{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,8,24]],"date-time":"2024-08-24T11:34:38Z","timestamp":1724499278208},"reference-count":47,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2023,3,27]],"date-time":"2023-03-27T00:00:00Z","timestamp":1679875200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,3,27]],"date-time":"2023-03-27T00:00:00Z","timestamp":1679875200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Sci. China Inf. Sci."],"published-print":{"date-parts":[[2023,4]]},"DOI":"10.1007\/s11432-021-3567-y","type":"journal-article","created":{"date-parts":[[2023,3,31]],"date-time":"2023-03-31T16:02:54Z","timestamp":1680278574000},"update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Framework for understanding intention-unbreakable malware"],"prefix":"10.1007","volume":"66","author":[{"given":"Tiantian","family":"Ji","sequence":"first","affiliation":[]},{"given":"Binxing","family":"Fang","sequence":"additional","affiliation":[]},{"given":"Xiang","family":"Cui","sequence":"additional","affiliation":[]},{"given":"Zhongru","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Peng","family":"Liao","sequence":"additional","affiliation":[]},{"given":"Shouyou","family":"Song","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,3,27]]},"reference":[{"key":"3567_CR1","doi-asserted-by":"publisher","first-page":"250","DOI":"10.5753\/sbseg.2017.19504","volume":"17","author":"M Botacin","year":"2017","unstructured":"Botacin M, da Rocha V F, de Geus P L, et al. Analysis, anti-analysis, anti-anti-analysis: an overview of the evasive malware scenario. Anais do XVII Simp\u00f3sio Brasileiro em Seguran\u00e7a da Informa\u00e7\u00e3o e de Sistemas Computacionais, 2017, 17: 250\u2013263","journal-title":"Anais do XVII Simp\u00f3sio Brasileiro em Seguran\u00e7a da Informa\u00e7\u00e3o e de Sistemas Computacionais"},{"key":"3567_CR2","first-page":"1","volume-title":"You are what you do: hunting stealthy malware via data provenance analysis","author":"Q Wang","year":"2020","unstructured":"Wang Q, Hassan W U, Li D, et al. You are what you do: hunting stealthy malware via data provenance analysis. In: Proceedings of the 27th Annual Network and Distributed System Security Symposium (NDSS). San Diego: The Internet Society, 2020. 1\u201317"},{"key":"3567_CR3","first-page":"255","volume-title":"Mimicry attacks on host-based intrusion detection systems","author":"D Wagner","year":"2002","unstructured":"Wagner D, Soto P. Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security. New York: Association for Computing Machinery, 2002. 255\u2013264"},{"key":"3567_CR4","first-page":"241","volume-title":"Polymorphic blending attacks","author":"P Fogla","year":"2006","unstructured":"Fogla P, Sharif M I, Perdisci R, et al. Polymorphic blending attacks. In: Proceedings of the 15th USENIX Security Symposium. Berkeley: USENIX Association, 2006. 241\u2013256"},{"key":"3567_CR5","first-page":"745","volume-title":"Codisasm: medium scale concatic disassembly of self-modifying binaries with overlapping instructions","author":"G Bonfante","year":"2015","unstructured":"Bonfante G, Fernandez J, Marion J-Y, et al. Codisasm: medium scale concatic disassembly of self-modifying binaries with overlapping instructions. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York: Association for Computing Machinery, 2015. 745\u2013756"},{"key":"3567_CR6","doi-asserted-by":"publisher","first-page":"139103","DOI":"10.1007\/s11432-018-9615-8","volume":"63","author":"Z T Li","year":"2020","unstructured":"Li Z T, Li W L, Lin F Y, et al. Hybrid malware detection approach with feedback-directed machine learning. Sci China Inf Sci, 2020, 63: 139103","journal-title":"Sci China Inf Sci"},{"key":"3567_CR7","unstructured":"Wingfield T. Fileless Malware Execution With Powershell is Easier Than You May Realize. McAfee Technical Report, 2017. [2021-12-16]. https:\/\/www.mcafee.com\/enterprise\/en-us\/assets\/solution-briefs\/sb-fileless-malware-execution.pdf"},{"key":"3567_CR8","unstructured":"GOODIN