{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,16]],"date-time":"2026-04-16T22:50:02Z","timestamp":1776379802607,"version":"3.51.2"},"reference-count":66,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2023,9,25]],"date-time":"2023-09-25T00:00:00Z","timestamp":1695600000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,9,25]],"date-time":"2023-09-25T00:00:00Z","timestamp":1695600000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100008812","name":"Defence Science and Technology Group","doi-asserted-by":"publisher","award":["NGTF"],"award-info":[{"award-number":["NGTF"]}],"id":[{"id":"10.13039\/501100008812","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"DOI":"10.1007\/s11416-023-00504-y","type":"journal-article","created":{"date-parts":[[2023,9,25]],"date-time":"2023-09-25T16:02:04Z","timestamp":1695657724000},"page":"135-152","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":13,"title":["Use of cryptography in malware obfuscation"],"prefix":"10.1007","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-6168-6497","authenticated-orcid":false,"given":"Hassan Jameel","family":"Asghar","sequence":"first","affiliation":[]},{"given":"Benjamin Zi Hao","family":"Zhao","sequence":"additional","affiliation":[]},{"given":"Muhammad","family":"Ikram","sequence":"additional","affiliation":[]},{"given":"Giang","family":"Nguyen","sequence":"additional","affiliation":[]},{"given":"Dali","family":"Kaafar","sequence":"additional","affiliation":[]},{"given":"Sean","family":"Lamont","sequence":"additional","affiliation":[]},{"given":"Daniel","family":"Coscia","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,9,25]]},"reference":[{"key":"504_CR1","unstructured":"0xPat: Malware development part 5 \u2013 tips and tricks. (2020). https:\/\/0xpat.github.io\/Malware_development_part_5\/"},{"issue":"6","key":"504_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3365001","volume":"52","author":"A Afianian","year":"2019","unstructured":"Afianian, A., Niksefat, S., Sadeghiyan, B., et al.: Malware dynamic analysis evasion techniques: a survey. ACM Comput. Surv. (CSUR) 52(6), 1\u201328 (2019)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"3","key":"504_CR3","doi-asserted-by":"publisher","first-page":"1080","DOI":"10.1007\/s00145-019-09340-0","volume":"33","author":"MR Albrecht","year":"2020","unstructured":"Albrecht, M.R., Farshim, P., Han, S., et al.: Multilinear maps from obfuscation. J. Cryptol. 33(3), 1080\u20131113 (2020)","journal-title":"J. Cryptol."},{"key":"504_CR4","unstructured":"Anderson, H.S., Roth, P.: Ember: an open dataset for training static pe malware machine learning models (2018) arXiv preprint arXiv:1804.04637"},{"key":"504_CR5","unstructured":"Apon, D., Huang, Y., Katz, J., et\u00a0al.: Implementing cryptographic program obfuscation. Cryptology ePrint Archive (2014)"},{"key":"504_CR6","unstructured":"Apvrille, A.: Cryptography for mobile malware obfuscation. In: RSA Conference Europe (2011)"},{"key":"504_CR7","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511804090","volume-title":"Computational Complexity: A Modern Approach","author":"S Arora","year":"2009","unstructured":"Arora, S., Barak, B.: Computational Complexity: A Modern Approach. Cambridge University Press, Cambridge (2009)"},{"key":"504_CR8","doi-asserted-by":"crossref","unstructured":"Baigneres, T., Junod, P., Vaudenay, S.: How far can we go beyond linear cryptanalysis? In: International Conference on the Theory and Application of Cryptology and Information Security, pp. 432\u2013450. Springer (2004)","DOI":"10.1007\/978-3-540-30539-2_31"},{"key":"504_CR9","doi-asserted-by":"crossref","unstructured":"Barak, B., Goldreich, O., Impagliazzo, R., et\u00a0al.: On the (im) possibility of obfuscating programs. In: Annual International Cryptology Conference, pp 1\u201318. Springer (2001)","DOI":"10.1007\/3-540-44647-8_1"},{"issue":"4","key":"504_CR10","doi-asserted-by":"publisher","first-page":"971","DOI":"10.3390\/fi4040971","volume":"4","author":"B Bencs\u00e1th","year":"2012","unstructured":"Bencs\u00e1th, B., P\u00e9k, G., Butty\u00e1n, L., et al.: The cousins of stuxnet: Duqu, flame, and gauss. Future Int. 4(4), 971\u20131003 (2012)","journal-title":"Future Int."