{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,23]],"date-time":"2026-04-23T06:21:38Z","timestamp":1776925298401,"version":"3.51.2"},"reference-count":72,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2008,2,21]],"date-time":"2008-02-21T00:00:00Z","timestamp":1203552000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Comput Virol"],"published-print":{"date-parts":[[2008,8]]},"DOI":"10.1007\/s11416-008-0086-0","type":"journal-article","created":{"date-parts":[[2008,2,20]],"date-time":"2008-02-20T17:16:05Z","timestamp":1203527765000},"page":"251-266","source":"Crossref","is-referenced-by-count":156,"title":["Behavioral detection of malware: from a survey towards an established taxonomy"],"prefix":"10.1007","volume":"4","author":[{"given":"Gr\u00e9goire","family":"Jacob","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Herv\u00e9","family":"Debar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eric","family":"Filiol","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2008,2,21]]},"reference":[{"key":"86_CR1","unstructured":"Cohen, F.: Computer viruses. Ph.D. thesis, University of South California (1986)"},{"issue":"1","key":"86_CR2","doi-asserted-by":"crossref","first-page":"22","DOI":"10.1016\/0167-4048(87)90122-2","volume":"6","author":"F.B. Cohen","year":"1987","unstructured":"Cohen F.B. (1987). Computer viruses: Theory and experiments. Comput. Secur. 6(1): 22\u201335","journal-title":"Comput. Secur."},{"issue":"9","key":"86_CR3","first-page":"805","volume":"31","author":"H. Debar","year":"1999","unstructured":"Debar H., Dacier M. and Wespi A. (1999). Towards a taxonomy of intrusion-detection systems. Comput. Netw. Spl Issue Comput. Netw. Secur. 31(9): 805\u2013822","journal-title":"Comput. Netw. Spl Issue Comput. Netw. Secur."},{"key":"86_CR4","doi-asserted-by":"crossref","unstructured":"M\u00e9, L., Morin, B.: Intrusion detection and virology: an analysis of differences, similarities and complementariness. In: Bonfante, G., Marion, J.-Y. (eds.) J. Comput. Virol., vol. 3, no. 1, WTCV\u201906 Special Issue, pp. 39\u201349 (2007)","DOI":"10.1007\/s11416-007-0036-2"},{"key":"86_CR5","unstructured":"Anderson, J.: Computer security threat monitoring and surveillance. Tech. rep., James P. Anderson Company (1980)"},{"key":"86_CR6","doi-asserted-by":"crossref","unstructured":"Denning, D.: An intrusion\u2013detection model. IEEE Trans. Softw. Eng., vol. SE-13 (1987)","DOI":"10.1109\/TSE.1987.232894"},{"key":"86_CR7","doi-asserted-by":"crossref","unstructured":"Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusion using system calls: Alternative data models, In: Proceedings of IEEE Symposium on Security and Privacy, pp. 133\u2013145 (1999)","DOI":"10.1109\/SECPRI.1999.766910"},{"key":"86_CR8","doi-asserted-by":"crossref","unstructured":"Zanero, S.: Behavioral intrusion detection. In: Proceedings of the 19th International Symposium on Computer and Information Sciences (ISCIS), pp. 657\u2013666 (2004)","DOI":"10.1007\/978-3-540-30182-0_66"},{"key":"86_CR9","unstructured":"Filiol, E.: Computer viruses: from theory to applications. Springer, Heidelberg, IRIS Collection (2005). ISBN:2-287-23939-1"},{"key":"86_CR10","unstructured":"Fortinet observatory. http:\/\/www.fortinet.com\/FortiGuardCenter\/"},{"key":"86_CR11","unstructured":"Malware outbreak trend report: Storm-worm, Commtouch Software Ltd (2007). http:\/\/www.commtouch.com\/downloads\/Storm-Worm_MOTR.pdf"},{"key":"86_CR12","doi-asserted-by":"crossref","unstructured":"Filiol, E.: Malware pattern scanning schemes secure against black-box analysis. In: Broucek, V., Turner, P. (eds.) J. Comput. Virol., vol. 2, no. 1, EICAR 2006 Special Issue, pp. 35\u201350 (2006)","DOI":"10.1007\/s11416-006-0009-x"},{"key":"86_CR13","volume-title":"Techniques Virales Avanc\u00e9es","author":"E. Filiol","year":"2007","unstructured":"Filiol, E. (2007). Techniques Virales Avanc\u00e9es. Springer, Heidelberg, IRIS Collection. ISBN:2-287-33887-8"},{"key":"86_CR14","volume-title":"The Art of Computer Virus Research and Defense","author":"P. Sz\u00f6r","year":"2005","unstructured":"Sz\u00f6r, P.: The Art of Computer Virus Research and Defense. Addison-Wesley, Reading (2005). ISBN:0-321-30454-3"},{"key":"86_CR15","doi-asserted-by":"crossref","first-page":"280","DOI":"10.1109\/TIT.2002.806137","volume":"49","author":"D. Spinellis","year":"2003","unstructured":"Spinellis