{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T04:02:03Z","timestamp":1771560123310,"version":"3.50.1"},"reference-count":49,"publisher":"Springer Science and Business Media LLC","issue":"10","license":[{"start":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T00:00:00Z","timestamp":1771545600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T00:00:00Z","timestamp":1771545600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Front. Comput. Sci."],"published-print":{"date-parts":[[2026,10]]},"DOI":"10.1007\/s11704-025-50357-5","type":"journal-article","created":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T03:09:29Z","timestamp":1771556969000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A unified evaluation framework for cryptographic algorithm identification tools in IoT firmware"],"prefix":"10.1007","volume":"20","author":[{"given":"Yi-Fei","family":"Li","sequence":"first","affiliation":[]},{"given":"Xiao-Yang","family":"Zhou","sequence":"additional","affiliation":[]},{"given":"Jie-Wei","family":"Du","sequence":"additional","affiliation":[]},{"given":"Cheng-Yu","family":"Hu","sequence":"additional","affiliation":[]},{"given":"Jin","family":"Shi","sequence":"additional","affiliation":[]},{"given":"Shan-Qing","family":"Guo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,20]]},"reference":[{"key":"50357_CR1","first-page":"151","volume-title":"Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses","author":"L Zhang","year":"2019","unstructured":"Zhang L, Chen J, Diao W, Guo S, Weng J, Zhang K. CryptoREX: large-scale analysis of cryptographic misuse in IoT devices. In: Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses. 2019, 151\u2013164"},{"key":"50357_CR2","doi-asserted-by":"publisher","first-page":"103088","DOI":"10.1016\/j.jisa.2021.103088","volume":"65","author":"X Li","year":"2022","unstructured":"Li X, Chang Y, Ye G, Gong X, Tang Z. GENDA: a graph embedded network based detection approach on encryption algorithm of binary program. Journal of Information Security and Applications, 2022, 65: 103088","journal-title":"Journal of Information Security and Applications"},{"key":"50357_CR3","first-page":"309","volume-title":"Proceedings of the 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment","author":"L Massarelli","year":"2019","unstructured":"Massarelli L, Di Luna G A, Petroni F, Baldoni R, Querzoni L. SAFE: self-attentive function embeddings for binary similarity. In: Proceedings of the 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. 2019, 309\u2013329"},{"key":"50357_CR4","first-page":"2","volume-title":"Proceedings of the 13th International Conference on Availability, Reliability and Security","author":"A Aigner","year":"2018","unstructured":"Aigner A. FALKE-MC: a neural network based approach to locate cryptographic functions in machine code. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. 2018, 2"},{"key":"50357_CR5","first-page":"1880","volume-title":"Proceedings of the 4th International Conference on Sustainable Expert Systems","author":"K Radhika","year":"2024","unstructured":"Radhika K, Verma S, Sathya R, Kathirvel T, Vishnu K H, Rajan N M. AI powered crypt-analysis for identification of encryption algorithm. In: Proceedings of the 4th International Conference on Sustainable Expert Systems. 2024, 1880\u20131884"},{"key":"50357_CR6","doi-asserted-by":"publisher","first-page":"203","DOI":"10.1145\/2714576.2714639","volume-title":"Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security","author":"P Lestringant","year":"2015","unstructured":"Lestringant P, Guih\u00e9ry F, Fouque P A. Automated identification of cryptographic primitives in binary code with data flow graph isomorphism. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security. 2015, 203\u2013214"},{"key":"50357_CR7","first-page":"555","volume-title":"Proceedings of the 30th USENIX Security Symposium","author":"C Meijer","year":"2021","unstructured":"Meijer C, Moonsamy V, Wetzels J. Where\u2019s crypto?: automated identification and classification of proprietary cryptographic primitives in binary code. In: Proceedings of the 30th USENIX Security Symposium. 2021, 555\u2013572"},{"key":"50357_CR8","unstructured":"danielplohmann. danielplohmann\/IDAscope: an IDA Pro extension for easier (malware) reverse engineering. See Github.com\/danielplohmann\/idascope website, 2024"},{"key":"50357_CR9","first-page":"169","volume-title":"Proceedings of the 19th ACM conference on Computer and Communications Security","author":"J Calvet","year":"2012","unstructured":"Calvet J, Fernandez J M, and Marion J Y. Aligot: cryptographic function identification in obfuscated binary programs. In: Proceedings of the 19th ACM conference on Computer and Communications Security. 