{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,19]],"date-time":"2025-09-19T09:18:27Z","timestamp":1758273507851,"version":"3.37.3"},"reference-count":58,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2019,4,26]],"date-time":"2019-04-26T00:00:00Z","timestamp":1556236800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"published-print":{"date-parts":[[2019,9]]},"DOI":"10.1007\/s11416-019-00330-1","type":"journal-article","created":{"date-parts":[[2019,4,27]],"date-time":"2019-04-27T03:17:31Z","timestamp":1556335051000},"page":"177-194","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["ERES: an extended regular expression signature for polymorphic worm detection"],"prefix":"10.1007","volume":"15","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2263-1239","authenticated-orcid":false,"given":"Razieh","family":"Eskandari","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mahdi","family":"Shajari","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mojtaba Mostafavi","family":"Ghahfarokhi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,4,26]]},"reference":[{"issue":"1","key":"330_CR1","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1007\/s11416-014-0217-8","volume":"12","author":"G Mezzour","year":"2016","unstructured":"Mezzour, G., Carley, L.R., Carley, K.M.: Longitudinal analysis of a large corpus of cyber threat descriptions. J. Comput. Virol. Hacking Tech. 12(1), 11\u201322 (2016)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"330_CR2","unstructured":"Symantec internet security threat report. Technical report, Symantec Corporation (2018)"},{"key":"330_CR3","doi-asserted-by":"publisher","unstructured":"Eskandari, R., Shajari., M., Asadi, A.: Automatic signature generation for polymorphic worms by combination of token extraction and sequence alignment approaches. In: 2015 7th Conference on Information and Knowledge Technology (IKT), pp. 1\u20136, 26\u201328 May 2015. \n                    https:\/\/doi.org\/10.1109\/ikt.2015.7288733","DOI":"10.1109\/ikt.2015.7288733"},{"key":"330_CR4","doi-asserted-by":"crossref","unstructured":"Gaudesi, M., et al.: Challenging anti-virus through evolutionary malware obfuscation. In: European Conference on the Applications of Evolutionary Computation. Springer, Cham (2016)","DOI":"10.1007\/978-3-319-31153-1_11"},{"key":"330_CR5","doi-asserted-by":"crossref","unstructured":"Barr\u00eda, C., et al.: Proposed classification of malware, based on obfuscation. In: 2016 6th International Conference on Computers Communications and Control (ICCCC). IEEE (2016)","DOI":"10.1109\/ICCCC.2016.7496735"},{"key":"330_CR6","first-page":"78","volume":"4610","author":"Y Tang","year":"2007","unstructured":"Tang, Y., Lu, X., Xiao, G.: Generating simplified regular expression signatures for polymorphic worms. Auton. Trust. Comput. 4610, 78\u2013488 (2007)","journal-title":"Auton. Trust. Comput."},{"issue":"3","key":"330_CR7","doi-asserted-by":"publisher","first-page":"1520","DOI":"10.1109\/SURV.2014.022714.00160","volume":"16","author":"R Kaur","year":"2014","unstructured":"Kaur, R., Singh, M.: A survey on zero-day polymorphic worm detection techniques. IEEE Commun. Surv. Tutor. 