D. (2003). Reliable identification of boundedlength viruses is np-complete. IEEE Trans. Inf. Theory 49: 280\u2013284","journal-title":"IEEE Trans. Inf. Theory"},{"key":"86_CR16","unstructured":"Filiol, E.: Metamorphism, formal grammars and undecidable code mutation. In: Proceedings of the International Conference on Computational Intelligence (ICCI), Published in the Int. J. Comput. Sci., vol. 2, issue 1, pp. 70\u201375 (2007)"},{"key":"86_CR17","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S.: Testing malware detectors, In: Proceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), pp. 34\u201344, ACM Press, New York (2004)","DOI":"10.1145\/1007512.1007518"},{"key":"86_CR18","doi-asserted-by":"crossref","unstructured":"Josse, S.: How to assess the effectiveness of your anti-virus? In: Broucek, V. (ed.) J. Comput. Virol., vol. 2, no. 1, EICAR 2006 Special Issue, pp. 51\u201365 (2006)","DOI":"10.1007\/s11416-006-0016-y"},{"key":"86_CR19","doi-asserted-by":"crossref","unstructured":"Filiol, E., Jacob, G., Liard, M.L.: Evaluation methodology and theoretical model for antiviral behavioural detection strategies. In: Bonfante, G., Marion, J.-Y. (eds.) J. Comput. Virol., vol. 3, no. 1, WTCV\u201906 Special Issue, pp. 23\u201337 (2007)","DOI":"10.1007\/s11416-006-0026-9"},{"key":"86_CR20","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Mutz, D., Valeur, F., Vigna, G.: On the detection of anomalous system call arguments. In: Proceedings of the European Symposium on Research in Computer Security, pp. 326\u2013343 (2003)","DOI":"10.1007\/978-3-540-39650-5_19"},{"key":"86_CR21","unstructured":"Hoglund, G., Butler, J.: Rootkits, Subverting the Windows Kernel. Addison-Wesley Professional, Reading (2006). ISBN: 0-321-29431-9"},{"key":"86_CR22","unstructured":"Vivanco, A.D.: Comprehensive non-intrusive protection with data-restoration: A proactive approach against malicious mobile code. Master\u2019s thesis, Florida Institute of Technology (2002)"},{"key":"86_CR23","unstructured":"Wagner, M.E.: Behavior oriented detection of malicious code at run-time. Master\u2019s thesis, Florida Institute of Technology (2004)"},{"key":"86_CR24","unstructured":"Norman\u2019s sandbox malware analyzer. Norman ASA. http:\/\/www.norman.com\/microsites\/malwareanalyzer\/fr\/"},{"key":"86_CR25","unstructured":"Cwsandbox. Sunbelt Software. http:\/\/www.cwsandbox.org"},{"key":"86_CR26","doi-asserted-by":"crossref","unstructured":"Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic analysis of malicious code. In: Broucek, V., Turner, P., (eds.) J. Comput. Virol., vol. 2, no. 1, EICAR 2006 Special Issue, pp. 67\u201377 (2006)","DOI":"10.1007\/s11416-006-0012-2"},{"key":"86_CR27","unstructured":"Rutkowska, J.: Red pill... or how to detect vmm using (almost) one cpu instruction (2005). http:\/\/invisiblethings.org\/papers\/redpill.html"},{"key":"86_CR28","unstructured":"Ferrie, P.: Attacks on virtual machine emulators. In: Proceedings of the AVAR Conference (2006)"},{"key":"86_CR29","unstructured":"Debbabi, M.: Dynamic monitoring of malicious activity in software systems. In: Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS) (2001)"},{"key":"86_CR30","unstructured":"Nachenberg, C.: Behavior blocking: The next step in anti-virus protection, SecurityFocus, 2002. http:\/\/www.securityfocus.com\/infocus\/1557"},{"key":"86_CR31","unstructured":"Schmall, M.: Classification and identification of malicious code based on heuristic techniques utilizing meta-languages. Ph.D. thesis, University of Hamburg (2002)"},{"key":"86_CR32","unstructured":"Schmall, M.: Heuristic techniques in av solutions: An overview, SecurityFocus (2002). http:\/\/www.securityfocus.com\/infocus\/1542"},{"key":"86_CR33","unstructured":"Veldman, F.: Heuristic anti-virus technology. In: Proceedings of the International Virus Protection and Information Security Council (1994)"},{"key":"86_CR34","unstructured":"Zwienenberg, R.: Heuristics scanners: Artificial intelligence? In: Proceedings of the Virus Bulletin Conference, pp. 203\u2013210 (1994)"},{"key":"86_CR35","unstructured":"Understanding heuristics: Symantec bloodhound technology. Tech. rep., Symantec White Paper Series, vol. XXXIV (1997)"},{"key":"86_CR36","doi-asserted-by":"crossref","unstructured":"Glover, F.W., Kochenberger, G.A.: Handbook of Metaheuristics. Springer, Heidelberg (2003). ISBN:1-402-07263-5","DOI":"10.1007\/b101874"},{"key":"86_CR37","unstructured":"Charlier, B.L., Mounji, A., Swimmer, M.: Dynamic detection and classification of computer viruses using general behaviour patterns. In: Proceedings of the Virus Bulletin Conference (1995)"},{"key":"86_CR38","doi-asserted-by":"crossref","unstructured":"Sekar, R., Bendre, M., Bollineni, P., Dhurjati, D.: A fast automaton-based approach for detecting anomalous program behaviors. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 144\u2013155 (2001)","DOI":"10.1109\/SECPRI.2001.924295"},{"key":"86_CR39","unstructured":"Hopcroft, J., Motwani, R., Ullman, J.: Introduction to Automata Theory, Languages and Computation, 2nd edn. Addison Wesley, Reading (1995). ISBN:0-201-44124-1"},{"key":"86_CR40","unstructured":"Mazeroff, G., Cerqueira, V.D., Gregor, J., Thomason, M.G.: Probabilistic trees and automata for application behavior modeling. In: Proceedings of the 43rd ACM Southeast Conference (2003)"},{"key":"86_CR41","unstructured":"Kaspersky, K.: Hacker Disassembling Uncovered, 2nd edn. A-LIST, LLC (2007). ISBN:1-931-76964-8"},{"key":"86_CR42","unstructured":"Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Tech. rep., Technical Report 148, Department of Computer Science, University of Auckland (1997)"},{"key":"86_CR43","unstructured":"Kruegel, C., Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: SSYM\u201904: Proceedings of the 13th conference on USENIX Security Symposium, pp. 18\u201318 (2004)"},{"issue":"3","key":"86_CR44","doi-asserted-by":"crossref","first-page":"221","DOI":"10.1007\/s11416-007-0046-0","volume":"3","author":"S. Josse","year":"2007","unstructured":"Josse S. (2007). Secure and advanced unpacking using computer emulation, extended version from the avar conference. J. Comput. Virol. 3(3): 221\u2013236","journal-title":"J. Comput. Virol."},{"key":"86_CR45","doi-asserted-by":"crossref","unstructured":"Preda, M.D., Christodorescu, M., Jha, S., Debray, S.: A semantic-based approach to malware detection. In: Proceedings of the 34th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL) (2007)","DOI":"10.1145\/1190216.1190270"},{"key":"86_CR46","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantic-aware malware detection. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 32\u201346 (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"86_CR47","doi-asserted-by":"crossref","unstructured":"Bruschi, D., Martignoni, L., Monga, M.: Detecting self-mutating malware using control-flow graph matching. In: Proceedings of the Conference on the Detection of Intrusions and Malwares and Vulnerability Assessment (DIMVA), pp. 129\u2013143 (2006)","DOI":"10.1007\/11790754_8"},{"key":"86_CR48","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: International Symposium on Recent Advances in Intrusion Detection (RAID) (2005)","DOI":"10.1007\/11663812_11"},{"key":"86_CR49","unstructured":"Periot, F.: Defeating polymorphism through code optimization. In: Proceedings of the Virus Bulletin Conference, pp. 142\u2013159 (2003)"},{"key":"86_CR50","unstructured":"Bruschi, D., Martignoni, L., Monga, M.: Using code normalization for fighting self-mutating malware. In: Proceedings of the International Symposium on Secure Software Engineering, pp. 37\u201344, IEEE CS Press (2006)"},{"key":"86_CR51","unstructured":"Webster, M.: Algebraic specification of computer viruses and their environments. In: Selected Papers from the First Conference on Algebra and Coalgebra in Computer Science Young Researchers Workshop (CALCO-jnr 2005), University of Wales Swansea Computer Science Report Series (CSR 18-2005), pp. 99\u2013113 (2005)"},{"issue":"3","key":"86_CR52","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1007\/s11416-006-0023-z","volume":"2","author":"M. Webster","year":"2006","unstructured":"Webster M. and Malcolm G. (2006). Detection of metamorphic computer viruses using algebraic specification. J. Comput. Virol. 2(3): 149\u2013161","journal-title":"J. Comput. Virol."