{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:36:29Z","timestamp":1759091789605},"reference-count":30,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2010,1,27]],"date-time":"2010-01-27T00:00:00Z","timestamp":1264550400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Comput Virol"],"published-print":{"date-parts":[[2011,5]]},"DOI":"10.1007\/s11416-010-0140-6","type":"journal-article","created":{"date-parts":[[2010,1,26]],"date-time":"2010-01-26T02:31:19Z","timestamp":1264473079000},"page":"95-105","source":"Crossref","is-referenced-by-count":8,"title":["Determining malicious executable distinguishing attributes and low-complexity detection"],"prefix":"10.1007","volume":"7","author":[{"given":"Hassan","family":"Khan","sequence":"first","affiliation":[]},{"given":"Fauzan","family":"Mirza","sequence":"additional","affiliation":[]},{"given":"Syed Ali","family":"Khayam","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2010,1,27]]},"reference":[{"key":"140_CR1","unstructured":"Spafford, E.H.: The Internet Worm Program: An Analysis. Tech. Report CSD-TR-823. Department of Computer Science, Purdue University (1988)"},{"key":"140_CR2","doi-asserted-by":"crossref","unstructured":"Kephart, J.O., Arnold, W.C.: Automatic extraction of computer virus signatures. In: 4th Virus Bulletin International Conference, pp. 178\u2013184 (1994)","DOI":"10.1016\/0142-0496(94)90045-0"},{"key":"140_CR3","unstructured":"Kephart, J.O., Sorkin, G.B., Arnold, W.C., Chess, D.M., Tesauro, G.J., White, S.R.: Biologically inspired defenses against computer viruses. In: Proceedings of the Fourteenth International Joint Conference on Artificial Intelligence, pp. 985\u2013996. Morgan Kaufmann, San Francisco (1995)"},{"issue":"6","key":"140_CR4","doi-asserted-by":"crossref","first-page":"541","DOI":"10.1016\/0167-4048(95)00012-W","volume":"14","author":"R.W. Lo","year":"1995","unstructured":"Lo R.W., Levitt K.N., Olsson R.A.: MCF: a malicious code filter. Comput. Secur. 14(6), 541\u2013566 (1995)","journal-title":"Comput. Secur."},{"key":"140_CR5","unstructured":"Arnold, W., Tesauro, G.: Automatically generated Win32 heuristic virus detection. In: Proceedings of the 2000 International Virus Bulletin Conference (2000)"},{"key":"140_CR6","unstructured":"Bayer, U.: TTAnalyze: A Tool for Analyzing Malware. Distributed System and Automation Groups, Technical University of Vienna (2005)"},{"key":"140_CR7","doi-asserted-by":"crossref","unstructured":"Kolter, J., Maloof, M.: Learning to detect malicious executables in the wild. In: Proceedings of ACM SIGKDD (2004)","DOI":"10.1145\/1014052.1014105"},{"key":"140_CR8","unstructured":"Stolfo, S.J., Wang, K., Li, W.-J.: Towards stealthy malware detection. In: Christodorescu, M., Jha, S., Maughan, D., Song, D., Wang, C. (eds.) Malware Detection. Advances in Information Security, vol. 27. Springer, US (2007)"},{"key":"140_CR9","doi-asserted-by":"crossref","unstructured":"Ashcraft, K., Engler, D.: Using programmer-written compiler extensions to catch security holes. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 143\u2013159 (2002)","DOI":"10.21236\/ADA419600"},{"key":"140_CR10","unstructured":"Krugel, C., Robertson, W., Valeur, F., Vigna, G.: Static disassembly of obfuscated binaries. In: Proceedings of USENIX Security Symposium (2004)"},{"key":"140_CR11","unstructured":"Schultz, M.G., Eskin, E., Zadok, E., Stolfo, S.J.: Data mining methods for detection of new malicious executables. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 38\u201349, Los Alamitos, CA, 2001. IEEE Press, USA (2001)"},{"key":"140_CR12","unstructured":"VX heavens. http:\/\/vx.netlux.org"},{"key":"140_CR13","doi-asserted-by":"crossref","unstructured":"Martignoni, L., Christodorescu, M., Jha, S.: Omniunpack: fast, generic, and safe unpacking of malware. In: ACSAC\u201907: Proceedings of the 23rd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference (2007)","DOI":"10.1109\/ACSAC.2007.4413009"},{"key":"140_CR14","doi-asserted-by":"crossref","unstructured":"Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: Polyunpack: automating the hidden-code extraction of unpack-executing malware. In: ACSAC\u201906: Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference (2006)","DOI":"10.1109\/ACSAC.2006.38"},{"key":"140_CR15","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1214\/aoms\/1177729694","volume":"22","author":"S. Kullback","year":"1951","unstructured":"Kullback S., Leibler R.A.: On information and sufficiency. Ann. Math. Stat. 22, 79\u201386 (1951)","journal-title":"Ann. Math. Stat."