16(3), 1520\u20131549 (2014). \n                    https:\/\/doi.org\/10.1109\/surv.2014.022714.00160","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"330_CR8","doi-asserted-by":"publisher","unstructured":"Li, Z., Sanghi, M., Chen, Y., Kao, M., Chavez, B.: Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. In: Proceedings of IEEE Symposium on Security and Privacy (2006). \n                    https:\/\/doi.org\/10.1109\/sp.2006.18","DOI":"10.1109\/sp.2006.18"},{"key":"330_CR9","doi-asserted-by":"publisher","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: Proceedings IEEE Symposium on Security and Privacy (2005). \n                    https:\/\/doi.org\/10.1109\/sp.2005.15","DOI":"10.1109\/sp.2005.15"},{"key":"330_CR10","doi-asserted-by":"crossref","unstructured":"Yegneswaran, V., et al.: An architecture for generating semantics-aware signatures. In: Proceedings of the 14th Conference on USENIX Security Symposium. USENIX Association, Berkeley (2005)","DOI":"10.21236\/ADA449063"},{"key":"330_CR11","doi-asserted-by":"publisher","unstructured":"Brumley, D., Wang, H., Jha, S., Song, D.: Creating vulnerability signatures using weakest preconditions. In: Proceedings 20th IEEE Computer Security Foundations Symposium (2007). \n                    https:\/\/doi.org\/10.1109\/csf.2007.17","DOI":"10.1109\/csf.2007.17"},{"key":"330_CR12","doi-asserted-by":"publisher","unstructured":"Brumley, D., Newsome, J., Song, D., Wang, H., Jha, S.: Towards automatic generation of vulnerability-based signatures. In: Proceedings of IEEE Symposium on Security and Privacy (2006). \n                    https:\/\/doi.org\/10.1109\/sp.2006.41","DOI":"10.1109\/sp.2006.41"},{"key":"330_CR13","doi-asserted-by":"publisher","unstructured":"Wang, X., Li, Z., Xu, J., Reiter, M.K., Kil, C., Choi, J.Y.: Packet vaccine: black-box exploit detection and signature generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (2006). \n                    https:\/\/doi.org\/10.1145\/1180405.1180412","DOI":"10.1145\/1180405.1180412"},{"key":"330_CR14","doi-asserted-by":"crossref","unstructured":"Wang, J., He, X.: A signature generation approach based on clustering for polymorphic worm. Trusted Systems. INTRUST 2015. Lecture Notes in Computer Science, vol. 9565. Springer, Cham (2016)","DOI":"10.1007\/978-3-319-31550-8_6"},{"key":"330_CR15","unstructured":"Kim, H., Karp, B.: Autograph: toward automated, distributed worm signature detection. In: Proceedings of 13th USENIX Security Symposium, Berkeley, CA, USA, pp. 19\u201335 (2005)"},{"issue":"2","key":"330_CR16","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1109\/TDSC.2007.1000","volume":"5","author":"M Cai","year":"2007","unstructured":"Cai, M., Hwang, K., Pan, J., Christos, P.: WormShield: fast worm signature generation with distributed fingerprint aggregation. IEEE Trans. Dependable Secure Comput. 5(2), 88\u2013104 (2007)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"330_CR17","doi-asserted-by":"crossref","unstructured":"Ranjan, S., Shah, S., Nucci, A., Munafo, M., Cruz, R., Muthukrishnan, S.: DoWitcher: effective worm detection and containment in the internet core. In: IEEE Infocom, Anchorage, Alaskapp, pp. 2541\u20132545 (2007)","DOI":"10.1109\/INFCOM.2007.317"},{"issue":"11","key":"330_CR18","doi-asserted-by":"publisher","first-page":"1256","DOI":"10.1016\/j.comnet.2006.09.005","volume":"51","author":"G Portokalidis","year":"2007","unstructured":"Portokalidis, G., Bos, H.: SweetBait: zero-hour worm detection and containment using low- and high-interaction honeypots. Comput. Netw. 51(11), 1256\u20131274 (2007)","journal-title":"Comput. Netw."},{"key":"330_CR19","doi-asserted-by":"crossref","unstructured":"Cavallaro, L., Lanzi, A., Mayer, L., Monga, M.: LISABETH: automated content-based signature generator for zero-day polymorphic worms. In: Proceedings of SESS\u201908, pp. 41\u201348 (2008)","DOI":"10.1145\/1370905.1370911"},{"key":"330_CR20","doi-asserted-by":"crossref","unstructured":"Zhang, J., Duan, H., Wang, L., Guan, Y., Wu, J.: A fast method of signature generation for polymorphic worms. In: International Conference on Computer and Electrical Engineering (2008)","DOI":"10.1109\/ICCEE.2008.33"},{"key":"330_CR21","doi-asserted-by":"publisher","unstructured":"Bayoglu, B., Sogukpinar, I.: Polymorphic worm detection using token-pair signatures. In: Proceedings 4th International Workshop on Security, Privacy and Trust in Pervasive and Ubiquitous Computing (2008). \n                    https:\/\/doi.org\/10.1145\/1387329.1387331","DOI":"10.1145\/1387329.1387331"},{"issue":"10","key":"330_CR22","first-page":"2599","volume":"21","author":"J Wang","year":"2010","unstructured":"Wang, J., Wang, J.X., Chen, J.E., Zhang, X.: An automated signature generation approach for polymorphic worm based on color coding. J. Softw. 