{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,27]],"date-time":"2026-01-27T04:16:18Z","timestamp":1769487378233,"version":"3.49.0"},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2007,12,8]],"date-time":"2007-12-08T00:00:00Z","timestamp":1197072000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Comput Virol"],"published-print":{"date-parts":[[2008,11]]},"DOI":"10.1007\/s11416-007-0074-9","type":"journal-article","created":{"date-parts":[[2007,12,7]],"date-time":"2007-12-07T10:04:27Z","timestamp":1197021867000},"page":"279-287","source":"Crossref","is-referenced-by-count":84,"title":["Malware behaviour analysis"],"prefix":"10.1007","volume":"4","author":[{"given":"G\u00e9rard","family":"Wagener","sequence":"first","affiliation":[]},{"given":"Radu","family":"State","sequence":"additional","affiliation":[]},{"given":"Alexandre","family":"Dulaunoy","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2007,12,8]]},"reference":[{"key":"74_CR1","first-page":"280","volume-title":"Encyclopedia of Measurement and Statistics","author":"H. Abdi","year":"2007","unstructured":"Abdi, H.: Distance. In Salkind, N.J. (eds.) Encyclopedia of Measurement and Statistics, pp. 280\u2013284. Sage, Thousand Oaks"},{"key":"74_CR2","doi-asserted-by":"crossref","unstructured":"Bruschi, D., Martignoni, L., Monga, M.: Recognizing self-mutating malware by code normalization and control-flow graph analysis. IEEE Secur. Privac. (2007, in press)","DOI":"10.1109\/MSP.2007.31"},{"key":"74_CR3","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Kruegel, C.: Mining specifications of malicious behavior. In: ESEC-FSE \u201907: Proceedings of the the 6th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, pp. 5\u201314. ACM Press, New York (2007).","DOI":"10.1145\/1287624.1287628"},{"key":"74_CR4","unstructured":"Christodorescu, M., Kinder, J., Jha, S., Katzenbeisser, S., Veith, H.: Malware normalization. Technical Report 1539, University of Wisconsin, Madison, Wisconsin, USA, November 2005"},{"key":"74_CR5","unstructured":"Ferrie, P.: Attacks on virtual machine emulators. In Proceedings AVAR (2006)"},{"key":"74_CR6","volume-title":"Les virus informatiques: th\u00e9orie, pratique et applications","author":"E. Filiol","year":"2004","unstructured":"Filiol E. (2004). Les virus informatiques: th\u00e9orie, pratique et applications. Springer, Heidelberg"},{"key":"74_CR7","doi-asserted-by":"crossref","unstructured":"Ford, R.: The future of virus detection. Information Security Technical Report, pp. 19\u201326. Elsevier, Amsterdam (2004)","DOI":"10.1016\/S1363-4127(04)00021-4"},{"key":"74_CR8","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S.A., Somayaji, A., Longstaff, T.A.: A sense of self for Unix processes. In: Proceedinges of the 1996 IEEE Symposium on Research in Security and Privacy, pp. 120\u2013128. IEEE Computer Society Press (1996)","DOI":"10.1109\/SECPRI.1996.502675"},{"issue":"1","key":"74_CR9","doi-asserted-by":"crossref","first-page":"188","DOI":"10.1006\/jagm.1997.0897","volume":"26","author":"L.A. Goldberg","year":"1998","unstructured":"Goldberg L.A., Goldberg P.W., Phillips C.A. and Sorkin G.B. (1998). Constructing computer virus phylogenies. J. Algorith. 26(1): 188\u2013208","journal-title":"J. Algorith."},{"issue":"145","key":"74_CR10","first-page":"2","volume":"2006","author":"M.E. Hoskins","year":"2006","unstructured":"Hoskins M.E. (2006). User-mode linux. Linux J. 2006(145): 2","journal-title":"Linux J."},{"key":"74_CR11","unstructured":"Julliard, A.: Wine. http:\/\/www.winehq.com"},{"issue":"1\u20132","key":"74_CR12","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1007\/s11416-005-0002-9","volume":"1","author":"Md.E. Karim","year":"2005","unstructured":"Karim Md.E., Walenstein A., Lakhotia A. and Parida L. (2005). Malware phylogeny generation using permutations of code. J. Comput. Virol. 