D. A rash of invisible, fileless malware is infecting banks around the globe. ARS Technica, 2017. [2021-12-16]. https:\/\/arstechnica.com\/information-technology\/2017\/02\/a-rash-of-invisible-fileless-malware-is-infecting-banks-around-the-globe\/?comments=1&post=32786675"},{"key":"3567_CR9","unstructured":"Larry. The 2017 State of Endpoint Security Risk Report. Ponemon Institute Technical Report, 2017. [2021-12-16]. https:\/\/cdn2.hubspot.net\/hubfs\/468115\/Campaigns\/2017-Ponemon-Report\/2017-ponemon-report-key-findings.pdf"},{"key":"3567_CR10","unstructured":"MITRE. Process hollowing. 2020. [2021-12-16]. https:\/\/attack.mitre.org\/techniques\/T1093\/"},{"key":"3567_CR11","unstructured":"GREAT. The mystery of the encrypted Gauss payload. 2012. [2021-12-16]. https:\/\/securelist.com\/the-mysteryof-the-encrypted-gauss-payload-5\/33561\/"},{"key":"3567_CR12","unstructured":"Ishimaru S. Why corrupted (?) samples in recent APT? 2016. [2021-12-16]. https:\/\/hitcon.org\/2016\/pacific\/0composition\/pdf\/1201\/1201"},{"key":"3567_CR13","unstructured":"Kirat D, Jang J, Stoecklin M P. DeepLocker \u2014 concealing targeted attacks with AI locksmithing. In: Proceedings of the Black Hat Conference, Las Vegas, 2018. 1\u201329"},{"key":"3567_CR14","unstructured":"MITRE. MITRE ATT&CK \u2014 Software. 2015. [2021-12-16]. https:\/\/attack.mitre.org\/software\/"},{"key":"3567_CR15","unstructured":"Strom B E, Applebaum A, Miller D P, et al. MITRE ATT&CK: Design and Philosophy. Technical Report. 2018"},{"key":"3567_CR16","unstructured":"Martin Lockheed. The cyber kill chain. 2011. [2021-12-16]. https:\/\/www.lockheedmartin.com\/en-us\/capabilities\/cyber\/cyber-kill-chain.html"},{"key":"3567_CR17","first-page":"438","volume-title":"Technical aspects of cyber kill chain","author":"T Yadav","year":"2015","unstructured":"Yadav T, Rao A M. Technical aspects of cyber kill chain. In: Proceedings of the 3rd International Symposium on Security in Computing and Communication. Cham: Springer, 2015. 438\u2013452"},{"key":"3567_CR18","unstructured":"NSA. NSA\/CSS technical cyber threat framework V2. National Security Agency Cybersecurity Report, 2018. [2021-12-16]. https:\/\/media.defense.gov\/2019\/Jul\/16\/2002158108\/-1\/-1\/0\/CTR_NSA-CSS-TECHNICAL-CYBER-THREAT-FRAMEWORK_V2.PDF"},{"key":"3567_CR19","unstructured":"Moran N, Bennett J T. Supply Chain Analysis: From Quartermaster to Sunshop. FireEye Technical Report, 2013"},{"key":"3567_CR20","doi-asserted-by":"publisher","first-page":"7","DOI":"10.1109\/MSEC.2021.3051235","volume":"19","author":"S Peisert","year":"2021","unstructured":"Peisert S, Schneier B, Okhravi H, et al. Perspectives on the SolarWinds Incident. IEEE Secur Privacy, 2021, 19: 7\u201313","journal-title":"IEEE Secur Privacy"},{"key":"3567_CR21","doi-asserted-by":"publisher","unstructured":"Oxford Analytica. Kaseya ransomware attack underlines supply chain risks. Emerald Expert Briefings, 2021. doi: https:\/\/doi.org\/10.1108\/oxan-es262642","DOI":"10.1108\/oxan-es262642"},{"key":"3567_CR22","unstructured":"Engelberg J. Bash Uploader Security Update. Technical Report, 2021. [2021-12-16]. https:\/\/about.codecov.io\/security-update\/"},{"key":"3567_CR23","first-page":"273","volume-title":"Building a dynamic reputation system for DNS","author":"M Antonakakis","year":"2010","unstructured":"Antonakakis M, Perdisci R, Dagon D, et al. Building a dynamic reputation system for DNS. In: Proceedings of the 19th USENIX Security Symposium. Berkeley: USENIX Association, 2010. 273\u2013290"},{"key":"3567_CR24","first-page":"203","volume-title":"Anomalous payload-based network intrusion detection","author":"K Wang","year":"2004","unstructured":"Wang K, Stolfo S J. Anomalous payload-based network intrusion detection. In: Proceedings of the International Workshop on Recent Advances in Intrusion Detection. Berlin: Springer, 2004. 