{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,6]],"date-time":"2026-06-06T16:33:52Z","timestamp":1780763632767,"version":"3.54.1"},"reference-count":83,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2013,3,5]],"date-time":"2013-03-05T00:00:00Z","timestamp":1362441600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"published-print":{"date-parts":[[2013,8]]},"DOI":"10.1007\/s11416-013-0183-6","type":"journal-article","created":{"date-parts":[[2013,12,10]],"date-time":"2013-12-10T16:38:59Z","timestamp":1386693539000},"page":"137-157","source":"Crossref","is-referenced-by-count":13,"title":["Detecting machine-morphed malware variants via engine attribution"],"prefix":"10.1007","volume":"9","author":[{"given":"Radhouane","family":"Chouchane","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Natalia","family":"Stakhanova","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Andrew","family":"Walenstein","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Arun","family":"Lakhotia","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2013,3,5]]},"reference":[{"key":"183_CR1","doi-asserted-by":"crossref","unstructured":"Abou-Assaleh, T., Cercone, N., Ke\u0161elj, V., Sweidan, R.: N-gram-based detection of new malicious code. In: 28th Annual IEEE International Computer Software and Applications Conference, pp. 41\u201342 (2004)","DOI":"10.1109\/CMPSAC.2004.1342667"},{"issue":"2","key":"183_CR2","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1145\/1461928.1461959","volume":"52","author":"S Argamon","year":"2009","unstructured":"Argamon, S., Koppel, M., Pennebaker, J.W., Schler, J.: Automatically profiling the author of an anonymous text. Commun. ACM 52(2), 119\u2013123 (2009)","journal-title":"Commun. ACM"},{"key":"183_CR3","doi-asserted-by":"crossref","unstructured":"Babi\u0107, D., Reynaud, D., Song, D.: Malware analysis with tree automata inference. In: Proceedings of the 23rd International Conference on Computer Aided Verification (CAV), pp. 116\u2013131. Snowbird, UT (2011)","DOI":"10.1007\/978-3-642-22110-1_10"},{"issue":"2","key":"183_CR4","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1504\/IJESDF.2007.016865","volume":"1","author":"D Bilar","year":"2007","unstructured":"Bilar, D.: Opcodes as predictor for malware. Int. J. Electron. Secur. Digit. Forensics 1(2), 156\u2013168 (2007)","journal-title":"Int. J. Electron. Secur. Digit. Forensics"},{"issue":"3","key":"183_CR5","doi-asserted-by":"crossref","first-page":"263","DOI":"10.1007\/s11416-008-0102-4","volume":"5","author":"G Bonfante","year":"2009","unstructured":"Bonfante, G., Kaczmarek, M., Marion, J.Y.: Architecture of a morphological malware detector. J. Comput. Virol. 5(3), 263\u2013270 (2009)","journal-title":"J. Comput. Virol."},{"key":"183_CR6","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1007\/s11416-008-0084-2","volume":"4","author":"JM Borello","year":"2008","unstructured":"Borello, J.M., Me, L.: Code obfuscation techniques for metamorphic viruses. J. Comput. Virol. 4, 211\u2013220 (2008)","journal-title":"J. Comput. Virol."},{"key":"183_CR7","doi-asserted-by":"crossref","unstructured":"Bruschi, D., Martignoni, L., Monga, M.: Using code normalization for fighting self-mutating malware. In: Proceedings of International Symposium on Secure Software Engineering. IEEE (2006)","DOI":"10.1109\/MSP.2007.31"},{"key":"183_CR8","doi-asserted-by":"crossref","unstructured":"Chouchane, M.R., Lakhotia, A.: Using engine signature to detect metamorphic malware. In: 4th Workshop on Recurring Malcode (WORM) (2006)","DOI":"10.1145\/1179542.1179558"},{"key":"183_CR9","doi-asserted-by":"crossref","unstructured":"Chouchane, M.R., Walenstein, A., Lakhotia, A.: Statistical signatures for fast filtering of instruction-substituting metamorphic malware. In: 5th Workshop on Recurring Malcode (WORM) (2007)","DOI":"10.1145\/1314389.1314397"},{"key":"183_CR10","doi-asserted-by":"crossref","unstructured":"Chouchane, M.R., Walenstein, A., Lakhotia, A.: Using Markov