{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,24]],"date-time":"2026-06-24T11:32:28Z","timestamp":1782300748890,"version":"3.54.5"},"reference-count":36,"publisher":"Springer Science and Business Media LLC","issue":"12","license":[{"start":{"date-parts":[[2021,4,21]],"date-time":"2021-04-21T00:00:00Z","timestamp":1618963200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,4,21]],"date-time":"2021-04-21T00:00:00Z","timestamp":1618963200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"funder":[{"DOI":"10.13039\/501100004001","name":"Science and Technology Foundation of Guizhou Province","doi-asserted-by":"crossref","award":["[2017]1051"],"award-info":[{"award-number":["[2017]1051"]}],"id":[{"id":"10.13039\/501100004001","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100004001","name":"Science and Technology Foundation of Guizhou Province","doi-asserted-by":"crossref","award":["[2020]1Y268"],"award-info":[{"award-number":["[2020]1Y268"]}],"id":[{"id":"10.13039\/501100004001","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62062022"],"award-info":[{"award-number":["62062022"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Program for Science & Technology Innovation Talents in Universities of He\u2019nan Province","award":["18HASTIT022"],"award-info":[{"award-number":["18HASTIT022"]}]},{"name":"Key Technologies R & D Program of He\u2019nan Province","award":["212102210084"],"award-info":[{"award-number":["212102210084"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Appl Intell"],"published-print":{"date-parts":[[2021,12]]},"DOI":"10.1007\/s10489-021-02347-w","type":"journal-article","created":{"date-parts":[[2021,4,21]],"date-time":"2021-04-21T04:04:25Z","timestamp":1618977865000},"page":"9038-9053","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["2-SPIFF: a 2-stage packer identification method based on function call graph and file attributes"],"prefix":"10.1007","volume":"51","author":[{"given":"Hao","family":"Liu","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3341-220X","authenticated-orcid":false,"given":"Chun","family":"Guo","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yunhe","family":"Cui","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Guowei","family":"Shen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yuan","family":"Ping","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2021,4,21]]},"reference":[{"issue":"6","key":"2347_CR1","doi-asserted-by":"publisher","first-page":"126","DOI":"10.1145\/3365001","volume":"52","author":"A Afianian","year":"2019","unstructured":"Afianian A, Niksefat S, Sadeghiyan B, Baptiste D (2019) Malware dynamic analysis evasion techniques: a survey. ACM Comput Surv 52(6):126. https:\/\/doi.org\/10.1145\/3365001","journal-title":"ACM Comput Surv"},{"issue":"5","key":"2347_CR2","doi-asserted-by":"publisher","first-page":"8977","DOI":"10.1109\/JIOT.2019.2925929","volume":"6","author":"H Alasmary","year":"2019","unstructured":"Alasmary H, Khormali A, Anwar A, Park J, Choi J, Abusnaina A, Awad A, Nyang D, Mohaisen A (2019) Analyzing and detecting emerging internet of things malware: a graph-based approach. IEEE Internet Things J 6(5):8977\u20138988","journal-title":"IEEE Internet Things J"},{"key":"2347_CR3","unstructured":"aldeid (2020) PEiD\u2014aldeid https:\/\/www.aldeid.com\/wiki\/PEiD"},{"key":"2347_CR4","doi-asserted-by":"publisher","first-page":"2641","DOI":"10.1007\/s10489-018-01405-0","volume":"49","author":"T Asghar","year":"2019","unstructured":"Asghar T, Mahdi A (2019) Ramd: registry-based anomaly malware detection using one-class ensemble classifiers. Appl Intell 49:2641\u20132658","journal-title":"Appl Intell"},{"key":"2347_CR5","unstructured":"A.S.L. (2020) Exeinfo PE by A.S.L.