},{"key":"504_CR11","doi-asserted-by":"crossref","unstructured":"Blackthorne, J., Kaiser, B., Yener, B.: A formal framework for environmentally sensitive malware. In: International Symposium on Research in Attacks, Intrusions, and Defenses, pp. 211\u2013229. Springer(2016)","DOI":"10.1007\/978-3-319-45719-2_10"},{"key":"504_CR12","doi-asserted-by":"crossref","unstructured":"Blackthorne, J., Kaiser, B., Fuller, B., et\u00a0al.: Environmental authentication in malware. In: International Conference on Cryptology and Information Security in Latin America, Springer, pp 381\u2013400 (2017)","DOI":"10.1007\/978-3-030-25283-0_20"},{"key":"504_CR13","doi-asserted-by":"crossref","unstructured":"Bock, E.A., Amadori, A., Brzuska, C., et\u00a0al.: On the security goals of white-box cryptography. In: IACR Transactions on Cryptographic Hardware and Embedded Systems, pp. 327\u2013357 (2020)","DOI":"10.46586\/tches.v2020.i2.327-357"},{"key":"504_CR14","doi-asserted-by":"crossref","unstructured":"Brakerski, Z., Rothblum, G.N.: Virtual black-box obfuscation for all circuits via generic graded encoding. In: Theory of Cryptography Conference, pp. 1\u201325. Springer (2014)","DOI":"10.1007\/978-3-642-54242-8_1"},{"key":"504_CR15","doi-asserted-by":"crossref","unstructured":"Brumley, D., Hartwig, C., Liang, Z., et\u00a0al.: Automatically identifying trigger-based behavior in malware. In: Botnet Detection: Countering the Largest Security Threat, pp. 65\u201388 (2008)","DOI":"10.1007\/978-0-387-68768-1_4"},{"key":"504_CR16","doi-asserted-by":"crossref","unstructured":"Calvet, J., Davis, C.R., Bureau, P.M.: Malware authors don\u2019t learn, and that\u2019s good! In: 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), IEEE, pp. 88\u201397 (2009)","DOI":"10.1109\/MALWARE.2009.5403013"},{"key":"504_CR17","doi-asserted-by":"crossref","unstructured":"Calvet, J., Fernandez, J.M., Marion, J.Y.: Aligot: Cryptographic function identification in obfuscated binary programs. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 169\u2013182 (2012)","DOI":"10.1145\/2382196.2382217"},{"key":"504_CR18","doi-asserted-by":"crossref","unstructured":"Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings 42nd IEEE Symposium on Foundations of Computer Science, IEEE, pp. 136\u2013145 (2001)","DOI":"10.1109\/SFCS.2001.959888"},{"key":"504_CR19","doi-asserted-by":"crossref","unstructured":"Canetti, R., Dwork, C., Naor, M., et\u00a0al.: Deniable encryption. In: Annual International Cryptology Conference, pp. 90\u2013104. Springer (1997)","DOI":"10.1007\/BFb0052229"},{"key":"504_CR20","doi-asserted-by":"crossref","unstructured":"Chow, S., Eisen, P., Johnson, H., et\u00a0al.: White-box cryptography and an aes implementation. In: Selected Areas in Cryptography: 9th Annual International Workshop, SAC 2002 St. John\u2019s, Newfoundland, Canada, August 15\u201316, 2002 Revised Papers 9, pp. 250\u2013270. Springer, (2003)","DOI":"10.1007\/3-540-36492-7_17"},{"key":"504_CR21","unstructured":"Cisco, C.: Annual cybersecurity report, 2018. (2018) https:\/\/www.cisco.com\/c\/dam\/m\/hu_hu\/campaigns\/security-hub\/pdf\/acr-2018.pdf"},{"key":"504_CR22","unstructured":"Cohen, F.: Computer viruses. PhD thesis, University of Southern California Doctoral dissertation (1986)"},{"key":"504_CR23","unstructured":"Collberg, C., Thomborson, C., Low, D.: A taxonomy of obfuscating transformations. Department of Computer Science, The University of Auckland, New Zealand, Tech. rep. (1997)"},{"key":"504_CR24","unstructured":"Comenetz, J.: Frequently occurring surnames in the 2010 census. United States Census Bureau, pp. 1\u20138 (2016)"},{"key":"504_CR25","doi-asserted-by":"crossref","unstructured":"Coron, J.S., Lepoint, T., Tibouchi, M.: Practical multilinear maps over the integers. In: Annual Cryptology Conference, pp. 476\u2013493. Springer (2013)","DOI":"10.1007\/978-3-642-40041-4_26"},{"key":"504_CR26","volume-title":"Elements of Information Theory","author":"TM Cover","year":"1999","unstructured":"Cover, T.M.: Elements of Information Theory. John Wiley & Sons, New Jersey (1999)"},{"issue":"5","key":"504_CR27","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1145\/1168917.1168862","volume":"40","author":"JR Crandall","year":"2006","unstructured":"Crandall, J.R., Wassermann, G., De Oliveira, D.A., et al.: Temporal search: detecting hidden malware timebombs with virtual machines. ACM SIGOPS Oper. Syst. Rev. 40(5), 25\u201336 (2006)","journal-title":"ACM SIGOPS Oper. Syst. Rev."},{"key":"504_CR28","doi-asserted-by":"crossref","unstructured":"Di\u00a0Troia, F., Visaggio, C.A., Austin, T.H., et\u00a0al.: Advanced transcriptase for javascript malware. In: 2016 11th International Conference on Malicious and Unwanted Software (MALWARE), IEEE, pp. 1\u20138 (2016)","DOI":"10.1109\/MALWARE.2016.7888737"},{"key":"504_CR29","unstructured":"Dorais-Joncas, A., Mun\u00f5z, F.: Jumping the air gap: 15 years of nation-state effort. (2021) https:\/\/www.welivesecurity.com\/wp-content\/uploads\/2021\/12\/eset_jumping_the_air_gap_wp.pdf"},{"key":"504_CR30","unstructured":"Evans, D.: On the impossibility of virus detection. Retrieved from (2017)"},{"key":"504_CR31","unstructured":"Filiol, E.: Malicious cryptography techniques for unreversable (malicious or not) binaries. (2010) arXiv preprint arXiv:1009.4000"},{"key":"504_CR32","unstructured":"Filiol, \u00c9., Raynal, F.: Malicious cryptography... reloaded. In: CanSecWest Conference (2008)"},{"issue":"1","key":"504_CR33","doi-asserted-by":"publisher","first-page":"94","DOI":"10.1145\/1127345.1127349","volume":"9","author":"A Futoransky","year":"2006","unstructured":"Futoransky, A., Kargieman, E., Sarraute, C., et al.: Foundations and applications for secure triggers. ACM Trans. Inf. Syst. Secur. (TISSEC) 9(1), 94\u2013112 (2006)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"504_CR34","unstructured":"Gallagher, S.: Nearly half of malware now use tls to conceal communications. (2021) https:\/\/news.sophos.com\/en-us\/2021\/04\/21\/nearly-half-of-malware-now-use-tls-to-conceal-communications\/"},{"key":"504_CR35","first-page":"1007","volume":"2017","author":"H Galteland","year":"2017","unstructured":"Galteland, H., Gj\u00f8steen, K.: Malware encryption schemes-rerandomizable ciphertexts encrypted using environmental keys. IACR Cryptol. ePrint Arch. 2017, 1007 (2017)","journal-title":"IACR Cryptol. ePrint Arch."},{"key":"504_CR36","doi-asserted-by":"crossref","unstructured":"Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 1\u201317. Springer (2013)","DOI":"10.1007\/978-3-642-38348-9_1"},{"key":"504_CR37","doi-asserted-by":"crossref","unstructured":"Gentry, C., Gorbunov, S., Halevi, S.: Graph-induced multilinear maps from lattices. In: Theory of Cryptography Conference, pp. 498\u2013527. Springer (2015)","DOI":"10.1007\/978-3-662-46497-7_20"},{"key":"504_CR38","doi-asserted-by":"crossref","unstructured":"Glanz, L., M\u00fcller, P., Baumg\u00e4rtner, L., et\u00a0al.: Hidden in plain sight: obfuscated strings threatening your privacy. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 694\u2013707 (2020)","DOI":"10.1145\/3320269.3384745"},{"key":"504_CR39","unstructured":"Glynos, D.A.: Context-keyed payload encoding: Fighting the next generation of ids. In: Athens IT Security Conference (ATH. C0N), Citeseer (2010)"},{"key":"504_CR40","doi-asserted-by":"crossref","unstructured":"Halevi, S., Halevi, T., Shoup, V., et\u00a0al.: Implementing bp-obfuscation using graph-induced encoding. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (2017)","DOI":"10.1145\/3133956.3133976"},{"key":"504_CR41","unstructured":"Harang, R., Rudd, E.M.: Sorel-20m: a large scale benchmark dataset for malicious pe detection. (2020) arXiv preprint arXiv:2012.07634"},{"key":"504_CR42","doi-asserted-by":"crossref","unstructured":"Jain, A., Lin, H., Sahai, A.: Indistinguishability obfuscation from well-founded assumptions. In: Proceedings of the 53rd Annual ACM SIGACT Symposium on Theory of Computing, pp. 60\u201373 (2021)","DOI":"10.1145\/3406325.3451093"},{"key":"504_CR43","doi-asserted-by":"crossref","unstructured":"Kang, M.G., Poosankam, P., Yin, H.: Renovo: A hidden code extractor for packed executables. In: Proceedings of the 2007 ACM workshop on Recurring malcode, pp. 46\u201353 (2007)","DOI":"10.1145\/1314389.1314399"},{"issue":"3","key":"504_CR44","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1080\/19393555.2013.787474","volume":"22","author":"S Kazi","year":"2013","unstructured":"Kazi, S., Stamp, M.: Hidden markov models for software piracy detection. Inf. Secur. J. Glob. Perspect. 22(3), 140\u2013149 (2013)","journal-title":"Inf. Secur. J. Glob. Perspect."},{"key":"504_CR45","unstructured":"Lawson, N.: Mesh design pattern: Hash-and-decrypt. root labs rdist, (2007) https:\/\/rdist.root.org\/2007\/04\/09\/mesh-design-pattern-hash-and-decrypt\/"},{"key":"504_CR46","unstructured":"Loobeek, L.: Protect your payloads: Modern keying techniques. (2018) http:\/\/www.irongeek.com\/i.php?page=videos\/derbycon8\/track-4-03-protect-your-payloads-modern-keying-techniques-leo-loobeek"},{"key":"504_CR47","unstructured":"Lov\u00e1sz, L.: Computation complexity. (1994) Lecture Notes https:\/\/cs-web.bu.edu\/faculty\/gacs\/papers\/Lovasz-notes.pdf"},{"issue":"2","key":"504_CR48","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1109\/MSP.2007.48","volume":"5","author":"R Lyda","year":"2007","unstructured":"Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Secur. Priv. 5(2), 40\u201345 (2007)","journal-title":"IEEE Secur. Priv."},{"key":"504_CR49","doi-asserted-by":"crossref","unstructured":"Maiorca, D., Ariu, D., Corona, I., et al.: Stealth attacks: an extended insight into the obfuscation effects on android malware. Comput. Secur. 51, 16\u201331 (2015)","DOI":"10.1016\/j.cose.2015.02.007"},{"key":"504_CR50","unstructured":"Miller, S., Smith, P.: Rise of legitimate services for backdoor command and control. Tech. rep., Anomali, Tech. Rep., 2017 (2017)"},{"key":"504_CR51","unstructured":"Morrow, T., Pitts, J.: Genetic malware: designing payloads for specific targets. Infiltrate (2016)"},{"key":"504_CR52","doi-asserted-by":"crossref","unstructured":"Moser, A., Kruegel, C., Kirda, E.: Exploring multiple execution paths for malware analysis. In: 2007 IEEE Symposium on Security and Privacy (SP\u201907), IEEE, pp. 231\u2013245 (2007)","DOI":"10.1109\/SP.2007.17"},{"key":"504_CR53","volume-title":"Bitcoin and cryptocurrency technologies: a comprehensive introduction","author":"A Narayanan","year":"2016","unstructured":"Narayanan, A., Bonneau, J., Felten, E., et al.: Bitcoin and cryptocurrency technologies: a comprehensive introduction. Princeton University Press, New Jersey (2016)"},{"key":"504_CR54","unstructured":"Provos, N., Honeyman, P.: Detecting steganographic content on the internet. Tech. rep, Center for Information Technology Integration (2001)"},{"issue":"3","key":"504_CR55","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1080\/19393555.2014.975557","volume":"23","author":"H Rana","year":"2014","unstructured":"Rana, H., Stamp, M.: Hunting for pirated software using metamorphic analysis. Inf. Secur. J. Glob. Perspect. 23(3), 68\u201385 (2014)","journal-title":"Inf. Secur. J. Glob. Perspect."},{"key":"504_CR56","doi-asserted-by":"crossref","unstructured":"Riordan, J., Schneier, B.: Environmental key generation towards clueless agents. In: Mobile Agents and Security, pp. 15\u201324. Springer (1998)","DOI":"10.1007\/3-540-68671-1_2"},{"key":"504_CR57","unstructured":"Sharif, M.I., Lanzi, A., Giffin, J.T., et\u00a0al.: Impeding malware analysis using conditional code obfuscation. In: NDSS, Citeseer (2008)"},{"key":"504_CR58","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1016\/j.eswa.2019.01.064","volume":"125","author":"AS Shekhawat","year":"2019","unstructured":"Shekhawat, A.S., Di Troia, F., Stamp, M.: Feature analysis of encrypted malicious traffic. Expert Syst. Appl. 125, 130\u2013141 (2019)","journal-title":"Expert Syst. Appl."