chains to filter machine-morphed variants of malicious programs. In: Proceedings of the 3rd International Conference on Malicious and Unwanted Software (Malware\u201908) (2008)","DOI":"10.1109\/MALWARE.2008.4690861"},{"key":"183_CR11","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proceedings of the 2005 IEEE Symposium on Security and Privacy S &P, pp. 32\u201346 (2005)","DOI":"10.1109\/SP.2005.20"},{"key":"183_CR12","unstructured":"Christodorescu, M., Kinder, J., Jha, S., Katzenbeisser, S., Veith, H.: Malware normalization. Department of Computer Science, The University of Wisconsin, Technical Report (2005)"},{"key":"183_CR13","unstructured":"Detristan, T., Ulenspiegel, T., Malcom, Y., Underduk, M.S.V.: Polymorphic shellcode engine using spectrum analysis. Phrack 61 (2003)"},{"key":"183_CR14","doi-asserted-by":"crossref","unstructured":"Egele, M., Wurzinger, P., Kruegel, C., Kirda, E.: Defending browsers against drive-by downloads: mitigating heap-spraying code injection attacks. In: Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA \u201909, pp. 88\u2013106. Springer, Berlin (2009)","DOI":"10.1007\/978-3-642-02918-9_6"},{"key":"183_CR15","unstructured":"Fogla, P., Sharif, M., Perdisci, R., Kolesnikov, O., Lee, W.: Polymorphic blending attacks. In: Proceedings of the 15 th USENIX Security, Symposium, pp. 241\u2013256 (2006)"},{"key":"183_CR16","doi-asserted-by":"crossref","unstructured":"Frantzeskou, G., Gritzalis, S., Macdonell, S.G.: Source code authorship analysis for supporting the cybercrime investigation process. In: Proceedings of 1st International Conference on e-Business and Telecommunications, Networks (ICETE04), vol. 2, pp. 85\u201392 (2004)","DOI":"10.5220\/0001390300850092"},{"key":"183_CR17","volume-title":"Computers and Intractability: A Guide to the Theory of NP-Completeness","author":"MR Garey","year":"1979","unstructured":"Garey, M.R., Johnson, D.S.: Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman & Co., San Francisco (1979)"},{"key":"183_CR18","doi-asserted-by":"crossref","unstructured":"Gavrilova, M.L., Yampolskiy, R.V.: Applying biometric principles to avatar recognition. In: Proceedings of the 2010 International Conference on Cyberworlds, CW \u201910, pp. 179\u2013186. IEEE Computer Society, Washington, DC, USA (2010)","DOI":"10.1109\/CW.2010.36"},{"key":"183_CR19","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1007\/978-3-642-04342-0_6","volume-title":"Recent Advances in Intrusion Detection. Lecture Notes in Computer Science","author":"K Griffin","year":"2009","unstructured":"Griffin, K., Schneider, S., Hu, X., cker Chiueh, T.: Automatic generation of string signatures for malware detection. In: Kirda, E., Jha, S., Balzarotti, D. (eds.) Recent Advances in Intrusion Detection. Lecture Notes in Computer Science, pp. 101\u2013120. Springer, Berlin (2009)"},{"key":"183_CR20","doi-asserted-by":"crossref","unstructured":"Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explor. 11 (2009)","DOI":"10.1145\/1656274.1656278"},{"key":"183_CR21","doi-asserted-by":"crossref","unstructured":"Han, E.H., Karypis, G.: Centroid-based document classification: analysis and experimental results. In: Proceedings of the 4th European Conference on Principles of Data Mining and Knowledge Discovery, PKDD \u201900, pp. 424\u2013431. Springer, London, UK (2000)","DOI":"10.1007\/3-540-45372-5_46"},{"key":"183_CR22","doi-asserted-by":"crossref","unstructured":"Hayes, J.H., Offutt, J.: Recognizing authors: an examination of the consistent programmer hypothesis. Softw. Test. Verif. Reliab. (2009)","DOI":"10.1002\/stvr.412"},{"key":"183_CR23","doi-asserted-by":"crossref","unstructured":"Holmes, D.: Authorship attribution. Comput. Humanit. 