2012, 169\u2013182"},{"key":"50357_CR10","doi-asserted-by":"publisher","first-page":"102512","DOI":"10.1016\/j.cose.2021.102512","volume":"112","author":"S Lee","year":"2022","unstructured":"Lee S, Jho N S, Chung D, Kang Y, Kim M. Rcryptect: real-time detection of cryptographic function in the user-space filesystem. Computers & Security, 2022, 112: 102512","journal-title":"Computers & Security"},{"key":"50357_CR11","first-page":"46","volume-title":"Proceedings of the 7th International Conference on Malicious and Unwanted Software","author":"F Matenaar","year":"2012","unstructured":"Matenaar F, Wichmann A, Leder F, Gerhards-Padilla E. CIS: the crypto intelligence system for automatic detection and localization of cryptographic functions in current malware. In: Proceedings of the 7th International Conference on Malicious and Unwanted Software. 2012, 46\u201353"},{"key":"50357_CR12","doi-asserted-by":"publisher","first-page":"182","DOI":"10.1007\/978-3-642-24861-0_13","volume-title":"Proceedings of the 14th International Conference on Information Security","author":"R Zhao","year":"2011","unstructured":"Zhao R, Gu D, Li J, Yu R. Detection and analysis of cryptographic data inside software. In: Proceedings of the 14th International Conference on Information Security. 2011, 182\u2013196"},{"key":"50357_CR13","first-page":"1","volume-title":"Proceedings of IEEE Conference on Dependable and Secure Computing","author":"W C Chao","year":"2021","unstructured":"Chao W C, Chen C K, Cheng C M. Cryfind: using static analysis to identify cryptographic algorithms in binary executables. In: Proceedings of IEEE Conference on Dependable and Secure Computing. 2021, 1\u20132"},{"key":"50357_CR14","unstructured":"x3chun. x3chun\u2019s Crypto Searcher. See Reversing.gr\/viewtopic.php?t=29 website, 2024"},{"key":"50357_CR15","unstructured":"nihilus. IDA Signsrch. See Github.com\/nihilus\/IDA_Signsrch website, 2024"},{"key":"50357_CR16","unstructured":"Aikar. SigScan. See Aikar.github.io\/SigScan\/ website, 2024"},{"key":"50357_CR17","unstructured":"fwhacking. fwhacking\/bfcrypt: crypto scanner. See Github.com\/fwhacking\/bfcrypt website, 2024"},{"key":"50357_CR18","unstructured":"Literatecode Inc. Draft crypto analyzer. See Literatecode.com\/draca website, 2024"},{"key":"50357_CR19","unstructured":"Polymorf. findcrypt-yara. See Github.com\/polymorf\/findcrypt-yara website, 2024"},{"key":"50357_CR20","unstructured":"Prednaska. KANAL - Krypto analyzer for PEiD. See Dcs.fmph.uniba.sk\/zri\/6.prednaska\/tools\/PEiD\/plugins\/kanal website, 2024"},{"key":"50357_CR21","unstructured":"National Security Agency. Ghidra software reverse engineering framework. See Github.com\/NationalSecurityAgency\/ghidra website, 2024"},{"key":"50357_CR22","unstructured":"Hex-rays. IDA Pro. See Hex-rays.com\/ida-pro website, 2024"},{"key":"50357_CR23","unstructured":"Bngroup. BinaryNinja. See Binary.ninja\/ website, 2024"},{"key":"50357_CR24","unstructured":"Flask. Welcome to Flask \u2014 Flask documentation. See Flask.palletsprojects.com\/en\/stable\/ website, 2024"},{"key":"50357_CR25","unstructured":"Team Docker. Docker: accelerated container application development. See Docker.com\/ website, 2024"},{"key":"50357_CR26","unstructured":"Cryptlib. Cryptlib - encryption security software development toolkit. See Cryptlib.com\/ website, 2024"},{"key":"50357_CR27","unstructured":"OpenSSLWiki. Libcrypto API. See Wiki.openssl.org\/index.php\/Libcrypto_API website, 2024"},{"key":"50357_CR28","unstructured":"Free Standards Group. Interfaces for libcrypt. See Refspecs.linuxfoundation.org\/LSB_5.0.0\/LSB-Core-AMD64\/LSB-Core-AMD64\/libcrypt website, 2024"},{"key":"50357_CR29","unstructured":"Team Nettle. Nettle- a low-level cryptographic library. See www.lysator.liu.se\/\u223cnisse\/nettle\/ website, 2024"},{"key":"50357_CR30","unstructured":"Team LibTom. LibTom. See Libtom.net\/LibTomCrypt\/ website, 2024"},{"key":"50357_CR31","unstructured":"GnuPG Project. Index. See Gnupg.org\/software\/libgcrypt\/index website, 2024"},{"key":"50357_CR32","unstructured":"wolfSSL Inc. wolfSSL\u2013embedded SSL\/TLS library. See Wolfssl.com\/ website, 2024"},{"key":"50357_CR33","unstructured":"ITh4cker. ITh4cker\/CryptGrep. See Github.com\/ITh4cker\/Crypt-Grep website, 2024"},{"key":"50357_CR34","unstructured":"felixgr. felixgr\/kerckhoffs: automatic identification of cryptographic primitives in software. See Github.com\/felixgr\/kerckhoffs website, 2024"},{"key":"50357_CR35","unstructured":"sceners. sceners\/snd-reverser- tool: SND reverser tool. See Github.com\/sceners\/snd-reverser-tool website, 2024"},{"key":"50357_CR36","unstructured":"Loki. Snd crypto scanner. See Bbs.kanxue.com\/thread-61271 website, 2024"},{"key":"50357_CR37","unstructured":"decalage2. Balbuzard: malware analysis tools. See Github.com\/decalage2\/balbuzard website, 2024"},{"key":"50357_CR38","first-page":"621","volume-title":"Proceedings of the 16th ACM Conference on Computer and Communications Security","author":"J Caballero","year":"2009","unstructured":"Caballero J, Poosankam P, Kreibich C, Song D. Dispatcher: enabling active botnet infiltration using automatic protocol reverseengineering. In: Proceedings of the 16th ACM Conference on Computer and Communications Security. 