{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,13]],"date-time":"2026-05-13T17:33:52Z","timestamp":1778693632665,"version":"3.51.4"},"reference-count":46,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2011,2,3]],"date-time":"2011-02-03T00:00:00Z","timestamp":1296691200000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Comput Virol"],"published-print":{"date-parts":[[2011,11]]},"DOI":"10.1007\/s11416-011-0151-y","type":"journal-article","created":{"date-parts":[[2011,2,2]],"date-time":"2011-02-02T14:49:56Z","timestamp":1296658196000},"page":"233-245","source":"Crossref","is-referenced-by-count":149,"title":["Malware classification based on call graph clustering"],"prefix":"10.1007","volume":"7","author":[{"given":"Joris","family":"Kinable","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Orestis","family":"Kostakis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2011,2,3]]},"reference":[{"key":"151_CR1","unstructured":"Arthur, D., Vassilvitskii, S.: k-means++: the advantages of careful seeding. In: SODA \u201907: Proceedings of the Eighteenth Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 1027\u20131035. Society for Industrial and Applied Mathematics (2007)"},{"key":"151_CR2","doi-asserted-by":"crossref","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Proceedings of the 10th international conference on Recent advances in intrusion detection, pp. 178\u2013197. Springer, Berlin (2007)","DOI":"10.1007\/978-3-540-74320-0_10"},{"key":"151_CR3","unstructured":"Bayer, U.: Large-scale dynamic malware analysis. Ph.D. dissertation, Technischen Universit\u00e4t Wien, December 2009"},{"key":"151_CR4","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, Behavior-Based Malware Clustering. In: 16th Annual Network and Distributed System Security (2009)"},{"key":"151_CR5","doi-asserted-by":"crossref","unstructured":"Bayer, U., Kirda, E., Kruegel, C.: Improving the efficiency of dynamic malware analysis. In: Proceedings of the 2010 ACM Symposium on Applied Computing, ser. SAC \u201910, pp. 1871\u20131878. ACM, New York (2010). doi: 10.1145\/1774088.1774484","DOI":"10.1145\/1774088.1774484"},{"issue":"2","key":"151_CR6","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1504\/IJESDF.2007.016865","volume":"1","author":"D. Bilar","year":"2007","unstructured":"Bilar D.: Opcodes as predictor for malware. Int. J. Electron. Security Digital Forensics 1(2), 156\u2013168 (2007)","journal-title":"Int. J. Electron. Security Digital Forensics"},{"key":"151_CR7","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1007\/s11416-008-0084-2","volume":"4","author":"J.-M. Borello","year":"2008","unstructured":"Borello J.-M., M\u00e9 L.: Code obfuscation techniques for metamorphic viruses. J. Comput. Virol. 4, 211\u2013220 (2008). doi: 10.1007\/s11416-008-0084-2","journal-title":"J. Comput. Virol."},{"key":"151_CR8","doi-asserted-by":"crossref","unstructured":"Bradde, S., Braunstein, A., Mahmoudi, H., Tria, F., Weigt, M., Zecchina, R.: Aligning graphs and finding substructures by message passing, May 2009, Retrieved on March 2010. http:\/\/arxiv.org\/abs\/0905.1893","DOI":"10.1209\/0295-5075\/89\/37009"},{"key":"151_CR9","unstructured":"Briones, I., Gomez, A.: Graphs, entropy and grid computing: Automatic comparison of malware. In: Proceedings of the 2008 Virus Bulletin Conference, 2008, Retrieved on May 2010. http:\/\/www.virusbtn.com\/conference\/vb2008"},{"issue":"2","key":"151_CR10","doi-asserted-by":"crossref","first-page":"46","DOI":"10.1109\/MSP.2007.31","volume":"5","author":"D. Bruschi","year":"2007","unstructured":"Bruschi