28, 87\u2013106 (1994). doi: 10.1007\/BF01830689","DOI":"10.1007\/BF01830689"},{"key":"183_CR24","doi-asserted-by":"crossref","unstructured":"Holzer, A., Kinder, J., Veith, H.: Using verification technology to specify and detect malware. In: 11th International Conference on Computer Aided Systems Theory (2007)","DOI":"10.1007\/978-3-540-75867-9_63"},{"issue":"3","key":"183_CR25","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1007\/s11416-008-0086-0","volume":"4","author":"G Jacob","year":"2008","unstructured":"Jacob, G., Debar, H., Filiol, E.: Behavioral detection of malware: from a survey towards an established taxonomy. J. Comput. Virol. 4(3), 251\u2013266 (2008)","journal-title":"J. Comput. Virol."},{"key":"183_CR26","unstructured":"K2: Admmutate. http:\/\/www.pestpatrol.com\/zks\/pestinfo\/a\/admmutate.asp (2005)"},{"issue":"1\u20132","key":"183_CR27","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1007\/s11416-005-0002-9","volume":"1","author":"ME Karim","year":"2005","unstructured":"Karim, M.E., Walenstein, A., Lakhotia, A., Parida, L.: Malware phylogeny generation using permutations of code. Eur. Res. J. Comput. Virol. 1(1\u20132), 13\u201323 (2005)","journal-title":"Eur. Res. J. Comput. Virol."},{"key":"183_CR28","volume-title":"Metasploit: The Penetration Tester\u2019s Guide","author":"D Kennedy","year":"2011","unstructured":"Kennedy, D., O\u2019Gorman, J., Kearns, D., Aharoni, M.: Metasploit: The Penetration Tester\u2019s Guide. No Starch Press, USA (2011)"},{"key":"183_CR29","unstructured":"Kephart, J.O., Arnold, W.C.: Automatic extraction of computer virus signatures. Virus Bull (1994)"},{"key":"183_CR30","unstructured":"Ke\u0161elj, V., Peng, F., Cercone, N., Thomas, C.: N-gram-based author profiles for authorship attribution. In: 6th Conference of the Pacific Association for, Computational Linguistics, pp. 256\u2013264 (2003)"},{"key":"183_CR31","first-page":"2721","volume":"7","author":"JZ Kolter","year":"2006","unstructured":"Kolter, J.Z., Maloof, M.A.: Learning to detect and classify malicious executables in the wild. J. Mach. Learn. Res. 7, 2721\u20132744 (2006)","journal-title":"J. Mach. Learn. Res."},{"key":"183_CR32","first-page":"1261","volume":"8","author":"M Koppel","year":"2007","unstructured":"Koppel, M., Schler, J., Bonchek-Dokow, E.: Measuring differentiability: unmasking pseudonymous authors. J. Mach. Learn. Res. 8, 1261\u20131276 (2007)","journal-title":"J. Mach. Learn. Res."},{"key":"183_CR33","doi-asserted-by":"crossref","unstructured":"Krsul, I., Spafford, E.H.: Authorship analysis: identifying the author of a program. Comput. Secur. (1996)","DOI":"10.1016\/S0167-4048(97)00005-9"},{"key":"183_CR34","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Proceedings of the 8th Symposium on Recent Advances in Intrusion Detection (RAID\u20192005). Lecture Notes in Computer Science. Springer, Berlin (2005)","DOI":"10.1007\/11663812_11"},{"key":"183_CR35","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Kirda, E., Mutz, D., Robertson, W., Vigna, G.: Polymorphic worm detection using structural information of executables. In: Proceedings of the 8th International Conference on Recent Advances in Intrusion Detection, RAID\u201905, pp. 207\u2013226. Springer, Berlin (2006)","DOI":"10.1007\/11663812_11"},{"issue":"11","key":"183_CR36","doi-asserted-by":"crossref","first-page":"955","DOI":"10.1109\/TSE.2005.120","volume":"31","author":"A Lakhotia","year":"2005","unstructured":"Lakhotia, A., Kumar, E.U., Venable, M.: A method for detecting obfuscated calls in malicious binaries. IEEE Trans. Softw. Eng. 31(11), 955\u2013968 (2005)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"183_CR37","doi-asserted-by":"crossref","unstructured":"Lakhotia, A., Mohammed, M.: Imposing order on program statements to assist anti-virus scanners. In: Proceedings of the 11th Working Conference on Reverse, Engineering (2004)","DOI":"10.1109\/WCRE.2004.24"},{"key":"183_CR38","unstructured":"Lakhotia, A., Singh, P.K.: Challenges in getting \u2019formal\u2019 with viruses. Virus Bull. (2003)"},{"key":"183_CR39","doi-asserted-by":"crossref","unstructured":"Layton, R., Watters, P., Dazeley, R.: Unsupervised authorship analysis of phishing webpages. In: 2012 International Symposium on Communications and Information