{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:52:31Z","timestamp":1771699951165,"version":"3.50.1"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2012,4,11]],"date-time":"2012-04-11T00:00:00Z","timestamp":1334102400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Form Methods Syst Des"],"published-print":{"date-parts":[[2012,8]]},"DOI":"10.1007\/s10703-012-0149-1","type":"journal-article","created":{"date-parts":[[2012,4,10]],"date-time":"2012-04-10T13:07:11Z","timestamp":1334063231000},"page":"107-128","source":"Crossref","is-referenced-by-count":6,"title":["Recognizing malicious software behaviors with tree automata inference"],"prefix":"10.1007","volume":"41","author":[{"given":"Domagoj","family":"Babi\u0107","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Reynaud","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dawn","family":"Song","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2012,4,11]]},"reference":[{"key":"149_CR1","volume-title":"Compilers: principles, techniques, and tools","author":"AV Aho","year":"1986","unstructured":"Aho AV, Sethi R, Ullman JD (1986) Compilers: principles, techniques, and tools. Addison-Wesley Longman, Boston"},{"key":"149_CR2","unstructured":"Babi\u0107 D (2008) Exploiting structure for scalable software verification. PhD thesis, University of British, Columbia, Vancouver, Canada"},{"key":"149_CR3","series-title":"Lecture notes in computer science","doi-asserted-by":"crossref","first-page":"116","DOI":"10.1007\/978-3-642-22110-1_10","volume-title":"CAV\u201911: proceedings of the 23rd int conference on computer aided verification","author":"D Babi\u0107","year":"2011","unstructured":"Babi\u0107 D, Reynaud D, Song D (2011) Malware analysis with tree automata inference. In: CAV\u201911: proceedings of the 23rd int conference on computer aided verification. Lecture notes in computer science, vol 6806. Springer, Berlin, pp 116\u2013131"},{"key":"149_CR4","doi-asserted-by":"crossref","first-page":"263","DOI":"10.1007\/s11416-008-0102-4","volume":"5","author":"G Bonfante","year":"2009","unstructured":"Bonfante G, Kaczmarek M, Marion J-Y (2009) Architecture of a morphological malware detector. J\u00a0Comput Virol 5:263\u2013270","journal-title":"J\u00a0Comput Virol"},{"key":"149_CR5","series-title":"Advances in information security","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1007\/978-0-387-68768-1_4","volume-title":"Botnet detection countering the largest security threat","author":"D Brumley","year":"2008","unstructured":"Brumley D, Hartwig C, Zhenkai Liang JN, Song D, Yin H (2008) Automatically identifying trigger-based behavior in malware. In: Botnet detection countering the largest security threat. Advances in information security, vol 36. Springer, Berlin, pp 65\u201388"},{"key":"149_CR6","volume-title":"Proc of 13th USENIX security symposium","author":"J Chow","year":"2004","unstructured":"Chow J, Pfaff B, Garfinkel T, Christopher K, Rosenblum M (2004) Understanding data lifetime via whole system simulation. In: Proc of 13th USENIX security symposium"},{"key":"149_CR7","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1145\/1007512.1007518","volume-title":"ISSTA\u201904: proc of the 2004 ACM SIGSOFT int symp on software testing and analysis","author":"M Christodorescu","year":"2004","unstructured":"Christodorescu M, Jha S (2004) Testing malware detectors. In: ISSTA\u201904: proc of the 2004 ACM SIGSOFT int symp on software testing and analysis. ACM Press, New York, pp 34\u201344"},{"key":"149_CR8","first-page":"32","volume-title":"SP\u201905: proc of the 2005 IEEE symp. on security and privacy","author":"M Christodorescu","year":"2005","unstructured":"Christodorescu M, Jha S, Seshia SA, Song D, Bryant RE (2005) Semantics-aware malware detection. In: SP\u201905: proc of the 2005 IEEE symp. on security and privacy. IEEE Computer Society Press, Los Alamitos, pp 32\u201346"},{"key":"149_CR9","first-page":"5","volume-title":"Proc of the 6th joint meeting of the European software engineering conf and the ACM SIGSOFT symp on the foundations of software engineering","author":"M Christodorescu","year":"2007","unstructured":"Christodorescu M, Jha S, Kruegel C (2007) Mining specifications of malicious behavior. In: Proc of the 6th joint meeting of the European software engineering conf and the ACM SIGSOFT symp on the foundations of software engineering. ACM Press, New York, pp 5\u201314"},{"key":"149_CR10","unstructured":"Comon H, Dauchet M, Gilleron R, L\u00f6ding C, Jacquemard F, Lugiez D, Tison S, Tommasi M (2007) Tree automata techniques and applications. http:\/\/tata.gforge.inria.fr\/"},{"key":"149_CR11","volume-title":"Introduction to algorithms","author":"TH Cormen","year":"2001","unstructured":"Cormen TH, Leiserson CE, Rivest RL, Stein C (2001) Introduction to algorithms, 2nd edn. The MIT Press, Cambridge","edition":"2"},{"key":"149_CR12","first-page":"221","volume-title":"Proc of the 37th int symp on microarchitecture","author":"J Crandall","year":"2005","unstructured":"Crandall J, Chong F (2005) Minos: control data attack prevention orthogonal to memory model. In: Proc of the 37th int symp on microarchitecture. IEEE Press, New York, pp 221\u2013232"},{"key":"149_CR13","doi-asserted-by":"crossref","first-page":"120","DOI":"10.1109\/SECPRI.1996.502675","volume-title":"Proc of the 1996 IEEE symp on security and privacy","author":"S Forrest","year":"1996","unstructured":"Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA (1996) A sense of self for Unix processes. In: Proc of the 1996 IEEE symp on security and privacy. IEEE Computer Society Press, Los Alamitos, pp 120\u2013129"},{"key":"149_CR14","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1109\/SP.2010.11","volume-title":"Proc of the 2010 IEEE symposium on security and privacy","author":"M Fredrikson","year":"2010","unstructured":"Fredrikson M, Jha S, Christodorescu M, Sailer R, Yan X (2010) Synthesizing near-optimal malware specifications from suspicious behaviors. In: Proc of the 2010 IEEE symposium on security and privacy. IEEE Computer Society Press, Los Alamitos, pp 45\u201360"},{"key":"149_CR15","unstructured":"Garc\u00eda P (1993) Learning k-testable tree sets from positive data. Technical report, Dept. Syst. Inform. Comput., Univ. Politecnica Valencia, Valencia, Spain"},{"key":"149_CR16","doi-asserted-by":"crossref","first-page":"920","DOI":"10.1109\/34.57687","volume":"12","author":"P Garc\u00eda","year":"1990","unstructured":"Garc\u00eda P, Vidal E (1990) Inference of k-testable languages in the strict sense and application to syntactic pattern recognition. IEEE Trans Pattern Anal Mach Intell 12:920\u2013925","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"149_CR17","doi-asserted-by":"crossref","first-page":"213","DOI":"10.1145\/1065010.1065036","volume-title":"PLDI\u201905: proc of the ACM SIGPLAN conf on prog lang design and implementation","author":"P Godefroid","year":"2005","unstructured":"Godefroid P, Klarlund N, Sen K (2005) DART: directed automated random testing. In: PLDI\u201905: proc of the ACM SIGPLAN conf on prog lang design and implementation. ACM Press, New York, pp 213\u2013223"},{"issue":"3","key":"149_CR18","doi-asserted-by":"crossref","first-page":"302","DOI":"10.1016\/S0019-9958(78)90562-4","volume":"37","author":"EM Gold","year":"1978","unstructured":"Gold EM (1978) Complexity of automaton identification from given data. Inf Control 37(3):302\u2013320","journal-title":"Inf