2009, 621\u2013634"},{"key":"50357_CR39","doi-asserted-by":"publisher","first-page":"921","DOI":"10.1109\/SP.2017.56","volume-title":"Proceedings of 2017 IEEE Symposium on Security and Privacy","author":"D Xu","year":"2017","unstructured":"Xu D, Ming J, Wu D. Cryptographic function detection in obfuscated binaries via bit-precise symbolic loop mapping. In: Proceedings of 2017 IEEE Symposium on Security and Privacy. 2017, 921\u2013937"},{"key":"50357_CR40","first-page":"41","volume-title":"Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection","author":"F Gr\u00f6bert","year":"2011","unstructured":"Gr\u00f6bert F, Willems C, Holz T. Automated identification of cryptographic primitives in binary programs. In: Proceedings of the 14th International Symposium on Recent Advances in Intrusion Detection. 2011, 41\u201360"},{"key":"50357_CR41","first-page":"1228","volume-title":"Proceedings of the 20th IEEE India Council International Conference","author":"S Ithape","year":"2023","unstructured":"Ithape S, B R P. Identification of encryption method for block ciphers using machine learning methods. In: Proceedings of the 20th IEEE India Council International Conference. 2023, 1228\u20131233"},{"key":"50357_CR42","first-page":"793","volume-title":"Proceedings of the 9th International Conference on Computer and Communications","author":"Y Guo","year":"2023","unstructured":"Guo Y, Dong H, Bian Y, Xu G. A binary cryptographic algorithm identification method based on complementary features. In: Proceedings of the 9th International Conference on Computer and Communications. 2023, 793\u2013797"},{"issue":"7","key":"50357_CR43","doi-asserted-by":"publisher","first-page":"705","DOI":"10.3390\/math9070705","volume":"9","author":"H Kim","year":"2021","unstructured":"Kim H, Park J, Kwon H, Jang K, Seo H. Convolutional neural network-based cryptography ransomware detection for low-end embedded processors. Mathematics, 2021, 9(7): 705","journal-title":"Mathematics"},{"key":"50357_CR44","doi-asserted-by":"publisher","first-page":"23506","DOI":"10.1109\/ACCESS.2020.2966860","volume":"8","author":"L Jia","year":"2020","unstructured":"Jia L, Zhou A, Jia P, Liu L, Wang Y, Liu L. A neural network-based approach for cryptographic function detection in malware. IEEE Access, 2020, 8: 23506\u201323521","journal-title":"IEEE Access"},{"key":"50357_CR45","unstructured":"Hill G D, Bellekens X J A. Deep learning based cryptographic primitive classification. 2017, arXiv preprint arXiv: 1709.08385"},{"issue":"1","key":"50357_CR46","doi-asserted-by":"publisher","first-page":"3","DOI":"10.17648\/enig.v3i1.55","volume":"3","author":"F Barbosa","year":"2016","unstructured":"Barbosa F, Vidal A, Mello F. Machine learning for cryptographic algorithm identification. Journal of Information Security and Cryptography (Enigma), 2016, 3(1): 3\u20138","journal-title":"Journal of Information Security and Cryptography (Enigma)"},{"issue":"11","key":"50357_CR47","doi-asserted-by":"publisher","first-page":"4585","DOI":"10.1109\/TLA.2016.7795833","volume":"14","author":"F L de Mello","year":"2016","unstructured":"de Mello F L, Xexeo J A M. Cryptographic algorithm identification using machine learning and massive processing. IEEE Latin America Transactions, 2016, 14(11): 4585\u20134590","journal-title":"IEEE Latin America Transactions"},{"key":"50357_CR48","unstructured":"Hosfelt D D. Automated detection and classification of cryptographic algorithms in binary programs through machine learning. 2015, arXiv preprint arXiv: 1503.01186"},{"key":"50357_CR49","unstructured":"Samba Inc. Samba - opening windows to a wider world. See Samba.org\/ website, 2024"}],"container-title":["Frontiers of Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11704-025-50357-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s11704-025-50357-5","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s11704-025-50357-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T03:09:34Z","timestamp":1771556974000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s11704-025-50357-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,20]]},"references-count":49,"journal-issue":{"issue":"10","published-print":{"date-parts":[[2026,10]]}},"alternative-id":["50357"],"URL":"https:\/\/doi.org\/10.1007\/s11704-025-50357-5","relation":{},"ISSN":["2095-2228","2095-2236"],"issn-type":[{"value":"2095-2228","type":"print"},{"value":"2095-2236","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,20]]},"assertion":[{"value":"21 March 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 June 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"20 February 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare that they have no competing interests or financial conflicts to disclose.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"2010810"}}