203\u2013222"},{"key":"3567_CR25","unstructured":"Zauner C. Implementation and benchmarking of perceptual image hash functions. Computer Science, 2010. [2021-12-16]. https:\/\/www.phash.org\/docs\/pubs\/thesis_zauner.pdf"},{"key":"3567_CR26","doi-asserted-by":"publisher","first-page":"3173","DOI":"10.1007\/s13369-018-3454-1","volume":"44","author":"F \u00d6zyurt","year":"2019","unstructured":"\u00d6zyurt F, Tuncer T, Avci E, et al. A novel liver image classification method using perceptual hash-based convolutional neural network. Arab J Sci Eng, 2019, 44: 3173\u20133182","journal-title":"Arab J Sci Eng"},{"key":"3567_CR27","unstructured":"Google. Google images. [2021-12-16]. https:\/\/www.google.com\/imghp?hl=en"},{"key":"3567_CR28","first-page":"3730","volume-title":"Deep learning face attributes in the wild","author":"Z Liu","year":"2015","unstructured":"Liu Z, Luo P, Wang X, et al. Deep learning face attributes in the wild. In: Proceedings of the IEEE International Conference on Computer Vision. Washington: IEEE Computer Society, 2015. 3730\u20133738"},{"key":"3567_CR29","first-page":"343","volume-title":"A data-driven approach to cleaning large face datasets","author":"H-W Ng","year":"2014","unstructured":"Ng H-W, Winkler S. A data-driven approach to cleaning large face datasets. In: Proceedings of 2014 IEEE International Conference on Image Processing (ICIP). Washington: IEEE Computer Society, 2014. 343\u2013347"},{"key":"3567_CR30","unstructured":"Parkhi O M, Vedaldi A, Zisserman A. VGG face descriptor. Dataset, 2015. [2021-11-16]. https:\/\/www.robots.ox.ac.uk\/\u223cvgg\/software\/vgg_face\/"},{"key":"3567_CR31","doi-asserted-by":"publisher","first-page":"437","DOI":"10.1007\/s11263-012-0549-0","volume":"101","author":"G Fanelli","year":"2013","unstructured":"Fanelli G, Dantone M, Gall J, et al. Random forests for real time 3D face analysis. Int J Comput Vis, 2013, 101: 437\u2013458","journal-title":"Int J Comput Vis"},{"key":"3567_CR32","first-page":"529","volume-title":"Face recognition in unconstrained videos with matched background similarity","author":"L Wolf","year":"2011","unstructured":"Wolf L, Hassner T, Maoz I. Face recognition in unconstrained videos with matched background similarity. In: Proceedings of the IEEE Computer Vision and Pattern Recognition (CVPR). Washington: IEEE Computer Society, 2011. 529\u2013534"},{"key":"3567_CR33","first-page":"365","volume-title":"Attribute and simile classifiers for face verification","author":"N Kumar","year":"2009","unstructured":"Kumar N, Berg A C, Belhumeur P N, et al. Attribute and simile classifiers for face verification. In: Proceedings of IEEE 12th International Conference on Computer Vision. Washington: IEEE Computer Society, 2009. 365\u2013372"},{"key":"3567_CR34","unstructured":"Huang G B, Mattar M, Berg T, et al. Labeled faces in the wild: a database for studying face recognition in unconstrained environments. In: Proceedings of International Workshop on Faces in Real-Life Images: Detection, Alignment, and Recognition, 2008. 1\u201317"},{"key":"3567_CR35","doi-asserted-by":"publisher","first-page":"6","DOI":"10.1016\/S1353-4858(19)30071-6","volume":"2019","author":"SophosLabs Research Team","year":"2019","unstructured":"SophosLabs Research Team. Emotet exposed: looking inside highly destructive malware. Network Secur, 2019, 2019: 6\u201311","journal-title":"Network Secur"},{"key":"3567_CR36","unstructured":"Ramos E. Analysis: Ursnif-Spying on Your Data Since 2007. Technical Report, 2016. [2021-12-16]. https:\/\/www.gdatasoftware.com\/blog\/2016\/11\/29325-analysis-ursnif-spying-on-your-data-since-2007"},{"key":"3567_CR37","unstructured":"Holland A. Spot the difference: tracking malware campaigns using visually similar images. 2019. [2021-12-16]. https:\/\/threatresearch.ext.hp.com\/spot-the-difference-trackingmalware-campaigns-using-visually-similar-images\/"},{"key":"3567_CR38","unstructured":"Google. VirusTotal. 