Control"},{"key":"149_CR19","first-page":"497","volume-title":"Lecture notes in computer science","author":"A Holzer","year":"2007","unstructured":"Holzer A, Kinder J, Veith H (2007) Using verification technology to specify and detect malware. In: Lecture notes in computer science, vol 4739. Springer, Berlin, pp 497\u2013504"},{"key":"149_CR20","volume-title":"Proceedings of the 18th annual network and distributed system security symposium","author":"MG Kang","year":"2011","unstructured":"Kang MG, McCamant S, Poosankam P, Song D (2011) DTA++: dynamic taint analysis with targeted control-flow propagation. In: Proceedings of the 18th annual network and distributed system security symposium, San Diego, CA"},{"key":"149_CR21","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4612-0171-7","volume-title":"Automata theory and its applications","author":"B Khoussainov","year":"2001","unstructured":"Khoussainov B, Nerode A (2001) Automata theory and its applications. Birkhauser, Basel"},{"key":"149_CR22","series-title":"Lecture notes in computer science","doi-asserted-by":"crossref","first-page":"174","DOI":"10.1007\/11506881_11","volume-title":"GI SIG SIDAR conference on detection of intrusions and malware and vulnerability assessment","author":"J Kinder","year":"2005","unstructured":"Kinder J, Katzenbeisser S, Schallhart C, Veith H (2005) Detecting malicious code by model checking. In: Julisch K, Kr\u00fcgel C (eds) GI SIG SIDAR conference on detection of intrusions and malware and vulnerability assessment. Lecture notes in computer science, vol 3548. Springer, Berlin, pp 174\u2013187"},{"issue":"7","key":"149_CR23","doi-asserted-by":"crossref","first-page":"385","DOI":"10.1145\/360248.360252","volume":"19","author":"JC King","year":"1976","unstructured":"King JC (1976) Symbolic execution and program testing. Commun ACM 19(7):385\u2013394","journal-title":"Commun ACM"},{"key":"149_CR24","doi-asserted-by":"crossref","first-page":"109","DOI":"10.1142\/9789812797919_0008","volume-title":"Advances in structural and syntactic pattern recognition: proc of the int workshop","author":"T Knuutila","year":"1993","unstructured":"Knuutila T (1993) Inference of k-testable tree languages. In: Bunke H (ed) Advances in structural and syntactic pattern recognition: proc of the int workshop. World Scientific, Singapore, pp 109\u2013120"},{"key":"149_CR25","volume-title":"The 18th USENIX security symposium","author":"C Kolbitsch","year":"2009","unstructured":"Kolbitsch C, Milani P, Kruegel C, Kirda E, Zhou X, Wang X (2009) Effective and efficient malware detection at the end host. In: The 18th USENIX security symposium"},{"issue":"4","key":"149_CR26","doi-asserted-by":"crossref","first-page":"1658","DOI":"10.1109\/TSMCB.2004.827190","volume":"34","author":"D L\u00f3pez","year":"2004","unstructured":"L\u00f3pez D, Sempere JM, Garc\u00eda P (2004) Inference of reversible tree languages. IEEE Trans Syst Man Cybern, Part B, Cybern 34(4):1658\u20131665","journal-title":"IEEE Trans Syst Man Cybern, Part B, Cybern"},{"key":"149_CR27","doi-asserted-by":"crossref","first-page":"190","DOI":"10.1145\/1065010.1065034","volume-title":"PLDI\u201905: proc of the 2005 ACM SIGPLAN conf on prog lang design and impl","author":"C Luk","year":"2005","unstructured":"Luk C, Cohn R, Muth R, Patil H, Klauser A, Lowney G, Wallace S, Reddi V, Hazelwood K (2005) Pin: building customized program analysis tools with dynamic instrumentation. In: PLDI\u201905: proc of the 2005 ACM SIGPLAN conf on prog lang design and impl. ACM Press, New York, pp 190\u2013200"},{"key":"149_CR28","unstructured":"Martignoni L, Paleari R (2010) The libwst library (a Part of WUSSTrace)"},{"key":"149_CR29","unstructured":"Matrosov A, Rodionov E, Harley D, Malcho J (2010) Stuxnet under the