{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,30]],"date-time":"2026-04-30T10:08:23Z","timestamp":1777543703342,"version":"3.51.4"},"reference-count":35,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2008,1,24]],"date-time":"2008-01-24T00:00:00Z","timestamp":1201132800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Comput Virol"],"published-print":{"date-parts":[[2008,11]]},"DOI":"10.1007\/s11416-008-0081-5","type":"journal-article","created":{"date-parts":[[2008,1,23]],"date-time":"2008-01-23T11:12:09Z","timestamp":1201086729000},"page":"307-322","source":"Crossref","is-referenced-by-count":11,"title":["Constructing malware normalizers using term rewriting"],"prefix":"10.1007","volume":"4","author":[{"given":"Andrew","family":"Walenstein","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rachit","family":"Mathur","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohamed R.","family":"Chouchane","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arun","family":"Lakhotia","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2008,1,24]]},"reference":[{"key":"81_CR1","unstructured":"VX heavens. ( http:\/\/vx.netlux.org )"},{"key":"81_CR2","volume-title":"Compilers: Principles, Techniques, and Tools","author":"A. Aho","year":"1986","unstructured":"Aho, A., Sethi, R., Ullman, J.: Compilers: Principles, Techniques, and Tools. Addison-Wesley, Reading (1986)"},{"key":"81_CR3","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9781139172752","volume-title":"Term Rewriting and All That","author":"F. Baader","year":"1998","unstructured":"Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge University Press, London (1998)"},{"key":"81_CR4","doi-asserted-by":"crossref","unstructured":"Baxter, I.D., Yahin, A., Moura, L.M.D., Sant\u2019Anna, M., Bier, L.: Clone detection using abstract syntax trees. In: Proceedings of the 1998 International Conference on Software Maintenance (CSM \u201998), pp. 368\u2013377 (1998)","DOI":"10.1109\/ICSM.1998.738528"},{"key":"81_CR5","unstructured":"Benny. Benny\u2019s metamorphic engine for Win32. ( http:\/\/vx.netlux.org\/29a\/29a-6\/29a-6.316 )"},{"key":"81_CR6","doi-asserted-by":"crossref","unstructured":"Bruschi, D., Martignoni, L., Monga, M.: Using code normalization for fighting self-mutating malware. In: Proceedings of International Symposium on Secure Software Engineering. IEEE, Washington, DC (2006)","DOI":"10.1109\/MSP.2007.31"},{"key":"81_CR7","unstructured":"Chess, D., White, S.: An undetectable computer virus. In: Proceedings of Virus Bulletin Conference, Sept 2000"},{"key":"81_CR8","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: 2005 IEEE Symposium on Security and Privacy, pp. 32\u2013 46 (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"81_CR9","unstructured":"Christodorescu, M., Kinder, J., Jha, S., Katzenbeisser, S., Veith, H.: Malware normalization. Technical Report 1539. University of Wisconsin, Madison, Nov. 2005"},{"issue":"4","key":"81_CR10","doi-asserted-by":"crossref","first-page":"325","DOI":"10.1016\/0167-4048(89)90089-8","volume":"8","author":"F. Cohen","year":"1989","unstructured":"Cohen, F.: Computational aspects of computer viruses. Comput. Secur. 8(4), 325\u2013344 (1989)","journal-title":"Comput. Secur."},{"issue":"8","key":"81_CR11","doi-asserted-by":"crossref","first-page":"735","DOI":"10.1109\/TSE.2002.1027797","volume":"28","author":"C.S. Collberg","year":"2002","unstructured":"Collberg, C.S., Thomborson, C.: Watermarking, tamper-proofing, and obfuscation tools for software protection. IEEE Trans. Softw. Eng. 28(8), 735\u2013746 (2002)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"81_CR12","doi-asserted-by":"crossref","unstructured":"Cordy, J.R.: TXL\u2014a language for programming language tools and applications. In: ACM 4th International Workshop on LTDA. Electronic Notes in Theoretical Computer Science, vol. 110, pp. 3\u201331. Springer, Heidelberg (2004)","DOI":"10.1016\/j.entcs.2004.11.006"},{"issue":"6","key":"81_CR13","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1145\/966221.966235","volume":"28","author":"M.A. Dave","year":"2003","unstructured":"Dave, M.A.: Compiler verification: a bibliography. SIGSOFT Softw. Eng. Notes 28(6), 2 (2003)","journal-title":"SIGSOFT Softw. Eng. Notes"},{"key":"81_CR14","unstructured":"Filiol, \u00c9.: Metamorphism, formal grammars, and undecidable code mutation. Int. J. Comput. Sci. 2(1), Nov 2007"},{"key":"81_CR15","doi-asserted-by":"crossref","unstructured":"Hong Zuo, Z., xin Zhu, Q., tian Zhou, M.: On the time complexity of computer viruses. IEEE Trans. Inf. Theory 51(8), Aug 2005","DOI":"10.1109\/TIT.2005.851780"},{"issue":"7","key":"81_CR16","doi-asserted-by":"crossref","first-page":"654","DOI":"10.1109\/TSE.2002.1019480","volume":"8","author":"T. Kamiya","year":"2002","unstructured":"Kamiya, T., Kusumoto, S., Inoue, K.: A multilinguistic token-based code clone detection system for large scale source code. Trans. Softw. Eng. 8(7), 654\u2013670 (2002)","journal-title":"Trans. Softw. Eng."