Technologies (ISCIT), pp. 1104\u20131109 (2012)","DOI":"10.1109\/ISCIT.2012.6380857"},{"key":"183_CR40","doi-asserted-by":"crossref","unstructured":"Leder, F., Steinbock, B., Martini, P.: Classification and detection of metamorphic malware using value set analysis. In: 2009 4th International Conference on Malicious and Unwanted Software MALWARE, pp. 39\u201346. IEEE (2009)","DOI":"10.1109\/MALWARE.2009.5403019"},{"key":"183_CR41","unstructured":"Li, W.J., Wang, K., Stolfo, S.J., Herzog, B.: Fileprints: identifying file types by n-gram analysis. In: Information Assurance Workshop (2005)"},{"key":"183_CR42","doi-asserted-by":"crossref","unstructured":"Li, Z., Sanghi, M., Chen, Y., Kao, M.Y., Chavez, B.: Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. In: 2006 IEEE Symposium on Security and Privacy, pp. 15\u201347 (2006)","DOI":"10.1109\/SP.2006.18"},{"issue":"3","key":"183_CR43","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1007\/s11416-010-0148-y","volume":"7","author":"D Lin","year":"2011","unstructured":"Lin, D., Stamp, M.: Hunting for undetectable metamorphic viruses. J. Comput. Virol. 7(3), 201\u2013214 (2011)","journal-title":"J. Comput. Virol."},{"key":"183_CR44","doi-asserted-by":"crossref","first-page":"541","DOI":"10.1016\/0167-4048(95)00012-W","volume":"14","author":"RW Lo","year":"1995","unstructured":"Lo, R.W., Levitt, K.N., Olsson, R.A.: Mcf: A malicious code filter. Comput. Secur. 14, 541\u2013566 (1995)","journal-title":"Comput. Secur."},{"issue":"2","key":"183_CR45","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MSP.2007.48","volume":"5","author":"R Lyda","year":"2007","unstructured":"Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Secur. Priv. 5(2), 40\u201345 (2007)","journal-title":"IEEE Secur. Priv."},{"key":"183_CR46","doi-asserted-by":"crossref","unstructured":"Mathur, R., Maida, A., Palmer, C.E.: Normalizing metamorphic malware using term rewriting. In: Proceedings of the 6th IEEE International Workshop on Source Code Analysis and Manipulation (SCAM \u201906), pp. 75\u201384. Hill (2006)","DOI":"10.1109\/SCAM.2006.20"},{"issue":"4","key":"183_CR47","doi-asserted-by":"crossref","first-page":"1483","DOI":"10.1016\/j.csda.2008.10.015","volume":"53","author":"E Menahem","year":"2009","unstructured":"Menahem, E., Shabtai, A., Rokach, L., Elovici, Y.: Improving malware detection by applying multi-inducer ensemble. Comput. Stat. Data Anal. 53(4), 1483\u20131494 (2009)","journal-title":"Comput. Stat. Data Anal."},{"key":"183_CR48","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4471-3267-7","volume-title":"Markov Chains and Stochastic Stability","author":"S Meyn","year":"1993","unstructured":"Meyn, S., Tweedie, R.: Markov Chains and Stochastic Stability. Springer, London (1993)"},{"key":"183_CR49","volume-title":"Machine Learning","author":"TM Mitchell","year":"1997","unstructured":"Mitchell, T.M.: Machine Learning. McGraw-Hill, USA (1997)"},{"key":"183_CR50","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: 23rd Annual Computer Security Applications Conference (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"key":"183_CR51","unstructured":"NGVCK: Ngvck download page. VXheavens-Virus eXchange Website. http:\/\/vx.netlux.org\/vx.php?id=tn02"},{"key":"183_CR52","doi-asserted-by":"crossref","unstructured":"Paleari, R., Martignoni, L., Fresi, G., Bruschi, R.D.: A fistful of red-pills: how to automatically generate procedures to detect cpu emulators. In: Proceedings of the USENIX Workshop on Offensive Technologies (WOOT) (2009)","DOI":"10.1145\/1572272.1572303"},{"key":"183_CR53","doi-asserted-by":"crossref","unstructured":"Payer, U., Teufl, P., Lamberger, M.: Hybrid engine for polymorphic shellcode detection. In: Proceedings of the Second International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, DIMVA\u201905, pp. 19\u201331. Springer, Berlin (2005)","DOI":"10.1007\/11506881_2"},{"key":"183_CR54","doi-asserted-by":"crossref","unstructured":"Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Network-level polymorphic shellcode detection using emulation. In: Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA), pp. 54\u201373 (2006)","DOI":"10.1007\/11790754_4"},{"key":"183_CR55","doi-asserted-by":"crossref","unstructured":"Polychronakis, M., Anagnostakis, K.G., Markatos, E.P.: Comprehensive shellcode detection using runtime heuristics. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC \u201910, pp. 287\u2013296. ACM, New York, NY, USA (2010)","DOI":"10.1145\/1920261.1920305"},{"key":"183_CR56","doi-asserted-by":"crossref","unstructured":"Preda, M.D., Christodorescu, M., Jha, S., Debray, S.: A semantics-based approach to malware detection. ACM Trans. Program. Lang. Syst. 30(5) (2008)","DOI":"10.1145\/1387673.1387674"},{"key":"183_CR57","doi-asserted-by":"crossref","unstructured":"Raffetseder, T., Kruegel, C., Kirda, E.: Detecting System Emulators. In: 10th Information Security Conference (ISC) (2007)","DOI":"10.1007\/978-3-540-75496-1_1"},{"key":"183_CR58","first-page":"313","volume-title":"The smart retrieval system: experiments in automatic document processing","author":"JJ Rocchio","year":"1971","unstructured":"Rocchio, J.J.: Relevance feedback in information retrieval. In: Salton, G. (ed.) The smart retrieval system: experiments in automatic document processing, pp. 313\u2013323. Prentice-Hall, Englewood Cliffs (1971)"},{"key":"183_CR59","unstructured":"Rosenblum, N., Zhu, X., Miller, B.P.: Who wrote this code? Identifying the authors of program binaries. In: Proceedings of the 16th European Conference on Research in Computer Security, ESORICS\u201911, pp. 172\u2013189. Springer, Berlin (2011). http:\/\/dl.acm.org\/citation.cfm?id=2041225.2041239"},{"key":"183_CR60","doi-asserted-by":"crossref","first-page":"88","DOI":"10.1007\/978-3-540-70542-0_5","volume":"5137","author":"Z Shafiq","year":"2008","unstructured":"Shafiq, Z., Khayam, S.A., Farooq, M.: Embedded malware detection using Markov n-grams. Lect. Notes Comput. Sci. 5137, 88\u2013107 (2008)","journal-title":"Lect. Notes Comput. Sci."},{"key":"183_CR61","unstructured":"Shaner, R.A.: Patent 5991714: method of identifying data type and locating in a file (1999)"},{"key":"183_CR62","doi-asserted-by":"crossref","unstructured":"Singh, P., Lakhotia, A.: Static verification of worm and virus behaviour in binary executables using model checking. In: Proceedings of the 4th IEEE Information Assurance Workshop, pp. 298\u2013300. IEEE Computer Society, Los Alamitos, CA, USA (2003)","DOI":"10.1109\/SMCSIA.2003.1232440"},{"key":"183_CR63","unstructured":"Sipser, M.: Introduction to the theory of computation. PWS (1997)"},{"key":"183_CR64","doi-asserted-by":"crossref","first-page":"179","DOI":"10.1007\/s10994-009-5143-5","volume":"81","author":"Y Song","year":"2010","unstructured":"Song, Y., Locasto, M.E., Stavrou, A., Keromytis, A.D., Stolfo, S.J.: On the infeasibility of modeling polymorphic shellcode. Mach. Learn. 81, 179\u2013205 (2010)","journal-title":"Mach. Learn."},{"key":"183_CR65","doi-asserted-by":"crossref","unstructured":"Stamatatos, E.: A survey of modern authorship attribution methods. J. Am. Soc. Inf. Sci. Technol., pp. 538\u2013556 (2009)","DOI":"10.1002\/asi.21001"},{"issue":"1","key":"183_CR66","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1007\/s10579-010-9115-y","volume":"45","author":"B Stein","year":"2011","unstructured":"Stein, B., Lipka, N., Prettenhofer, P.: Intrinsic plagiarism analysis. Lang. Resour. Eval. 45(1), 63\u201382 (2011)","journal-title":"Lang. Resour. Eval."},{"key":"183_CR67","unstructured":"Symantec: Global Internet Security Threat Report (2009)"},{"key":"183_CR68","volume-title":"The Art of Computer Virus Research and Defense","author":"P Sz\u00f6r","year":"2005","unstructured":"Sz\u00f6r, P.: The Art of Computer Virus Research and Defense, 1st edn. Symantec Press, Addison Wesley Professional, Reading (2005)","edition":"1"},{"key":"183_CR69","doi-asserted-by":"crossref","unstructured":"Tabish, M., Shafiq, Z., Farooq, M.: Malware detection using statistical analysis of byte-level file content. In: Proceedings of the ACM SIGKDD Workshop on Cyber Security and Intelligence Informatics, pp. 23\u201331 (2009)","DOI":"10.1145\/1599272.1599278"},{"key":"183_CR70","doi-asserted-by":"crossref","unstructured":"Tang, Y., Chen, S.: Defending against internet worms: a signature-based approach. In: INFOCOM 2005. 