\u2014compression detector and data detector http:\/\/www.exeinfo.xn.pl\/"},{"key":"2347_CR6","doi-asserted-by":"crossref","unstructured":"Baldini G, Geneiatakis D (2019) A performance evaluation on distance measures in knn for mobile malware detection. In: 2019 6th International conference on control, decision and information technologies (CoDIT), pp 193\u2013198","DOI":"10.1109\/CoDIT.2019.8820510"},{"key":"2347_CR7","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1007\/s10207-016-0330-4","volume":"16","author":"M Bat-Erdene","year":"2017","unstructured":"Bat-Erdene M, Park H, Li H, Lee H, Choi MS (2017) Entropy analysis to classify unknown packing algorithms for malware detection. Int J Inf Secur 16:227\u2013248","journal-title":"Int J Inf Secur"},{"key":"2347_CR8","doi-asserted-by":"publisher","first-page":"436","DOI":"10.1016\/j.cose.2019.05.007","volume":"85","author":"F Biondi","year":"2019","unstructured":"Biondi F, Enescu MA, Given-Wilson T, Legay A, Noureddine L, Verma V (2019) Effective, efficient, and robust packing detection and classification. Comput Secur 85:436\u2013451","journal-title":"Comput Secur"},{"key":"2347_CR9","doi-asserted-by":"publisher","first-page":"685","DOI":"10.1007\/s00165-018-0462-6","volume":"30","author":"R Bruni","year":"2018","unstructured":"Bruni R, Giacobazzi R, Gori R (2018) Code obfuscation against abstraction refinement attacks. Formal Aspects Comput 30:685\u2013711","journal-title":"Formal Aspects Comput"},{"key":"2347_CR10","doi-asserted-by":"publisher","unstructured":"Bulazel A, Yener B (2017) A survey on automated dynamic malware analysis evasion and counter-evasion: PC, mobile, and web. In: Proceedings of the 1st reversing and offensive-oriented trends symposium, Vienna, pp 1\u201321. https:\/\/doi.org\/10.1145\/3150376.3150378","DOI":"10.1145\/3150376.3150378"},{"issue":"7","key":"2347_CR11","doi-asserted-by":"publisher","first-page":"2735","DOI":"10.1007\/s10489-018-01408-x","volume":"49","author":"\u00dc \u00c7avusoglu","year":"2019","unstructured":"\u00c7avusoglu \u00dc (2019) A new hybrid approach for intrusion detection using machine learning methods. Appl Intell 49(7):2735\u20132761","journal-title":"Appl Intell"},{"key":"2347_CR12","doi-asserted-by":"publisher","unstructured":"Cheng B, Ming J, Fu J, Peng G, Chen T, Zhang X, Marion JY (2018) Towards paving the way for large-scale windows malware analysis: generic binary unpacking with orders-of-magnitude performance boost. In: Proceedings of the 2018 ACM SIGSAC conference on computer and communications security, CCS \u201918. Association for Computing Machinery, New York, pp 395\u2013411. https:\/\/doi.org\/10.1145\/3243734.3243771","DOI":"10.1145\/3243734.3243771"},{"key":"2347_CR13","doi-asserted-by":"crossref","unstructured":"Ding Y, Zhu S, Xia X (2016) Android malware detection method based on function call graphs. In: Neural information processing. Cham, pp 70\u201377","DOI":"10.1007\/978-3-319-46681-1_9"},{"key":"2347_CR14","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1016\/j.cose.2017.10.007","volume":"73","author":"Y Ding","year":"2018","unstructured":"Ding Y, Xia X, Chen S, Li Y (2018) A malware detection method based on family behavior graph. Comput Secur 73:73\u201386","journal-title":"Comput Secur"},{"key":"2347_CR15","doi-asserted-by":"publisher","first-page":"1536","DOI":"10.1007\/s10489-017-1045-6","volume":"48","author":"R Esmaeel","year":"2018","unstructured":"Esmaeel R, Sattar H, Alireza KH, Maryam AH (2018) An entropy-based distance measure for analyzing and detecting metamorphic malware. Appl Intell 48:1536\u20131546","journal-title":"Appl Intell"},{"key":"2347_CR16","doi-asserted-by":"crossref","unstructured":"Gibert D, Mateu C, Planes J, Vicens R (2018) Classification of malware by using structural entropy on convolutional neural networks. In: Thirty-second AAAI conference on artificial intelligence, pp 