},{"key":"81_CR17","doi-asserted-by":"crossref","unstructured":"Kinder, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Detecting malicious code by model checking. In: Julisch, K., Kruegel, C. (eds.) Intrusion and Malware Detection and Vulnerability Assessment: Second International Conference (DIMVA 2005). Lecture Notes in Computer Science, pp. 174. Springer, Heidelberg (2005)","DOI":"10.1007\/11506881_11"},{"key":"81_CR18","doi-asserted-by":"crossref","unstructured":"Knuth, D.E., Bendix, P.B.: Simple word problems in universal algebras. In: Automation of Reasoning 2: Classical Papers on Computational Logic 1967\u20131970, pp. 342\u2013376. Springer, Heidelberg (1983)","DOI":"10.1007\/978-3-642-81955-1_23"},{"key":"81_CR19","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Valdes, A., Zamboni, D. (eds.) Recent Advances in Intrusion Detection: 8th International Symposium (RAID 2005). Lecture Notes in Computer Science, vol. 3858, pp. 206\u2013226. Springer, Heidelberg (2006)","DOI":"10.1007\/11663812_11"},{"key":"81_CR20","unstructured":"Lakhotia, A., Kapoor, A., Kumar, E.U.: Are metamorphic viruses really invincible?\u2014Part II. Virus Bull. pp. 9\u201312, Jan 2005"},{"key":"81_CR21","doi-asserted-by":"crossref","unstructured":"Lakhotia, A., Mohammed, M.: Imposing order on program statements and its implications to AV scanners. In: Proceedings of the 11th IEEE Working Conference on Reverse Engineering, pp. 161\u2013171, Nov 2004","DOI":"10.1109\/WCRE.2004.24"},{"issue":"4","key":"81_CR22","doi-asserted-by":"crossref","first-page":"323","DOI":"10.1145\/161494.161501","volume":"1","author":"W. Landi","year":"1992","unstructured":"Landi, W.: Undecidability of static analysis. ACM Lett. Program. Lang. Syst. 1(4), 323\u2013337 (1992)","journal-title":"ACM Lett. Program. Lang. Syst."},{"key":"81_CR23","unstructured":"Mathur, R.: Normalizing metamorphic malware using term-rewriting. Master\u2019s Thesis, Center for Advanced Computer Studies, University of Louisiana at Lafayette, Dec 2006"},{"key":"81_CR24","doi-asserted-by":"crossref","unstructured":"M\u00fcller, A.J., Shinohara, T.: On approximate matching of programs for protecting libre software. In: CASCON \u201906: Proceedings of the 2006 conference of the Center for Advanced Studies on Collaborative Research, pp. 21\u201336. ACM Press, New York (2006)","DOI":"10.1145\/1188966.1188994"},{"issue":"1","key":"81_CR25","doi-asserted-by":"crossref","first-page":"47","DOI":"10.1145\/242857.242869","volume":"40","author":"C. Nachenberg","year":"1997","unstructured":"Nachenberg, C.: Computer virus-antivirus coevolution. Commun. ACM 40(1), 47\u201351 (1997)","journal-title":"Commun. ACM"},{"key":"81_CR26","unstructured":"Singh, P.K., Moinuddin, M., Lakhotia, A.: Using static analysis and verification for analyzing virus and worm programs. In: Proceedings of the 2nd European Conference on Information Warfare and Security, pp. 281\u2013292 (2003)"},{"key":"81_CR27","volume-title":"Malware: Fighting Malicious Code","author":"E. Skoudis","year":"2004","unstructured":"Skoudis, E.: Malware: Fighting Malicious Code. Prentice-Hall, Englewood Cliffs (2004)"},{"key":"81_CR28","unstructured":"Symantec: W32.Evol security response writeup. http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2000-122010-0045-99 , checked 15 Aug 2007"},{"key":"81_CR29","unstructured":"Sz\u00f6r, P.: The Art of Computer Virus Research and Defense. Symantec Press, Austin (2005)"},{"key":"81_CR30","unstructured":"Sz\u00f6r, P., Ferrie, P.: Hunting for metamorphic. In: 11th International Virus Bulletin Conference (2001)"},{"key":"81_CR31","unstructured":"The Mental Driller. Metamorphism in practice. ( http:\/\/vx.netlux.org\/29a\/29a-6\/29a-6.205 )"},{"key":"81_CR32","doi-asserted-by":"crossref","unstructured":"Visser, E.: A survey of rewriting strategies in program transformation systems. In: Workshop on Reduction Strategies in Rewriting and Programming (WRS\u201901). Electronic Notes in Theoretical Computer Science, vol. 57 (2001)","DOI":"10.1016\/S1571-0661(04)00270-1"},{"key":"81_CR33","unstructured":"Walenstein, A., Mathur, R., Chouchane, M.R., Lakhotia, A.: The design space of metamorphic malware. In: Proceedings of the 2nd International Conference on Information Warfare, Monterey, Mar 2007"},{"key":"81_CR34","unstructured":"Z0mbie: Automated reverse engineering: Mistfall engine. ( http:\/\/vx.netlux.org\/lib\/vzo21.html )"},{"key":"81_CR35","unstructured":"Z0mbie: Some ideas about metamorphism. ( http:\/\/vx.netlux.org\/lib\/vzo20.html )"}],"container-title":["Journal in Computer Virology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-008-0081-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-008-0081-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-008-0081-5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,26]],"date-time":"2025-01-26T05:21:41Z","timestamp":1737868901000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-008-0081-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,1,24]]},"references-count":35,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2008,11]]}},"alternative-id":["81"],"URL":"https:\/\/doi.org\/10.1007\/s11416-008-0081-5","relation":{},"ISSN":["1772-9890","1772-9904"],"issn-type":[{"value":"1772-9890","type":"print"},{"value":"1772-9904","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008,1,24]]}}}