{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,27]],"date-time":"2026-06-27T12:17:09Z","timestamp":1782562629518,"version":"3.54.5"},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"2","license":[{"start":{"date-parts":[[2015,6,4]],"date-time":"2015-06-04T00:00:00Z","timestamp":1433376000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"published-print":{"date-parts":[[2016,5]]},"DOI":"10.1007\/s11416-015-0244-0","type":"journal-article","created":{"date-parts":[[2015,6,3]],"date-time":"2015-06-03T23:39:25Z","timestamp":1433374765000},"page":"59-67","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":134,"title":["Behavior-based features model for malware detection"],"prefix":"10.1007","volume":"12","author":[{"given":"Hisham Shehata","family":"Galal","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Yousef Bassyouni","family":"Mahdy","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Mohammed Ali","family":"Atiea","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","published-online":{"date-parts":[[2015,6,4]]},"reference":[{"key":"244_CR1","unstructured":"Fossi, M., Egan, G., Haley, K., Johnson, E., Mack, T., Adams, T., Blackbird, J., Low, M.K., Mazurek, D., McKinney, D., et al.: Symantec internet security threat report trends for 2010, vol. 16 (2011)"},{"key":"244_CR2","doi-asserted-by":"crossref","unstructured":"Gennari, J., French, D.: Defining malware families based on analyst insights. In: Technologies for Homeland Security (HST), 2011 IEEE International Conference on IEEE, pp. 396\u2013401 (2011)","DOI":"10.1109\/THS.2011.6107902"},{"key":"244_CR3","doi-asserted-by":"crossref","unstructured":"Mairh, A., Barik, D., Verma, K., Jena, D.: Honeypot in network security: a survey. In: Proceedings of the 2011 International Conference on Communication, Computing & Security ACM, pp. 600\u2013605 (2011)","DOI":"10.1145\/1947940.1948065"},{"issue":"125","key":"244_CR4","first-page":"61","volume":"2004","author":"H Kiemt","year":"2004","unstructured":"Kiemt, H., Thuy, N.T., Quang, T.M.N.: A machine learning approach to anti-virus system (artificial intelligence i). IPSJ SIG Notes. ICS 2004(125), 61\u201365 (2004)","journal-title":"IPSJ SIG Notes. ICS"},{"issue":"2","key":"244_CR5","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1007\/s11416-013-0181-8","volume":"9","author":"M Eskandari","year":"2013","unstructured":"Eskandari, M., Khorshidpour, Z., Hashemi, S.: Hdm-analyser: a hybrid analysis approach based on data mining techniques for malware detection. J. Comput. Virol. Hacking Tech. 9(2), 77\u201393 (2013)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"244_CR6","unstructured":"Kaspersky. Heuristic analysis in anti-virus. http:\/\/support.kaspersky.com\/8641 (2013). Accessed in 1 April 2015"},{"key":"244_CR7","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Limits of static analysis for malware detection. In: Twenty-third annual IEEE Computer security applications conference, 2007. ACSAC 2007, pp. 421\u2013430 (2007)","DOI":"10.1109\/ACSAC.2007.21"},{"issue":"3","key":"244_CR8","doi-asserted-by":"crossref","first-page":"211","DOI":"10.1007\/s11416-006-0028-7","volume":"2","author":"W Wong","year":"2006","unstructured":"Wong, W., Stamp, M.: Hunting for metamorphic engines. J. Comput. Virol. 2(3), 211\u2013229 (2006)","journal-title":"J. Comput. Virol."},{"issue":"2","key":"244_CR9","doi-asserted-by":"crossref","first-page":"6","DOI":"10.1145\/2089125.2089126","volume":"44","author":"M Egele","year":"2012","unstructured":"Egele, M., Scholte, T., Kirda, E., Kruegel, C.: A survey on automated dynamic malware-analysis techniques and tools. ACM Comput. Surv. (CSUR) 44(2), 6 (2012)","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"244_CR10","unstructured":"Sikorski, M., Honig, A.: Practical malware analysis: the hands-on guide to dissecting malicious software. No Starch Press (2012)"},{"issue":"6","key":"244_CR11","doi-asserted-by":"crossref","first-page":"1193","DOI":"10.1109\/TC.2012.65","volume":"62","author":"S Cesare","year":"2013","unstructured":"Cesare, S., Xiang, Y., Zhou, Wanlei: Malwise&# x2014; an effective and efficient classification system for packed and polymorphic malware. IEEE Trans. Comput. 62(6), 1193\u20131206 (2013)","journal-title":"IEEE Trans. Comput."