7759\u20137764","DOI":"10.1609\/aaai.v32i1.11409"},{"key":"2347_CR17","doi-asserted-by":"publisher","first-page":"102526","DOI":"10.1016\/j.jnca.2019.102526","volume":"153","author":"D Gibert","year":"2020","unstructured":"Gibert D, Mateu C, Planes J (2020) The rise of machine learning for detection and classification of malware: research developments, trends and challenges. J Netw Comput Appl 153:102526. https:\/\/doi.org\/10.1016\/j.jnca.2019.102526","journal-title":"J Netw Comput Appl"},{"key":"2347_CR18","doi-asserted-by":"publisher","unstructured":"Hai NM, Ogawa M, Tho QT (2017) Packer identification based on meatadata signature. In: 7th Software security, protection, and reverse engineering workshop (collocated with ACSAC 2017), Orlando, pp 1\u201311. https:\/\/doi.org\/10.1145\/3151137.3160687","DOI":"10.1145\/3151137.3160687"},{"key":"2347_CR19","doi-asserted-by":"crossref","unstructured":"Hassen M, Chan PK (2017) Scalable function call graph-based malware classification. In: Proceedings of the seventh ACM on conference on data and application security and privacy, New York, pp 239\u2013248","DOI":"10.1145\/3029806.3029824"},{"key":"2347_CR20","unstructured":"Hex-Rays (2020) IDA Pro\u2014Hex Rays. https:\/\/www.hex-rays.com\/products\/ida\/"},{"key":"2347_CR21","unstructured":"Hors (2020) Github\u2014horsicq\/detect-it-easy: program for determining types of files for windows, linux and macos https:\/\/github.com\/horsicq\/Detect-It-Easy"},{"key":"2347_CR22","doi-asserted-by":"publisher","unstructured":"Jin Q, Duan J, Vasudevan S, Bailey M (2015) Packer classifier based on PE header information. In: Proceedings of the 2015 symposium and bootcamp on the science of security, New York, pp 1\u20132. https:\/\/doi.org\/10.1145\/2746194.2746213","DOI":"10.1145\/2746194.2746213"},{"key":"2347_CR23","doi-asserted-by":"publisher","first-page":"e5082","DOI":"10.1002\/cpe.5082","volume":"32","author":"B Jung","year":"2020","unstructured":"Jung B, Bae SI, Choi C, Im EG (2020) Packer identification method based on byte sequences. Concurr Comput: Pract Exp 32:e5082. https:\/\/doi.org\/10.1002\/cpe.5082","journal-title":"Concurr Comput: Pract Exp"},{"issue":"2","key":"2347_CR24","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1007\/s11416-015-0249-8","volume":"12","author":"K Kancherla","year":"2016","unstructured":"Kancherla K, Donahue J, Mukkamala S (2016) Packer identification using byte plot and markov plot. J Comput Virol Hacking Tech 12(2):101\u2013111","journal-title":"J Comput Virol Hacking Tech"},{"key":"2347_CR25","doi-asserted-by":"crossref","unstructured":"Kim Y, Paik J, Choi S, Cho E (2019) Efficient svm based packer identification with binary diffing measures. In: 2019 IEEE 43rd annual computer software and applications conference (COMPSAC), vol 1, pp 795\u2013800","DOI":"10.1109\/COMPSAC.2019.00117"},{"key":"2347_CR26","doi-asserted-by":"publisher","first-page":"51620","DOI":"10.1109\/ACCESS.2019.2910268","volume":"7","author":"X Li","year":"2019","unstructured":"Li X, Shan Z, Liu F, Chen Y, Hou Y (2019) A consistently-executing graph-based approach for malware packer identification. IEEE Access 7:51620\u201351629","journal-title":"IEEE Access"},{"key":"2347_CR27","doi-asserted-by":"publisher","first-page":"139103","DOI":"10.1007\/s11432-018-9615-8","volume":"63","author":"Z Li","year":"2020","unstructured":"Li Z, Li W, Lin F, Sun Y, Yang M, Zhang Y, Wang Z (2020) Hybrid malware detection approach with feedback-directed machine learning. Sci China Inf Sci 63:139103","journal-title":"Sci China Inf Sci"},{"key":"2347_CR28","doi-asserted-by":"crossref","unstructured":"Lysenko S, Bobrovnikova K, Nicheporuk A, Shchuka R (2019) Svm-based technique for mobile malware detection. In: Proceedings of the second international workshop on computer modeling and intelligent systems (CMIS-2019), Zaporizhzhia, pp 85\u2013 