24th Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings IEEE, vol. 2, pp. 1384\u20131394 (2005)","DOI":"10.1109\/INFCOM.2005.1498363"},{"issue":"4","key":"183_CR71","doi-asserted-by":"crossref","first-page":"565","DOI":"10.1109\/TC.2010.130","volume":"60","author":"Y Tang","year":"2011","unstructured":"Tang, Y., Xiao, B., Lu, X.: Signature tree generation for polymorphic worms. IEEE Trans. Comput. 60(4), 565\u2013579 (2011)","journal-title":"IEEE Trans. Comput."},{"key":"183_CR72","unstructured":"Team, M.D.: Metasploit Project. http:\/\/www.metasploit.com (2006)"},{"key":"183_CR73","doi-asserted-by":"crossref","unstructured":"Toth, T., Kruegel, C.: Accurate buffer overflow detection via abstract payload execution. In: Proceedings of the Recent Advances in Intrusion Detection, RAID, pp. 274\u2013291 (2002)","DOI":"10.1007\/3-540-36084-0_15"},{"key":"183_CR74","unstructured":"Triumphant, Inc.: The world-wide malware signature counter (2010). http:\/\/www.triumfant.com\/Signature_Counter.asp"},{"key":"183_CR75","unstructured":"VCL: Vcl download page. VXheavens: Virus eXchange Website. http:\/\/vx.netlux.org\/vx.php?id=tv03"},{"key":"183_CR76","unstructured":"VX heavens. http:\/\/vx.netlux.org"},{"key":"183_CR77","doi-asserted-by":"crossref","unstructured":"Walenstein, A., Mathur, R., Chouchane, M.R., Lakhotia, A.: Constructing malware normalizers using term rewriting. J. Comput. Virol. (2008). doi: 10.1007\/s11416-008-0081-5","DOI":"10.1007\/s11416-008-0081-5"},{"key":"183_CR78","unstructured":"Walenstein, A., Venable, M., Hayes, M., Thompson, C., Lakhotia, A.: Exploiting similarity between variants to defeat malware. In: Proceedings of Black Hat Briefings. Black Hat (2007)"},{"key":"183_CR79","doi-asserted-by":"crossref","unstructured":"Wang, X., Chan Jhi, Y., Zhu, S., Liu, P.: Still: Exploit code detection via static taint and initialization analyses. In: Proceedings of the Computer Security Applications Conference, ACSAC, pp. 289\u2013298. IEEE Computer Society (2008)","DOI":"10.1109\/ACSAC.2008.37"},{"key":"183_CR80","unstructured":"Wang, X., Pan, C.C., Liu, P., Zhu, S.: Sigfree: a signature-free buffer overflow attack blocker. In: Proceedings of the 15th Conference on USENIX Security Symposium, vol. 15. USENIX Association, Berkeley, CA, USA (2006)"},{"issue":"3","key":"183_CR81","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1007\/s11416-006-0028-7","volume":"2","author":"W Wong","year":"2006","unstructured":"Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2(3), 211\u2013229 (2006)","journal-title":"J. Comput. Virol."},{"key":"183_CR82","unstructured":"Z0mbie: some ideas about metamorphism. http:\/\/vx.netlux.org\/lib\/vzo20.html"},{"key":"183_CR83","doi-asserted-by":"crossref","unstructured":"Zhou, Y., Inge, M.: Malware detection using adaptive data compression. In: AISec \u201908: Proceedings of the 1st ACM Workshop on Workshop on AISec, pp. 53\u201360 (2008)","DOI":"10.1145\/1456377.1456393"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-013-0183-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-013-0183-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-013-0183-6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,1]],"date-time":"2025-05-01T03:59:41Z","timestamp":1746071981000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-013-0183-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,3,5]]},"references-count":83,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2013,8]]}},"alternative-id":["183"],"URL":"https:\/\/doi.org\/10.1007\/s11416-013-0183-6","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,3,5]]}}}