D., Martignoni L., Monga M.: Code normalization for self-mutating malware. IEEE Security Privacy 5(2), 46\u201354 (2007)","journal-title":"IEEE Security Privacy"},{"key":"151_CR11","unstructured":"Carrera, E., Erd\u00e9lyi, G.: Digital genome mapping-advanced binary malware analysis. In: Virus Bulletin Conference, 2004, Retrieved on May 2010. http:\/\/www.virusbtn.com\/conference\/vb2004"},{"key":"151_CR12","unstructured":"Dasgupta, S.: The hardness of k-means clustering, Tech. Rep. CS2008-0916 (2008)"},{"key":"151_CR13","first-page":"517","volume-title":"Pattern Classification, ch. 10","author":"R.O. Duda","year":"2000","unstructured":"Duda R.O., Hart P.E., Stork D.G.: Pattern Classification, ch. 10, 2nd edn, pp. 517\u2013598. Wiley, London (2000)","edition":"2"},{"key":"151_CR14","unstructured":"Dullien, T.: Structural comparison of executable objects. In: Proceedings of the IEEE Conference on Detection of Intrusions, Malware and Vulnerability Assessment (DIMVA), pp. 161\u2013173 (2004)"},{"key":"151_CR15","unstructured":"Dullien, T., Rolles, R.: Graph-based comparison of executable objects. In: Symposium sur la S\u00e9curit\u00e9 des Technologies de l\u2019Information et des Communications (SSTIC), 2005, Retrieved on May 2010. http:\/\/actes.sstic.org\/SSTIC05\/Analyse_differentielle_de_binaires\/"},{"key":"151_CR16","unstructured":"Erd\u00e9lyi, G.: Senior Manager, Anti-malware Research F-Secure Corporation, personal communication (2010)"},{"key":"151_CR17","unstructured":"Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of 2nd International Conference of Knowledge Discovery and Data Mining, pp. 226\u2013231. AAAI Press (1996)"},{"key":"151_CR18","unstructured":"Funabiki, N., Kitamichi, J.: A two-stage discrete optimization method for largest common subgraph problems. In: IEICE Transactions on Information and Systems, 82(8), 1145\u20131153, 19990825. http:\/\/ci.nii.ac.jp\/naid\/110003210164\/en\/"},{"issue":"10","key":"151_CR19","doi-asserted-by":"crossref","first-page":"3179","DOI":"10.1016\/j.patcog.2008.03.025","volume":"41","author":"X. Gao","year":"2008","unstructured":"Gao X., Xiao B., Tao D., Li X.: Image categorization: Graph edit distance+edge direction histogram. Pattern Recognit. 41(10), 3179\u20133191 (2008)","journal-title":"Pattern Recognit."},{"key":"151_CR20","unstructured":"Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman, San Francisco, January 1979"},{"key":"151_CR21","unstructured":"Hex-rays. The IDA Pro disassembler and debugger. http:\/\/www.hex-rays.com\/idapro\/ . Retrieved on 12-2-2010"},{"key":"151_CR22","unstructured":"Hex-rays. Fast library identification and recognition technology. http:\/\/www.hex-rays.com\/idapro\/flirt.htm , 2010, Retrieved on 12-2-2010"},{"key":"151_CR23","doi-asserted-by":"crossref","unstructured":"Hu, X., Chiueh, T., Shin, K.G.: Large-scale malware indexing using function-call graphs. In: Al-Shaer, E., Jha, S., Keromytis, A.D. (eds) ACM Conference on Computer and Communications Security, pp. 611\u2013620. ACM (2009)","DOI":"10.1145\/1653662.1653736"},{"key":"151_CR24","unstructured":"Justice, A., Hero, D.: A binary linear programming formulation of the graph edit distance. In: IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 28, pp. 1200\u20131214 (2006). http:\/\/people.ee.duke.edu\/~lcarin\/JusticeHero.pdf"},{"key":"151_CR25","unstructured":"Kaufman, L., Rousseeuw, P.J.: Finding Groups in Data: An Introduction to Cluster Analysis (Wiley Series in Probability and Statistics), pp. 68\u2013125. Wiley, London (2005)"},{"key":"151_CR26","unstructured":"Kinable, J.: Malware Detection Through Call Graphs. Master\u2019s thesis, Department of Information and Computer Science, Aalto University, Finland (2010)"},{"key":"151_CR27","doi-asserted-by":"crossref","unstructured":"Kostakis, O., Kinable, J., Mahmoudi, H., Mustonen, K.: Improved Call Graph Comparison Using Simulated Annealing. In: Proceedings of the 2011 ACM Symposium on Applied Computing (SAC 2011), March 2011 (to appear)","DOI":"10.1145\/1982185.1982509"},{"key":"151_CR28","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511809071","volume-title":"Introduction to Information Retrieval, ch. 16","author":"C.D. Manning","year":"2008","unstructured":"Manning C.D., Raghavan P., Sch\u00fctze H.: Introduction to Information Retrieval, ch. 16, 1st edn. Cambridge University Press, Cambridge (2008)","edition":"1"},{"key":"151_CR29","unstructured":"Microsoft. Microsoft portable executable and common object file format specification, 2008. Retrieved on 12-2-2010. http:\/\/www.microsoft.com\/whdc\/system\/platform\/firmware\/PECOFFdwn.mspx"},{"key":"151_CR30","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Computer Security Applications Conference, 2007, pp. 421\u2013430. doi: 10.1109\/ACSAC.2007.21","DOI":"10.1109\/ACSAC.2007.21"},{"key":"151_CR31","doi-asserted-by":"crossref","unstructured":"Neuhaus, M., Riesen, K., Bunke, H.: Fast suboptimal algorithms for the computation of graph edit distance. In: Structural, Syntactic, and Statistical Pattern Recognition. LNCS, vol. 4109\/2006, pp. 163\u2013170. Springer, Berlin (2006)","DOI":"10.1007\/11815921_17"},{"key":"151_CR32","unstructured":"Pietrek, M.: An in-depth look into the win32 portable executable file format, 2002, Retrieved on 12-2-2010. http:\/\/msdn.microsoft.com\/nl-nl\/magazine\/cc301805%28en-us%29.aspx"},{"key":"151_CR33","first-page":"2002","volume":"16","author":"J.W. Raymond","year":"2002","unstructured":"Raymond J.W., Willett P.: Maximum common subgraph isomorphism algorithms for the matching of chemical structures. J. Comput. Aided Molecular Design 16, 2002 (2002)","journal-title":"J. Comput. Aided Molecular Design"},{"key":"151_CR34","doi-asserted-by":"crossref","unstructured":"Riesen, K., Bunke, H.: Approximate graph edit distance computation by means of bipartite graph matching. Image Vis. Comput. 27(7), 950\u2013959, (2009). 7th IAPR-TC15 Workshop on Graph-based Representations (GbR 2007)","DOI":"10.1016\/j.imavis.2008.04.004"},{"key":"151_CR35","doi-asserted-by":"crossref","unstructured":"Riesen, K., Neuhaus, M., Bunke, H.: Bipartite graph matching for computing the edit distance of graphs. In: Graph-Based Representations in Pattern Recognition, 2007, pp. 1\u201312. doi: 10.1007\/978-3-540-72903-7_1","DOI":"10.1007\/978-3-540-72903-7_1"},{"issue":"1","key":"151_CR36","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1016\/0377-0427(87)90125-7","volume":"20","author":"P. Rousseeuw","year":"1987","unstructured":"Rousseeuw P.: Silhouettes: a graphical aid to the interpretation and validation of cluster analysis. J. Comput. Appl. Math. 20(1), 53\u201365 (1987)","journal-title":"J. Comput. Appl. Math."