies (WOOT 18) (2018)"},{"key":"541_CR25","unstructured":"Vanegue, J., Heelan, S., Rolles, R.: SMT solvers in software security. In: 6th USENIX Workshop on Offensive Technologies (WOOT 12) (2012)"},{"key":"541_CR26","doi-asserted-by":"crossref","unstructured":"Bornholt, J.: Program synthesis, explained (Accessed February 2, 2018). https:\/\/homes.cs.washington.edu\/bornholt\/post\/synthesis-for-architects.html (2018)","DOI":"10.1145\/3276519"},{"key":"541_CR27","volume-title":"The Art of Computer Virus Research and Defense","author":"P Szor","year":"2005","unstructured":"Szor, P.: The Art of Computer Virus Research and Defense. Pearson Education, London (2005)"},{"issue":"5","key":"541_CR28","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1109\/MSP.2011.98","volume":"9","author":"P O\u2019Kane","year":"2011","unstructured":"O\u2019Kane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Privacy 9(5), 41\u201347 (2011)","journal-title":"IEEE Secur. Privacy"},{"issue":"1","key":"541_CR29","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1145\/66093.66095","volume":"19","author":"EH Spafford","year":"1989","unstructured":"Spafford, E.H.: The internet worm program: an analysis. ACM SIGCOMM Comput. Commun. Rev. 19(1), 17\u201357 (1989)","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"541_CR30","doi-asserted-by":"crossref","unstructured":"Wartell, R., Mohan, V., Hamlen, K.W., Lin, Z.: Binary stirring: self-randomizing instruction addresses of legacy x86 binary code. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 157\u2013168. ACM, New York (2012)","DOI":"10.1145\/2382196.2382216"},{"key":"541_CR31","doi-asserted-by":"crossref","unstructured":"Pappas, V., Polychronakis, M., Keromytis, A.D.: Smashing the gadgets: hindering return-oriented programming using in-place code randomization. In: 2012 IEEE Symposium on Security and Privacy (SP), pp. 601\u2013615. IEEE, New York (2012)","DOI":"10.1109\/SP.2012.41"},{"key":"541_CR32","unstructured":"Ispoglou, K.K., Payer, M.: Malwash: washing malware to evade dynamic analysis. In: 10th USENIX Workshop on Offensive Technologies (WOOT 16) (2016)"},{"key":"541_CR33","doi-asserted-by":"crossref","unstructured":"Ming, J., Xin, Z., Lan, P., Wu, D., Liu, P., Mao, B.: Replacement attacks: automatically impeding behavior-based malware specifications. In: Applied Cryptography and Network Security\u201413th International Conference, ACNS 2015, pp. 497\u2013517. Springer, Berlin (2015)","DOI":"10.1007\/978-3-319-28166-7_24"},{"issue":"1","key":"541_CR34","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1016\/0167-4048(87)90122-2","volume":"6","author":"F Cohen","year":"1987","unstructured":"Cohen, F.: Computer viruses: theory and experiments. Comput. Secur. 6(1), 22\u201335 (1987)","journal-title":"Comput. Secur."}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00541-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-021-00541-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-021-00541-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,2,10]],"date-time":"2022-02-10T13:17:45Z","timestamp":1644499065000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-021-00541-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,3,3]]},"references-count":34,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2022,2]]}},"alternative-id":["541"],"URL":"https:\/\/doi.org\/10.1007\/s10207-021-00541-y","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"type":"print","value":"1615-5262"},{"type":"electronic","value":"1615-5270"}],"subject":[],"published":{"date-parts":[[2021,3,3]]},"assertion":[{"value":"3 March 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interest"}},{"value":"This article does not contain any studies with human participants or animals performed by any of the authors.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}