{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,8]],"date-time":"2026-06-08T23:30:03Z","timestamp":1780961403177,"version":"3.54.1"},"reference-count":42,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1109\/seccom.2007.4550362","type":"proceedings-article","created":{"date-parts":[[2008,6,25]],"date-time":"2008-06-25T18:08:16Z","timestamp":1214417296000},"page":"412-421","source":"Crossref","is-referenced-by-count":15,"title":["Detecting worms via mining dynamic program execution"],"prefix":"10.1109","author":[{"family":"Xun Wang","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"family":"Wei Yu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Adam","family":"Champion","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"family":"Xinwen Fu","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"family":"Dong Xuan","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","article-title":"Stack-guard: Automatic adaptive detection and prevention of buffer-overflow attacks","author":"cowan","year":"1998","journal-title":"Proceedings of the 7th USENIX Security Symposium (SECURITY-98)"},{"key":"ref38","article-title":"Formalizing sensitivity in static analysis for intrusion detection","author":"feng","year":"2004","journal-title":"Proceedings of IEEE Symposium on Security and Privacy (S&P)"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/1080091.1080118"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2004.1301325"},{"key":"ref31","author":"joachims","year":"1998","journal-title":"Advances in Kernel Methods Support Vector Machines"},{"key":"ref30","author":"christian","year":"0","journal-title":"Full and Naive Bayes Classifiers"},{"key":"ref37","article-title":"Behavioral distance for intrusion detection","author":"gao","year":"1999","journal-title":"Proceedings of International Symposium on Recent Advances in Intrusion Detection (RAID'07)"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"ref35","year":"0","journal-title":"Binary Text Scan"},{"key":"ref34","article-title":"Polymorphic blending attacks","author":"perdisci","year":"2006","journal-title":"Proceedings of the 10-th USENIX Security Symposium (SECURITY)"},{"key":"ref10","doi-asserted-by":"crossref","DOI":"10.1007\/11790754_8","article-title":"Detecting self-mutating malware using control flow graph matching","author":"bruschi","year":"2006","journal-title":"Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA)"},{"key":"ref40","article-title":"A data mining framework for building intrusion detection models","author":"lee","year":"1999","journal-title":"Proceedings of the 1999 IEEE Symposium on Security and Privacy (S&P)"},{"key":"ref11","year":"0","journal-title":"Internet Storm Center"},{"key":"ref12","year":"2003","journal-title":"Advisory CA-2003–20 W32\/Blaster Worm"},{"key":"ref13","year":"0","journal-title":"On Metaphor"},{"key":"ref14","author":"ferrie","year":"0","journal-title":"Zmist opportunities Virus Bullettin"},{"key":"ref15","article-title":"Static and dynamic analysis: Synergy and duality","author":"ernst","year":"2003"},{"key":"ref16","author":"li","year":"2004","journal-title":"A Survey on Tools for Binary Code Analysis Department of Computer Science"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2003.1199328"},{"key":"ref18","author":"dunham","year":"2002","journal-title":"Data Mining Introductory and Advanced Topics"},{"key":"ref19","author":"han","year":"2006","journal-title":"Data Mining Concepts and Techniques"},{"key":"ref28","author":"vapnik","year":"1998","journal-title":"Statistical Learning Theory"},{"key":"ref4","article-title":"An effective architecture and algorithm for detecting worms with various scan techniques","author":"wu","year":"2004","journal-title":"Proceedings of the 11-th IEEE Network and Distributed System Security Symposium (NDSS)"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4757-2440-0"},{"key":"ref3","article-title":"Opportunistic measurement: Extracting insight from spurious traffic","author":"casado","year":"2005","journal-title":"Proceedings of the 4-th ACM SIGCOMM HotNets Workshop (HotNets)"},{"key":"ref6","doi-asserted-by":"crossref","DOI":"10.1145\/948109.948136","article-title":"Monitoring and early detection for internet worms","author":"zou","year":"2003","journal-title":"Proceedings of the 10-th ACM Conference on Computer and Communication Security (CCS)"},{"key":"ref29","year":"0","journal-title":"Strace for NT"},{"key":"ref5","article-title":"New streaming algorithms for superspreader detection","author":"venkataraman","year":"2005","journal-title":"Proceedings of the 12-th IEEE Network and Distributed Systems Security Symposium (NDSS)"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1014052.1014105"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SECCOMW.2006.359549"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1219056"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.2001.924286"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/637201.637244"},{"key":"ref20","year":"0"},{"key":"ref22","year":"0","journal-title":"Windows System Call Table"},{"key":"ref21","year":"0","journal-title":"Microsoft Virtual PC"},{"key":"ref42","article-title":"Fast and effective worm fingerprinting via machine learning","author":"yang","year":"2006","journal-title":"Proceedings of the 3rd IEEE International Conference on Autonomic Computing (ICAC)"},{"key":"ref24","year":"0","journal-title":"Windows “Longhorn” FAQ"},{"key":"ref41","article-title":"Analyzing behavioral features for email classification","author":"martin","year":"2003","journal-title":"Proceedings of the 2th International conference on email and anti-span (CEAS)"},{"key":"ref23","year":"2006","journal-title":"Linux System Call Table"},{"key":"ref26","author":"lee","year":"1988","journal-title":"Automatic Speech Recognition The Development of the SPHINX System"},{"key":"ref25","year":"0","journal-title":"Linux Function and Macro Index"}],"event":{"name":"2007 3rd International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007","location":"Nice, France","start":{"date-parts":[[2007,9,17]]},"end":{"date-parts":[[2007,9,21]]}},"container-title":["2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/4543879\/4550291\/04550362.pdf?arnumber=4550362","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,18]],"date-time":"2017-06-18T09:26:30Z","timestamp":1497777990000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/4550362\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007]]},"references-count":42,"URL":"https:\/\/doi.org\/10.1109\/seccom.2007.4550362","relation":{},"subject":[],"published":{"date-parts":[[2007]]}}}