},{"issue":"3","key":"151_CR37","doi-asserted-by":"crossref","first-page":"216","DOI":"10.1109\/TSE.1979.234183","volume":"SE-5","author":"B. Ryder","year":"1979","unstructured":"Ryder B.: Constructing the call graph of a program. IEEE Trans. Softw. Eng. SE-5(3), 216\u2013226 (1979)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"151_CR38","unstructured":"Symantec Corporation. Symantec Global Internet Security Threat Report Volume\u2014Trends for 2009\u2014Volume XV, April 2010, Retrieved on March 2010. http:\/\/www.symantec.com"},{"key":"151_CR39","volume-title":"The Art of Computer Virus Research and Defense, ch. 6","author":"P. Szor","year":"2005","unstructured":"Szor P.: The Art of Computer Virus Research and Defense, ch. 6. Addison-Wesley, Reading (2005)"},{"key":"151_CR40","first-page":"487","volume-title":"Introduction to Data Mining, ch. 8","author":"P.-N. Tan","year":"2005","unstructured":"Tan P.-N., Steinbach M., Kumar V.: Introduction to Data Mining, ch. 8, pp. 487\u2013568. Addison Wesley, Reading (2005)"},{"key":"151_CR41","doi-asserted-by":"crossref","first-page":"1189","DOI":"10.1002\/anie.199411891","volume":"33","author":"M. Wagener","year":"1994","unstructured":"Wagener M., Gasteiger J.: The determination of maximum common substructures by a genetic algorithm: Application in synthesis design and for the structural analysis of biological activity. Angewandte Chem. Int. Ed. 33, 1189\u20131192 (1994)","journal-title":"Angewandte Chem. Int. Ed."},{"key":"151_CR42","unstructured":"Walenstein, A., Venable, M., Hayes, M., Thompson, C., Lakhotia, A.: Exploiting similarity between variants to defeat malware: vilo method for comparing and searching binary programs. In: Proceedings of BlackHat DC 2007 (2007)"},{"issue":"2","key":"151_CR43","doi-asserted-by":"crossref","first-page":"310","DOI":"10.1109\/TCBB.2007.358301","volume":"4","author":"N. Weskamp","year":"2007","unstructured":"Weskamp N., Hullermeier E., Kuhn D., Klebe G.: Multiple graph alignment for the structural analysis of protein active sites. IEEE\/ACM Trans. Comput. Biol. Bioinform. 4(2), 310\u2013320 (2007)","journal-title":"IEEE\/ACM Trans. Comput. Biol. Bioinform."},{"key":"151_CR44","volume-title":"Introduction to Graph Theory","author":"D.B. West","year":"2000","unstructured":"West D.B.: Introduction to Graph Theory, 2nd edn. Prentice-Hall, Englewood cliffs (2000)","edition":"2"},{"key":"151_CR45","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using cwsandbox. IEEE Security Privacy 5, 32\u201339 (2007). http:\/\/portal.acm.org\/citation.cfm?id=1262542.1262675"},{"issue":"1","key":"151_CR46","first-page":"25","volume":"2","author":"Z. Zeng","year":"2009","unstructured":"Zeng Z., Tung A.K.H., Wang J., Feng J., Zhou L.: Comparing stars: on approximating graph edit distance. PVLDB 2(1), 25\u201336 (2009)","journal-title":"PVLDB"}],"container-title":["Journal in Computer Virology"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-011-0151-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-011-0151-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-011-0151-y","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,8]],"date-time":"2019-06-08T08:58:06Z","timestamp":1559984286000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-011-0151-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,2,3]]},"references-count":46,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2011,11]]}},"alternative-id":["151"],"URL":"https:\/\/doi.org\/10.1007\/s11416-011-0151-y","relation":{},"ISSN":["1772-9890","1772-9904"],"issn-type":[{"value":"1772-9890","type":"print"},{"value":"1772-9904","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,2,3]]}}}