2007. [2021-12-16]. https:\/\/www.virustotal.com\/"},{"key":"3567_CR39","unstructured":"ThreatBook. Threatbook cloud sandbox. 2015. [2021-12-16]. https:\/\/s.threatbook.cn\/"},{"key":"3567_CR40","unstructured":"Shalev S. theZoo \u2014 a live malware repository. 2014. [2021-12-16]. https:\/\/github.com\/ytisf\/theZoo"},{"key":"3567_CR41","unstructured":"OPSWAT. Metadefender cloud. 2002. [2021-12-16]. https:\/\/metadefender.opswat.com\/"},{"key":"3567_CR42","doi-asserted-by":"publisher","first-page":"179105","DOI":"10.1007\/s11432-019-2774-4","volume":"65","author":"Y He","year":"2022","unstructured":"He Y, Inglut E, Luo C J. Malware incident response (IR) informed by cyber threat intelligence (CTI). Sci China Inf Sci, 2022, 65: 179105","journal-title":"Sci China Inf Sci"},{"key":"3567_CR43","first-page":"1332","volume-title":"Intriguing properties of adversarial ML attacks in the problem space","author":"F Pierazzi","year":"2020","unstructured":"Pierazzi F, Pendlebury F, Cortellazzi J, et al. Intriguing properties of adversarial ML attacks in the problem space. In: Proceedings of 2020 IEEE Symposium on Security and Privacy (SP). Los Alamitos: IEEE COMPUTER SOC, 2020. 1332\u20131349"},{"key":"3567_CR44","first-page":"3218","volume-title":"Structural attack against graph based android malware detection","author":"K Zhao","year":"2021","unstructured":"Zhao K, Zhou H, Zhu Y-L, et al. Structural attack against graph based android malware detection. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. New York: Association for Computing Machinery, 2021. 3218\u20133235"},{"key":"3567_CR45","first-page":"1","volume-title":"Impeding malware analysis using conditional code obfuscation","author":"M I Sharif","year":"2008","unstructured":"Sharif M I, Lanzi A, Giffin J T, et al. Impeding malware analysis using conditional code obfuscation. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS). San Diego: The Internet Society, 2008. 1\u201313"},{"key":"3567_CR46","first-page":"1","volume-title":"D-TIME: distributed threadless independent malware execution for runtime obfuscation","author":"J Pavithran","year":"2019","unstructured":"Pavithran J, Patnaik M, Rebeiro C. D-TIME: distributed threadless independent malware execution for runtime obfuscation. In: Proceedings of the 13th USENIX Workshop on Offensive Technologies (WOOT 19). Berkeley: USENIX Association, 2019. 1\u201314"},{"key":"3567_CR47","first-page":"1641","volume-title":"Happer: unpacking Android apps via a hardware-assisted approach","author":"L Xue","year":"2021","unstructured":"Xue L, Zhou H, Luo X-P, et al. Happer: unpacking Android apps via a hardware-assisted approach. In: Proceedings of 2021 IEEE Symposium on Security and Privacy (SP). Los Alamitos: IEEE Computer Soc, 2021. 1641\u20131658"}],"container-title":["Science China Information Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11432-021-3567-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11432-021-3567-y\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11432-021-3567-y.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,19]],"date-time":"2024-05-19T20:27:42Z","timestamp":1716150462000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11432-021-3567-y"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,27]]},"references-count":47,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2023,4]]}},"alternative-id":["3567"],"URL":"https:\/\/doi.org\/10.1007\/s11432-021-3567-y","relation":{},"ISSN":["1674-733X","1869-1919"],"issn-type":[{"value":"1674-733X","type":"print"},{"value":"1869-1919","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,3,27]]},"assertion":[{"value":"21 December 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 May 2022","order":2,"name":"revised","label":"Revised","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 August 2022","order":3,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 March 2023","order":4,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"142104"}}