97","DOI":"10.32782\/cmis\/2353-7"},{"key":"2347_CR29","doi-asserted-by":"publisher","first-page":"21235","DOI":"10.1109\/ACCESS.2019.2896003","volume":"7","author":"Z Ma","year":"2019","unstructured":"Ma Z, Ge H, Liu Y, Zhao M, Ma J (2019) A combination method for android malware detection based on control flow graphs and machine learning algorithms. IEEE Access 7:21235\u2013 21245","journal-title":"IEEE Access"},{"key":"2347_CR30","doi-asserted-by":"publisher","unstructured":"Mills A, Spyridopoulos T, Legg P (2019) Efficient and interpretable real-time malware detection using random-forest. In: 2019 International conference on cyber situational awareness, data analytics and assessment (Cyber SA), pp 1\u20138. https:\/\/doi.org\/10.1109\/CyberSA.2019.8899533","DOI":"10.1109\/CyberSA.2019.8899533"},{"key":"2347_CR31","doi-asserted-by":"crossref","unstructured":"Mpanti A, Nikolopoulos SD, Polenakis I (2018) A graph-based model for malicious software detection exploiting domination relations between system-call groups. In: Proceedings of the 19th international conference on computer systems and technologies, CompSysTech 2018, Ruse, Bulgaria, September 13\u201314, 2018, pp 20\u201326","DOI":"10.1145\/3274005.3274028"},{"key":"2347_CR32","first-page":"22","volume":"5","author":"EO Osaghae","year":"2016","unstructured":"Osaghae EO (2016) Classifying packed programs as malicious software detected. Inf Technol Electr Eng 5:22\u201325","journal-title":"Inf Technol Electr Eng"},{"key":"2347_CR33","doi-asserted-by":"crossref","unstructured":"Rhode M, Tuson L, Burnap P, Jones K (2019) Lab to soc: robust features for dynamic malware detection. In: 2019 49th annual IEEE\/IFIP international conference on dependable systems and networks\u2014industry track (DSN), pp 13\u201316","DOI":"10.1109\/DSN-Industry.2019.00010"},{"key":"2347_CR34","doi-asserted-by":"crossref","unstructured":"Tran HM, Van Nguyen S, Ha SVU, Le TQ (2018) An analysis of software bug reports using random forest. In: Future data and security engineering. Cham, pp 273\u2013285","DOI":"10.1007\/978-3-030-03192-3_21"},{"issue":"1","key":"2347_CR35","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1109\/TDSC.2017.2675881","volume":"16","author":"T Wuchner","year":"2019","unstructured":"Wuchner T, Cislak A, Ochoa M, Pretschner A (2019) Leveraging compression-based graph mining for behavior-based malware detection. IEEE Trans Depend Secur Comput 16(1):99\u2013112","journal-title":"IEEE Trans Depend Secur Comput"},{"key":"2347_CR36","doi-asserted-by":"crossref","unstructured":"Yan J, Yan G, Jin D (2019) Classifying malware represented as control flow graphs using deep graph convolutional neural network. In: 2019 49th annual IEEE\/IFIP international conference on dependable systems and networks (DSN), pp 52\u201363","DOI":"10.1109\/DSN.2019.00020"}],"container-title":["Applied Intelligence"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10489-021-02347-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10489-021-02347-w\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10489-021-02347-w.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,24]],"date-time":"2022-12-24T23:00:03Z","timestamp":1671922803000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10489-021-02347-w"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,21]]},"references-count":36,"journal-issue":{"issue":"12","published-print":{"date-parts":[[2021,12]]}},"alternative-id":["2347"],"URL":"https:\/\/doi.org\/10.1007\/s10489-021-02347-w","relation":{},"ISSN":["0924-669X","1573-7497"],"issn-type":[{"value":"0924-669X","type":"print"},{"value":"1573-7497","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,4,21]]},"assertion":[{"value":"11 March 2021","order":1,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 April 2021","order":2,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}