},{"key":"86_CR53","unstructured":"Bergeron, J., Debbabi, M., Desharnais, J., Erhioui, M.M., Lavoie, Y., Tawbi, N.: Static detection of malicious code in executable programs. In: Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS) (2001)"},{"key":"86_CR54","doi-asserted-by":"crossref","unstructured":"Singh, P., Lakhotia, A.: Static verification of worm and virus behavior in binary executables using model checking. In: Proceedings of the IEEE Information Assurance Workshop, pp. 298\u2013300 (2003)","DOI":"10.1109\/SMCSIA.2003.1232440"},{"key":"86_CR55","volume-title":"Model Checking","author":"E. Clark","year":"1999","unstructured":"Clark, E., Grumberg, O., Long, D.: Model Checking. MIT Press, Cambridge (1999). ISBN:0-262-03270-8"},{"key":"86_CR56","first-page":"393","volume":"4","author":"P. Schnoebelen","year":"2003","unstructured":"Schnoebelen P. (2003). The complexity of temporal logic model checking. Adv. Modal Logic 4: 393\u2013436","journal-title":"Adv. Modal Logic"},{"key":"86_CR57","doi-asserted-by":"crossref","first-page":"174","DOI":"10.1007\/11506881_11","volume":"3548","author":"J. Kinder","year":"2005","unstructured":"Kinder J., Katzenbeisser S., Schallhart C. and Veith H. (2005). Detecting malicious code by model checking. Lect. Notes Computer Sci. 3548: 174\u2013187","journal-title":"Lect. Notes Computer Sci."},{"key":"86_CR58","doi-asserted-by":"crossref","unstructured":"Perdisci, R., Dagon, D., Fogla, P.W.L., Sharif, M.: Misleading worm signature generators using deliberate noise injection. In: Proceedings of IEEE Symposium on Security and Privacy (2006)","DOI":"10.1109\/SP.2006.26"},{"key":"86_CR59","unstructured":"Lee, W., Stolfo, S., Chan, P.: Learning patterns from unix process execution traces for intrusion detection. In: Proceedings of the AAAI97 Workshop on AI Approaches to Fraud Detection and Risk Management, pp. 50\u201356. Addison Wesley, Reading (1997)"},{"key":"86_CR60","doi-asserted-by":"crossref","unstructured":"Schultz, M.G., Eskin, E., Zadok, E.: Data mining methods for detection of new malicious executables. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 38\u201349 (2001)","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"86_CR61","unstructured":"Wang, J.-H., Deng, P.S., Fan, Y.-S., Jaw, L.-J., Liu, Y.-C.: Virus detection using data mining techniques. In: Proceedings of IEEE on Security Technology, pp. 71\u201376 (2003)"},{"key":"86_CR62","doi-asserted-by":"crossref","unstructured":"Kolter, J., Maloof, M.: Learning to detect malicious executables in the wild. In: Proceedings of the 2004 ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 470\u2013478. ACM Press, New York (2004)","DOI":"10.1145\/1014052.1014105"},{"key":"86_CR63","unstructured":"Lee, T., Mody, J.: Behavioral classification. In: Proceedings of EICAR (2006)"},{"key":"86_CR64","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based spyware detection. In: Proceedings of the 15th USENIX Security Symposium (2006)"},{"key":"86_CR65","unstructured":"Frost&Sullivan, Protection en temps r\u00e9el contre toutes les menaces, Tech. Rep., White Paper Eset"},{"key":"86_CR66","unstructured":"Avg anti-virus. Grisoft. http:\/\/www.grisoft.com\/doc\/39\/lng\/fr\/tpl\/tpl01"},{"key":"86_CR67","unstructured":"Viguard. Softed. http:\/\/www.viguard.com\/detail_163_logiciel_antivirus_viguard-platinium#"},{"key":"86_CR68","unstructured":"Bitdefender antivirus technology, Tech. Rep., BitDefender White Paper"},{"key":"86_CR69","unstructured":"Host and network intrusion prevention, competitors or partners? Tech. rep., Mc Affee White Paper (2004)"},{"key":"86_CR70","unstructured":"Safe\u2032n\u2032sec antivirus. Safen Soft. http:\/\/www.safensoft.com\/technology\/"},{"key":"86_CR71","unstructured":"Truprevent. Panda Software. http:\/\/www.pandasoftware.com\/products\/truprevent_tec.htm?sitepanda=particulares"},{"key":"86_CR72","unstructured":"Virus keeper. AxBa. http:\/\/www.viruskeeper.com\/fr\/faq.htm"}],"container-title":["Journal in Computer Virology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-008-0086-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-008-0086-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-008-0086-0","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,28]],"date-time":"2025-01-28T17:17:33Z","timestamp":1738084653000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-008-0086-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,2,21]]},"references-count":72,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2008,8]]}},"alternative-id":["86"],"URL":"https:\/\/doi.org\/10.1007\/s11416-008-0086-0","relation":{},"ISSN":["1772-9890","1772-9904"],"issn-type":[{"value":"1772-9890","type":"print"},{"value":"1772-9904","type":"electronic"}],"subject":[],"published":{"date-parts":[[2008,2,21]]}}}