},{"key":"140_CR16","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4419-8608-5","volume-title":"A First Course in Information Theory","author":"R.W. Yeung","year":"2002","unstructured":"Yeung R.W.: A First Course in Information Theory. Kluwer Academic\/Plenum Publishers, New York (2002)"},{"issue":"3","key":"140_CR17","doi-asserted-by":"crossref","first-page":"145","DOI":"10.1109\/18.61115","volume":"37","author":"J. Lin","year":"1991","unstructured":"Lin J.: Divergence measures based on the shannon entropy. IEEE Trans. Inf. Theory 37(3), 145\u2013151 (1991)","journal-title":"IEEE Trans. Inf. Theory"},{"key":"140_CR18","unstructured":"Johnson, D.H., Sinanovic, S.: Symmetrizing the Kullback-Leibler distance. Technical Report (2001)"},{"key":"140_CR19","unstructured":"Kohavi, R.: A study of cross-validation and bootstrap for accuracy estimation and model selection. In: Mellish, C.S. (ed.) Proceedings of the 14th International Joint Conference on Artificial Intelligence, pp. 1137\u20131143. Morgan Kaufmann, Menlo Park (1995)"},{"key":"140_CR20","unstructured":"Li, K.-L., Haung, H.-K., Tian, S.-F., Xu, W.: Improving one-class SVM for anomaly detection. In: Proceedings of the Second International Conference on Machine Learning and Cybernetics, Wan, 2\u20135 November 2003"},{"key":"140_CR21","unstructured":"Mukkamala, S., Janoski, G.I., Sung, A.H.: Intrusion detection using support vector machines. In: Proceedings of the High Performance Computing Symposium\u2014HPC 2002, pp. 178-183, San Diego, April 2002"},{"key":"140_CR22","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4757-2526-1","volume-title":"Introduction to time series and forecasting","author":"P. Brockwell","year":"1996","unstructured":"Brockwell P., Davis R.: Introduction to time series and forecasting. Springer, Berlin (1996)"},{"key":"140_CR23","doi-asserted-by":"crossref","first-page":"605","DOI":"10.1080\/01621459.1987.10478472","volume":"82","author":"S.C. Self","year":"1987","unstructured":"Self S.C., Liang K.Y.: Asymptotic properties of maximum likelihood estimators and likelihood ratio tests under non-standard conditions. J. Am. Stat. Soc. 82, 605\u2013610 (1987)","journal-title":"J. Am. Stat. Soc."},{"key":"140_CR24","unstructured":"Boser, B.E., Guyon, I.M., Vapnik, V.N.: A training algorithm for optimal margin classifiers. In: Haussler, D. (ed.) Proceedings of 5th Annual ACM Workshop on COLT, pp. 144\u2013152, Pittsburgh, PA, 1992. ACM Press, New York (1992)"},{"key":"140_CR25","first-page":"273","volume":"20","author":"C. Cortes","year":"1995","unstructured":"Cortes C., Vapnik V.: Support-vector networks. Mach. Learn. 20, 273\u2013297 (1995)","journal-title":"Mach. Learn."},{"issue":"2","key":"140_CR26","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1023\/A:1009715923555","volume":"2","author":"C.J.C. Burges","year":"1998","unstructured":"Burges C.J.C.: A tutorial on support vector machines for pattern recognition. Data Mining Knowl. Discov. 2(2), 121\u2013167 (1998)","journal-title":"Data Mining Knowl. Discov."},{"key":"140_CR27","volume-title":"Advances in Kernel Methods\u2014Support Vector Learning","author":"T. Joachims","year":"1999","unstructured":"Joachims T.: Making large-scale SVM learning practical. In: Sch\u00f6lkopf, B., Burges, C., Smola, A. (eds) Advances in Kernel Methods\u2014Support Vector Learning, MIT-Press, Cambridge (1999)"},{"issue":"1","key":"140_CR28","first-page":"49","volume":"2","author":"P.C. Mahalanobis","year":"1936","unstructured":"Mahalanobis P.C.: On the generalised distance in statistics. Proc. Natl. Inst. Sci. India 2(1), 49\u201355 (1936)","journal-title":"Proc. Natl. Inst. Sci. India"},{"key":"140_CR29","doi-asserted-by":"crossref","unstructured":"Haagman, D., Ghavalas, B.: Trojan defence: a forensic view. Digital Investigation, vol. 2, Issue 1, pp. 23\u201330 (2005)","DOI":"10.1016\/j.diin.2005.01.010"},{"issue":"4","key":"140_CR30","doi-asserted-by":"crossref","first-page":"659","DOI":"10.3233\/JCS-2005-13403","volume":"13","author":"S.J. Stolfo","year":"2005","unstructured":"Stolfo S.J., Apap F., Eskin E., Heller K., Hershkop S., Honig A., Svore K.: A Comparative evaluation of two algorithms for windows registry anomaly detection. J. Comput. Secur. 13(4), 659\u2013693 (2005)","journal-title":"J. Comput. Secur."}],"container-title":["Journal in Computer Virology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-010-0140-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-010-0140-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-010-0140-6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T14:45:43Z","timestamp":1559400343000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-010-0140-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,1,27]]},"references-count":30,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2011,5]]}},"alternative-id":["140"],"URL":"https:\/\/doi.org\/10.1007\/s11416-010-0140-6","relation":{},"ISSN":["1772-9890","1772-9904"],"issn-type":[{"value":"1772-9890","type":"print"},{"value":"1772-9904","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010,1,27]]}}}