{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,19]],"date-time":"2025-12-19T21:42:06Z","timestamp":1766180526861},"reference-count":32,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2013,9,1]],"date-time":"2013-09-01T00:00:00Z","timestamp":1377993600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Systems Journal"],"published-print":{"date-parts":[[2013,9]]},"DOI":"10.1109\/jsyst.2012.2221913","type":"journal-article","created":{"date-parts":[[2012,11,30]],"date-time":"2012-11-30T19:02:31Z","timestamp":1354302151000},"page":"467-477","source":"Crossref","is-referenced-by-count":14,"title":["Malware Target Recognition of Unknown Threats"],"prefix":"10.1109","volume":"7","author":[{"given":"Thomas E.","family":"Dube","sequence":"first","affiliation":[]},{"given":"Richard A.","family":"Raines","sequence":"additional","affiliation":[]},{"given":"Michael R.","family":"Grimaila","sequence":"additional","affiliation":[]},{"given":"Kenneth W.","family":"Bauer","sequence":"additional","affiliation":[]},{"given":"Steven K.","family":"Rogers","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref32","year":"2010","journal-title":"Virus Collection"},{"key":"ref31","year":"2009","journal-title":"Microsoft Portable Executable and Common Object File Format Specification"},{"key":"ref30","year":"2010","journal-title":"TreeBagger"},{"key":"ref10","year":"2009","journal-title":"Norman Sandbox"},{"key":"ref11","year":"2009","journal-title":"Sunbelt CWSandbox"},{"key":"ref12","year":"2009","journal-title":"Automated Threat Analysis"},{"key":"ref13","doi-asserted-by":"crossref","first-page":"178","DOI":"10.1007\/978-3-540-74320-0_10","article-title":"Automated classification and analysis of Internet malware","author":"bailey","year":"2007","journal-title":"Proc 5th Int Symp Recent Advances in Intrusion Detection"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1287624.1287628"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"ref16","first-page":"159","article-title":"Behavioral classification","author":"lee","year":"2006","journal-title":"Proc EIC"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.21"},{"key":"ref18","first-page":"1","article-title":"Understanding heuristics: Symantec's bloodhound technology","volume":"xxxiv","year":"1997","journal-title":"White Paper Series"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.09.002"},{"key":"ref28","author":"collberg","year":"1997","journal-title":"A Taxonomy of Obfuscating Transformations"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-011-0132-7"},{"key":"ref27","first-page":"169","article-title":"Static analysis of executables to detect malicious patterns","author":"christodorescu","year":"2003","journal-title":"Proc 12th USENIX Security Symp"},{"key":"ref3","author":"szor","year":"2005","journal-title":"The Art of Computer Virus Research and Defense"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2006.4"},{"key":"ref5","first-page":"41","article-title":"$N$<\/tex><\/formula>-gram-based detection of new malicious code","author":"abou-assaleh","year":"2004","journal-title":"Proc 28th Ann Int Comput Softw Appl Conf"},{"key":"ref29","year":"2006","journal-title":"Department of Defense (DOD) Information Operations Condition (INFOCON) System Procedures"},{"key":"ref8","first-page":"2721","article-title":"Learning to detect and classify malicious executables in the wild","volume":"7","author":"kolter","year":"2006","journal-title":"J Mach Learning Res"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1145\/1014052.1014105"},{"key":"ref2","first-page":"20","article-title":"What APT is (and what it isn't)","volume":"12","author":"bejtlich","year":"2010","journal-title":"Info Security"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"ref1","doi-asserted-by":"crossref","first-page":"34","DOI":"10.1145\/1013886.1007518","article-title":"Testing malware detectors","author":"christodorescu","year":"2004","journal-title":"Proc ACM SIGSOFT Int Symp Softw Testing Analysis"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/1108768.1108814"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/ISI.2009.5137328"},{"key":"ref21","first-page":"9","article-title":"Improving heuristics","author":"rafiq","year":"2008","journal-title":"Virus Bull"},{"key":"ref24","first-page":"51","article-title":"Automatically generated Win32 heuristic virus detection","author":"arnold","year":"2000","journal-title":"Virus Bulletin Conf"},{"key":"ref23","first-page":"178","article-title":"Automatic extraction of computer virus signatures","author":"kephart","year":"1994","journal-title":"Proc 4th Virus Bull Int Conf"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/B978-1-55860-377-6.50023-2"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/64.511768"}],"container-title":["IEEE Systems Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/4267003\/6553371\/06365737.pdf?arnumber=6365737","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,11,29]],"date-time":"2021-11-29T20:28:13Z","timestamp":1638217693000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6365737\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,9]]},"references-count":32,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/jsyst.2012.2221913","relation":{},"ISSN":["1932-8184","1937-9234"],"issn-type":[{"value":"1932-8184","type":"print"},{"value":"1937-9234","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,9]]}}}