1(1\u20132): 13\u201323","journal-title":"J. Comput. Virol."},{"key":"74_CR13","unstructured":"Kim, J., Warnow, T.: Tutorial on phylogenetic tree estimation (1999)"},{"key":"74_CR14","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based spyware detection. In: Proceedings of the 15th USENIX Security Symposium, Vancouver, BC, Canada, August 2006. Springer, Heidelberg"},{"key":"74_CR15","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Automating mimicry attacks using static binary analysis. In: SSYM\u201905: Proceedings of the 14th Conference on USENIX Security Symposium, Berkeley, CA, USA, p. 11. USENIX Association (2005)"},{"issue":"2","key":"74_CR16","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MSP.2007.48","volume":"5","author":"R. Lyda","year":"2007","unstructured":"Lyda R. and Hamrock J. (2007). Using entropy analysis to find encrypted and packed malware. IEEE Secur. Privac. 5(2): 40\u201345","journal-title":"IEEE Secur. Privac."},{"key":"74_CR17","unstructured":"Swimmer, A.M.M., Le Charlier, B.: Dynamic detection and classification of computer viruses using general behavior patterns. In: Proceedings of the 5th International Virus Bulletin Conference, pp. 75\u201388 (1995)"},{"key":"74_CR18","unstructured":"Nepenthes: http:\/\/nepenthes.mwcollect.org"},{"key":"74_CR19","unstructured":"Norman: http:\/\/sandbox.norman.no"},{"key":"74_CR20","unstructured":"Objdump: http:\/\/www.gnu.org\/software\/binutils"},{"key":"74_CR21","unstructured":"Peid: http:\/\/peid.tk\/"},{"key":"74_CR22","doi-asserted-by":"crossref","unstructured":"Sung, A.H., Xu, J., Chavez, P., Mukkamala, S.: Static analyzer of vicious executables (save). In: ACSAC \u201904: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC\u201904), Washington, DC, USA, pp. 326\u2013334. IEEE Computer Society (2004)","DOI":"10.1109\/CSAC.2004.37"},{"key":"74_CR23","unstructured":"Mazeroff, G., De Cerqueira, V., Gregor, J., Thomason, M.G.: Probabilistic trees and automata for application behavior modeling. In: Proceedings of the 43rd ACM Southeast Conference (2003)"},{"key":"74_CR24","unstructured":"Mody Tony Lee, J.J.: Behavioral classification. In: Proceedings Eicar\u201906, May 2006"},{"key":"74_CR25","unstructured":"Matthew Evan Wagner. Behavior oriented detection of malicious code at run-time. Master\u2019s thesis, Florida Institute of Technology (2004)"},{"key":"74_CR26","doi-asserted-by":"crossref","unstructured":"Willems, Carsten Holz, Thorsten, Felix Freiling. Toward automated dynamic malware analysis using cwsandbox. Secur. Privac. Mag. 5(April), 32\u201339 (2007)","DOI":"10.1109\/MSP.2007.45"},{"key":"74_CR27","doi-asserted-by":"crossref","unstructured":"Wilson: Activity pattern analysis by means of sequence-alignment methods. Environ. Plann. 30, 1017\u20131038 (1998)","DOI":"10.1068\/a301017"},{"key":"74_CR28","unstructured":"Ylonen, T.: SSH \u2013 secure login connections over the internet. In: Proceedings of the 6th Security Symposium, p. 37. USENIX Association, Berkeley (1996)"}],"container-title":["Journal in Computer Virology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-007-0074-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-007-0074-9\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-007-0074-9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T14:45:42Z","timestamp":1559400342000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-007-0074-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007,12,8]]},"references-count":28,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2008,11]]}},"alternative-id":["74"],"URL":"https:\/\/doi.org\/10.1007\/s11416-007-0074-9","relation":{},"ISSN":["1772-9890","1772-9904"],"issn-type":[{"value":"1772-9890","type":"print"},{"value":"1772-9904","type":"electronic"}],"subject":[],"published":{"date-parts":[[2007,12,8]]}}}