microscope. Technical report, Eset"},{"key":"149_CR30","doi-asserted-by":"crossref","first-page":"231","DOI":"10.1109\/SP.2007.17","volume-title":"SP\u201907: proc of the 2007 IEEE symposium on security and privacy","author":"A Moser","year":"2007","unstructured":"Moser A, Kruegel C, Kirda E (2007) Exploring multiple execution paths for malware analysis. In: SP\u201907: proc of the 2007 IEEE symposium on security and privacy, Washington, DC, USA. IEEE Computer Society Press, Los Alamitos, pp 231\u2013245"},{"key":"149_CR31","volume-title":"Proc of the network and distributed systems security symposium","author":"J Newsome","year":"2005","unstructured":"Newsome J, Song D (2005) Dynamic taint analysis: automatic detection, analysis, and signature generation of exploit attacks on commodity software. In: Proc of the network and distributed systems security symposium"},{"issue":"5","key":"149_CR32","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1145\/1037949.1024404","volume":"38","author":"G Suh","year":"2004","unstructured":"Suh G, Lee J, Zhang D, Devadas S (2004) Secure program execution via dynamic information flow tracking. Oper Syst Rev 38(5):85\u201396","journal-title":"Oper Syst Rev"},{"key":"149_CR33","unstructured":"Symantec (2010) Symantec global internet security threat report: trends for 2009, vol xv. Technical report, Symantec, April"},{"key":"149_CR34","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1109\/SECPRI.2001.924296","volume-title":"Proc of the 2001 IEEE symposium on security and privacy","author":"D Wagner","year":"2001","unstructured":"Wagner D, Dean D (2001) Intrusion detection via static analysis. In: Proc of the 2001 IEEE symposium on security and privacy. IEEE Computer Society Press, Los Alamitos, p 156"},{"key":"149_CR35","doi-asserted-by":"crossref","first-page":"255","DOI":"10.1145\/586110.586145","volume-title":"CCS\u201902: proc of the 9th ACM conf on comp and comm security","author":"D Wagner","year":"2002","unstructured":"Wagner D, Soto P (2002) Mimicry attacks on host-based intrusion detection systems. In: CCS\u201902: proc of the 9th ACM conf on comp and comm security. ACM Press, New York, pp 255\u2013264"},{"key":"149_CR36","doi-asserted-by":"crossref","first-page":"297","DOI":"10.1109\/BWCCA.2010.85","volume-title":"Int conf on broadband, wireless computing, communication and applications","author":"I You","year":"2010","unstructured":"You I, Yim K (2010) Malware obfuscation techniques: a brief survey. In: Int conf on broadband, wireless computing, communication and applications, pp 297\u2013300"},{"issue":"2","key":"149_CR37","doi-asserted-by":"crossref","first-page":"151","DOI":"10.1016\/S0022-0000(72)80020-5","volume":"6","author":"Y Zalcstein","year":"1972","unstructured":"Zalcstein Y (1972) Locally testable languages. J Comput Syst Sci 6(2):151\u2013167","journal-title":"J Comput Syst Sci"}],"container-title":["Formal Methods in System Design"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10703-012-0149-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10703-012-0149-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10703-012-0149-1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,21]],"date-time":"2023-06-21T22:27:21Z","timestamp":1687386441000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10703-012-0149-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,4,11]]},"references-count":37,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2012,8]]}},"alternative-id":["149"],"URL":"https:\/\/doi.org\/10.1007\/s10703-012-0149-1","relation":{},"ISSN":["0925-9856","1572-8102"],"issn-type":[{"value":"0925-9856","type":"print"},{"value":"1572-8102","type":"electronic"}],"subject":[],"published":{"date-parts":[[2012,4,11]]}}}