21(10), 2599\u20132609 (2010)","journal-title":"J. Softw."},{"issue":"8","key":"330_CR23","doi-asserted-by":"publisher","first-page":"827","DOI":"10.1016\/j.cose.2009.06.003","volume":"28","author":"Y Tang","year":"2009","unstructured":"Tang, Y., Xiao, B., Lu, X.: Using a bioinformatics approach to generate accurate exploit-based signatures for polymorphic worms. Comput. Secur. 28(8), 827\u2013842 (2009)","journal-title":"Comput. Secur."},{"issue":"2","key":"330_CR24","first-page":"832844","volume":"56","author":"B Bayoglu","year":"2012","unstructured":"Bayoglu, B., Sogukpinar, I.: Graph based signature classes for detecting polymorphic worms via content analysis. Comput. Netw. Int. J. Comput. Telecommun. Netw. 56(2), 832844 (2012)","journal-title":"Comput. Netw. Int. J. Comput. Telecommun. Netw."},{"issue":"7","key":"330_CR25","doi-asserted-by":"publisher","first-page":"879","DOI":"10.1109\/TPDS.2007.1050","volume":"18","author":"Y Tang","year":"2007","unstructured":"Tang, Y., Chen, S.: An automated signature-based approach against polymorphic internet worms. IEEE Trans. Parallel Distrib. Syst. 18(7), 879\u2013892 (2007)","journal-title":"IEEE Trans. Parallel Distrib. Syst."},{"key":"330_CR26","doi-asserted-by":"publisher","unstructured":"Wang, J., Sheng, Y., Chen, J.: Polymorphic worm detection using signatures based on neighborhood relation. In: Proceedings 11th IEEE International Conference on High Performance Computing and Communications (2009). \n                    https:\/\/doi.org\/10.1109\/icnp.2007.4375847","DOI":"10.1109\/icnp.2007.4375847"},{"key":"330_CR27","doi-asserted-by":"crossref","unstructured":"Silalahi, D., Asnar, Y., Perdana, R.S.: Rule generator for IPS by using honeypot to fight polymorphic worm. In: 2017 International Conference on Data and Software Engineering (ICoDSE), pp. 1\u20135. IEEE (2017)","DOI":"10.1109\/ICODSE.2017.8285886"},{"key":"330_CR28","doi-asserted-by":"publisher","unstructured":"Crandall, J.R., Su, Z., Wu, S.F.: On deriving unknown vulnerabilities from zero-day polymorphic and metamorphic worm exploits. In: Proceedings of the 12th ACM Conference on Computer and Communications Security. ACM Conference (2005). \n                    https:\/\/doi.org\/10.1145\/1102120.1102152","DOI":"10.1145\/1102120.1102152"},{"key":"330_CR29","doi-asserted-by":"publisher","unstructured":"Sommer, R., Paxson, V.: Enhancing byte-level network intrusion detection signatures with context. In: Proceedings 10th ACM Conference on Computer and Communications Security (2003). \n                    https:\/\/doi.org\/10.1145\/948109.948145","DOI":"10.1145\/948109.948145"},{"key":"330_CR30","doi-asserted-by":"publisher","unstructured":"Kumar, S.D., Dharmapurikar, S., Yu, F., Crowley, P., Turner, J.: Algorithms to accelerate multiple regular expressions matching for deep packet inspection. In: Proceedings Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (2006). \n                    https:\/\/doi.org\/10.1145\/1159913.1159952","DOI":"10.1145\/1159913.1159952"},{"issue":"1","key":"330_CR31","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1517\/14622416.3.1.131","volume":"3","author":"C Notredame","year":"2002","unstructured":"Notredame, C.: Recent progress in multiple sequence alignment: a survey. Pharmacogenomics 3(1), 131\u2013144 (2002)","journal-title":"Pharmacogenomics"},{"key":"330_CR32","doi-asserted-by":"publisher","unstructured":"Nan, L., Chunhe, X., Yi, Y., Haiquan, W.: An algorithm for generation of attack signatures based on sequences alignment. In: Proceedings International Conference on Computer Science and Software Engineering (2008). \n                    https:\/\/doi.org\/10.4236\/jsea.2008.11011","DOI":"10.4236\/jsea.2008.11011"},{"key":"330_CR33","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1016\/0022-2836(70)90057-4","volume":"48","author":"SB Needleman","year":"1970","unstructured":"Needleman, S.B., Wunsch, C.D.: A general method applicable to the search for similarities in the amino acid sequence of two proteins. J. Mol. Biol. 48, 443\u2013453 (1970)","journal-title":"J. Mol. Biol."},{"key":"330_CR34","first-page":"406","volume":"4","author":"N Saitou","year":"1987","unstructured":"Saitou, N., Nei, M.: The neighbor-joining method: a new method for reconstructing phylogenetic trees. Mol. Biol. Evol. 4, 406 (1987)","journal-title":"Mol. Biol. Evol."},{"key":"330_CR35","doi-asserted-by":"publisher","unstructured":"Xu, J., Ning, P., Kil, C., Zhai, Y., Bookholt, C.: Automatic diagnosis and response to memory corruption vulnerabilities. In: Proceedings 12th ACM Conference on Computer and Communications Security (2005). \n                    https:\/\/doi.org\/10.1145\/1102120.1102151","DOI":"10.1145\/1102120.1102151"},{"key":"330_CR36","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1016\/j.knosys.2015.01.009","volume":"78","author":"WC Lin","year":"2015","unstructured":"Lin, W.C., Ke, S.W., Tsai, C.F.: CANN: an intrusion detection system based on combining cluster centers and nearest neighbors. Knowl.-Based Syst. 78, 13\u201321 (2015)","journal-title":"Knowl.-Based Syst."},{"key":"330_CR37","unstructured":"The darpa98 and kddcup99 datasets. \n                    http:\/\/www.ll.mit.edu\/ideval\/data\/1998data.html\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR38","unstructured":"The NSLKDD dataset. \n                    https:\/\/web.archive.org\/web\/20150205070216\/\n                    \n                  , \n                    http:\/\/nsl.cs.unb.ca\/NSL-KDD\/\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR39","unstructured":"The CAIDA datasets. \n                    https:\/\/www.caida.org\/data\/\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR40","unstructured":"The DEFCON dataset. \n                    http:\/\/www.netresec.com\/?page=PcapFiles\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR41","unstructured":"The LBNL dataset. \n                    http:\/\/powerdata.lbl.gov\/download.html\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR42","unstructured":"The UNIBS dataset. \n                    http:\/\/netweb.ing.unibs.it\/ntw\/tools\/traces\/\n                    \n                  . Accessed 14 Apr 2019"},{"issue":"6","key":"330_CR43","first-page":"683","volume":"17","author":"MH Bhuyan","year":"2015","unstructured":"Bhuyan, M.H., Bhattacharyya, D.K., Kalita, J.K.: Towards generating real-life datasets for network intrusion detection. IJ Netw. Secur. 17(6), 683\u2013701 (2015)","journal-title":"IJ Netw. Secur."},{"issue":"3","key":"330_CR44","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","volume":"31","author":"A Shiravi","year":"2012","unstructured":"Shiravi, A., Shiravi, H., Tavallaee, M., Ghorbani, A.A.: Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput. Secur. 31(3), 357\u2013374 (2012)","journal-title":"Comput. Secur."