},{"key":"244_CR12","doi-asserted-by":"crossref","unstructured":"Lindorfer, M., Kolbitsch, C., Comparetti, P.M.: Detecting environment-sensitive malware. In: Recent Advances in Intrusion Detection, pp. 338\u2013357. Springer (2011)","DOI":"10.1007\/978-3-642-23644-0_18"},{"key":"244_CR13","unstructured":"Nektra Advanced Computing. Deviare api hook. http:\/\/www.nektra.com\/products\/deviare-api-hook-windows\/ (2015). Accessed in 1 April 2015"},{"issue":"1","key":"244_CR14","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1007\/s11416-013-0189-0","volume":"10","author":"G Canfora","year":"2014","unstructured":"Canfora, G.: Antonio Niccol\u00f2 Iannaccone, and Corrado Aaron Visaggio. Static analysis for the detection of metamorphic computer viruses using repeated-instructions counting heuristics. J. Comput. Virol. Hacking Tech. 10(1), 11\u201327 (2014)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"244_CR15","unstructured":"Kalbhor, A., Austin, T.H., Filiol, E., Josse, S., Mark, S.: Dueling hidden markov models for virus analysis. J. Comput. Virol. Hacking Tech. 11, 1\u201316 (2014)"},{"issue":"3","key":"244_CR16","doi-asserted-by":"crossref","first-page":"201","DOI":"10.1007\/s11416-010-0148-y","volume":"7","author":"D Lin","year":"2011","unstructured":"Lin, D., Stamp, M.: Hunting for undetectable metamorphic viruses. J. Comput. Virol. 7(3), 201\u2013214 (2011)","journal-title":"J. Comput. Virol."},{"key":"244_CR17","doi-asserted-by":"crossref","unstructured":"Musale, M., Austin, T.H., Stamp, M.: Hunting for metamorphic javascript malware. J. Comput. Virol. Hacking Tech. 1\u201314 (2014)","DOI":"10.1007\/s11416-014-0225-8"},{"issue":"3","key":"244_CR18","doi-asserted-by":"crossref","first-page":"159","DOI":"10.1007\/s11416-013-0184-5","volume":"9","author":"G Shanmugam","year":"2013","unstructured":"Shanmugam, G., Low, R.M., Stamp, M.: Simple substitution distance and metamorphic detection. J. Comput. Virol. Hacking Tech. 9(3), 159\u2013170 (2013)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"244_CR19","doi-asserted-by":"crossref","unstructured":"Annachhatre, C., Austin, T.H., Stamp, M.: Hidden markov models for malware classification. J. Comput. Virol. Hacking Tech. 1\u201315 (2014)","DOI":"10.1007\/s11416-014-0215-x"},{"key":"244_CR20","doi-asserted-by":"crossref","unstructured":"Faruki, P., Laxmi, V., Gaur, M.S., Vinod, P.: Mining control flow graph as api call-grams to detect portable executable malware. In Proceedings of the Fifth International Conference on Security of Information and Networks ACM, pp. 130\u2013137 (2012)","DOI":"10.1145\/2388576.2388594"},{"key":"244_CR21","doi-asserted-by":"crossref","first-page":"419","DOI":"10.1016\/j.cose.2013.09.006","volume":"39","author":"Y Park","year":"2013","unstructured":"Park, Y., Reeves, D.S., Stamp, M.: Deriving common malware behavior through graph clustering. Comput. Secur. 39, 419\u2013430 (2013)","journal-title":"Comput. Secur."},{"issue":"3","key":"244_CR22","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.jvlc.2012.02.002","volume":"23","author":"M Eskandari","year":"2012","unstructured":"Eskandari, M., Hashemi, Sattar: A graph mining approach for detecting unknown malwares. J. Vis. Lang. Comput. 23(3), 154\u2013162 (2012)","journal-title":"J. Vis. Lang. Comput."},{"issue":"2","key":"244_CR23","doi-asserted-by":"crossref","first-page":"646","DOI":"10.1016\/j.jnca.2012.10.004","volume":"36","author":"R Islam","year":"2013","unstructured":"Islam, R., Tian, R., Batten, L.M., Versteeg, S.: Classification of malware based on integrated static and dynamic features. J. Netw. Comput. Appl. 36(2), 646\u2013656 (2013)","journal-title":"J. Netw. Comput. Appl."},{"key":"244_CR24","unstructured":"VirusSign. Malware research and data center. http:\/\/www.VirusSign.com (2015). Accessed in 1 April 2015"},{"issue":"1","key":"244_CR25","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45(1), 5\u201332 (2001)","journal-title":"Mach. Learn."},{"issue":"3","key":"244_CR26","first-page":"273","volume":"20","author":"C Cortes","year":"1995","unstructured":"Cortes, C., Vapnik, V.: Support-vector networks. Mach. Learn. 20(3), 273\u2013297 (1995)","journal-title":"Mach. Learn."},{"key":"244_CR27","doi-asserted-by":"crossref","unstructured":"Safavian, S.R., Landgrebe, D.: A survey of decision tree classifier methodology (1990)","DOI":"10.1109\/21.97458"},{"key":"244_CR28","first-page":"2349","volume":"14","author":"J Dem\u0161ar","year":"2013","unstructured":"Dem\u0161ar, J., Curk, T., Erjavec, A., Gorup, \u010c., Ho\u010devar, T., Milutinovi\u010d, M., Mo\u017eina, M., Polajnar, M., Toplak, M., Stari\u010d, A., \u0160tajdohar, M., Umek, L., \u017dagar, L., \u017dbontar, J., \u017ditnik, M., Zupan, B.: Orange: Data mining toolbox in python. J. Mach. Learn. Res. 14, 2349\u20132353 (2013)","journal-title":"J. Mach. Learn. Res."}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-015-0244-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-015-0244-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-015-0244-0","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T21:53:30Z","timestamp":1652219610000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-015-0244-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,6,4]]},"references-count":28,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2016,5]]}},"alternative-id":["244"],"URL":"https:\/\/doi.org\/10.1007\/s11416-015-0244-0","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,6,4]]}}}