},{"key":"504_CR59","unstructured":"Sikorski, M., Honig, A.: Practical malware analysis: the hands-on guide to dissecting malicious software. no starch press (2012)"},{"key":"504_CR60","doi-asserted-by":"crossref","unstructured":"Steganalysis, H.C.D.B., Westfeld, A.: F5-a steganographic algorithm. In: Information Hiding: 4th International Workshop, IH 2001, Pittsburgh, PA, USA, April 25-27, 2001. Proceedings, p. 289. Springer (2001)","DOI":"10.1007\/3-540-45496-9_21"},{"key":"504_CR61","doi-asserted-by":"crossref","unstructured":"Suarez-Tangil, G., Tapiador, J.E., Peris-Lopez, P.: Stegomalware: Playing hide and seek with malicious components in smartphone apps. In: Information Security and Cryptology: 10th International Conference, Inscrypt 2014, Beijing, China, December 13-15, 2014, Revised Selected Papers 10, pp. 496\u2013515. Springer (2015)","DOI":"10.1007\/978-3-319-16745-9_27"},{"issue":"1","key":"504_CR62","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1038\/sdata.2018.25","volume":"5","author":"K Tzioumis","year":"2018","unstructured":"Tzioumis, K.: Demographic aspects of first names. Sci. Data 5(1), 1\u20139 (2018)","journal-title":"Sci. Data"},{"key":"504_CR63","doi-asserted-by":"crossref","unstructured":"Wermke, D., Huaman, N., Acar, Y., et\u00a0al.: A large scale investigation of obfuscation use in google play. In: Proceedings of the 34th Annual Computer Security Applications Conference, pp. 222\u2013235 (2018)","DOI":"10.1145\/3274694.3274726"},{"issue":"1","key":"504_CR64","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1186\/s42400-020-00049-3","volume":"3","author":"H Xu","year":"2020","unstructured":"Xu, H., Zhou, Y., Ming, J., et al.: Layered obfuscation: a taxonomy of software obfuscation techniques for layered security. Cybersecurity 3(1), 1\u201318 (2020)","journal-title":"Cybersecurity"},{"key":"504_CR65","doi-asserted-by":"crossref","unstructured":"You, I., Yim, K.: Malware obfuscation techniques: A brief survey. In: 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, IEEE, pp. 297\u2013300 (2010)","DOI":"10.1109\/BWCCA.2010.85"},{"key":"504_CR66","doi-asserted-by":"crossref","unstructured":"Young, A., Yung, M.: Cryptovirology: Extortion-based security threats and countermeasures. In: Proceedings 1996 IEEE Symposium on Security and Privacy, IEEE, pp. 129\u2013140 (1996)","DOI":"10.1109\/SECPRI.1996.502676"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-023-00504-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11416-023-00504-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-023-00504-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T23:05:31Z","timestamp":1730156731000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11416-023-00504-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,25]]},"references-count":66,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024,3]]}},"alternative-id":["504"],"URL":"https:\/\/doi.org\/10.1007\/s11416-023-00504-y","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,9,25]]},"assertion":[{"value":"27 April 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"30 August 2023","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 September 2023","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"All instances of malware obfuscation detailed in this paper are in the public domain. As such, we have not introduced any malware obfuscation technique that may jeopardize the security of systems. The aim of this paper is to simply categorise them from the point of view of difficulty of detection.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical considerations"}},{"value":"This work was partially supported by the Australian Defence Science and Technology (DST) Group under the Next Generation Technology Fund (NGTF) scheme. The datasets generated and analysed in this paper are available from the corresponding author on reasonable request.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Disclaimer"}}]}}