},{"key":"330_CR45","unstructured":"The ISCX dataset. \n                    http:\/\/www.unb.ca\/research\/iscx\/dataset\/iscx-IDS-dataset.html\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR46","unstructured":"The DARPA-2009 dataset. DARPA scalable network monitoring (SNM) program traffic. Packet clearing house. 11\/3\/2009 to 11\/12\/2009. \n                    https:\/\/www.predict.org\/\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR47","unstructured":"The CDX datasets. \n                    https:\/\/www.usma.edu\/crc\/SitePages\/DataSets.aspx\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR48","unstructured":"The CTU-13 dataset. \n                    https:\/\/www.usma.edu\/crc\/SitePages\/DataSets.aspx\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR49","doi-asserted-by":"crossref","unstructured":"Gogoi, P., Bhuyan, M.H., Bhattacharyya, D., Kalita, J.K.: Packet and flow based network intrusion dataset. In: International Conference on Contemporary Computing. Springer, pp. 322\u2013334 (2012)","DOI":"10.1007\/978-3-642-32129-0_34"},{"key":"330_CR50","unstructured":"The Metasploit Project (2007). \n                    http:\/\/www.metasploit.com\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR51","unstructured":"Jempiscodes\u2014A Polymorphic Shellcode Generator (2007). \n                    http:\/\/www.shellcode.com.ar\/en\/proyectos.html\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR52","unstructured":"Piotr Bania. TAPiON. \n                    http:\/\/pb.specialised.info\/all\/tapion\/\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR53","unstructured":"Macaulay, S.: ADMMutate: Polymorphic Shellcode Engine (2007). \n                    http:\/\/www.ktwo.ca\/security.html"},{"key":"330_CR54","unstructured":"Detristan, T., Ulenspiegel, T., Malcom, Y., Underduk, M.S.V.: Polymorphic Shellcode Engine Using Spectrum Analysis (2007). \n                    http:\/\/www.phrack.org\/show.php?p=61&a=9"},{"key":"330_CR55","unstructured":"https:\/\/www.sku.ac.ir\/File\/25463\/_ERESDataGeneration\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR56","unstructured":"https:\/\/www.sku.ac.ir\/File\/25465\/EREStestScenarios\n                    \n                  . Accessed 14 Apr 2019"},{"key":"330_CR57","unstructured":"https:\/\/www.sku.ac.ir\/File\/25468\/ERES_testScript\n                    \n                  . Accessed 14 Apr 2019"},{"issue":"2","key":"330_CR58","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1108\/03321641011014913","volume":"29","author":"Z Xiaosong","year":"2010","unstructured":"Xiaosong, Z., Ting, C., Dapeng, C., Zhi, L.: SISG: self-immune automated signature generation for polymorphic worms. COMPEL Int. J. Comput. Math. Electr. Electron. Eng. 29(2), 445\u2013467 (2010)","journal-title":"COMPEL Int. J. Comput. Math. Electr. Electron. Eng."}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-019-00330-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-019-00330-1\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-019-00330-1.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,4,24]],"date-time":"2020-04-24T23:20:50Z","timestamp":1587770450000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-019-00330-1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,4,26]]},"references-count":58,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2019,9]]}},"alternative-id":["330"],"URL":"https:\/\/doi.org\/10.1007\/s11416-019-00330-1","relation":{},"ISSN":["2263-8733"],"issn-type":[{"type":"electronic","value":"2263-8733"}],"subject":[],"published":{"date-parts":[[2019,4,26]]},"assertion":[{"value":"30 April 2018","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"1 February 2019","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"26 April 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}]}}