{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,22]],"date-time":"2026-03-22T05:35:20Z","timestamp":1774157720870,"version":"3.50.1"},"reference-count":56,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"12","license":[{"start":{"date-parts":[[2015,12,1]],"date-time":"2015-12-01T00:00:00Z","timestamp":1448928000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2015,12]]},"DOI":"10.1109\/tifs.2015.2469253","type":"journal-article","created":{"date-parts":[[2015,8,17]],"date-time":"2015-08-17T18:22:10Z","timestamp":1439835730000},"page":"2591-2604","source":"Crossref","is-referenced-by-count":95,"title":["Employing Program Semantics for Malware Detection"],"prefix":"10.1109","volume":"10","author":[{"given":"Smita","family":"Naval","sequence":"first","affiliation":[]},{"given":"Vijay","family":"Laxmi","sequence":"additional","affiliation":[]},{"given":"Muttukrishnan","family":"Rajarajan","sequence":"additional","affiliation":[]},{"given":"Manoj Singh","family":"Gaur","sequence":"additional","affiliation":[]},{"given":"Mauro","family":"Conti","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/1165389.945462"},{"key":"ref38","doi-asserted-by":"crossref","first-page":"832","DOI":"10.1109\/34.709601","article-title":"The random subspace method for constructing decision forests","volume":"20","author":"ho","year":"1998","journal-title":"IEEE Trans Pattern Anal Mach Intell"},{"key":"ref33","author":"norris","year":"1998","journal-title":"Markov Chains"},{"key":"ref32","author":"jurczyk","year":"2014","journal-title":"Windows WIN32K SYS System Call Table"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1007\/s10703-012-0149-1"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-011-0152-x"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2008.4587630"},{"key":"ref35","first-page":"299","article-title":"The branching factor of regular search spaces","author":"edelkamp","year":"1998","journal-title":"Proc 15th Nat \/10th Conf Artif Intell \/Innov Appl Artif Intell (AAAI\/IAAI)"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/2514.2515"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"ref27","author":"shannon","year":"1963","journal-title":"The Mathematical Theory of Communication"},{"key":"ref29","doi-asserted-by":"crossref","DOI":"10.1145\/1972551.1972554","article-title":"nEther: In-guest detection of out-of-the-guest malware analyzers","author":"p\u00e9k","year":"2011","journal-title":"Proceedings of the 4th ACM European Workshop on System Security (EUROSEC)"},{"key":"ref2","year":"2014","journal-title":"AV-Test Malware Statistics"},{"key":"ref1","first-page":"637","article-title":"Revolver: An automated approach to the detection of evasive Web-based malware","author":"kapravelos","year":"2013","journal-title":"Proc 22nd USENIX Conf Secur (SEC)"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2012.10.004"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1016\/j.csda.2008.01.028"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2013.07.006"},{"key":"ref24","doi-asserted-by":"crossref","first-page":"338","DOI":"10.1007\/978-3-642-23644-0_18","article-title":"Detecting environment-sensitive malware","volume":"6961","author":"lindorfer","year":"2011","journal-title":"Proc 5th Int Conf Recent Advances in Intrusion Detection (RAID)"},{"key":"ref23","first-page":"1","article-title":"Efficient detection of split personalities in malware","author":"balzarotti","year":"2010","journal-title":"Proc Int Conf Netw Distrib Syst Secur Symp (NDSS)"},{"key":"ref26","first-page":"183","article-title":"Detecting targeted smartphone malware with behavior-triggering stochastic models","volume":"8712","author":"suarez-tangil","year":"2014","journal-title":"Proc European Symp Research in Computer Security (ESORICS)"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-17016-9_11"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-10518-5_16"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866353"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1109\/ICPADS.2011.17"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/2379690.2379695"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/VIZSEC.2009.5375539"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/VIZSEC.2009.5375540"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37300-8_7"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1016\/j.mcm.2013.03.008"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.09.006"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1016\/S1361-3723(13)70072-1"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1127345.1127348"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-011-0157-5"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08509-8_13"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/948109.948146"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-06320-1_7"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2011.6112320"},{"key":"ref18","author":"cover","year":"2006","journal-title":"Elements of Information Theory"},{"key":"ref19","doi-asserted-by":"crossref","first-page":"95","DOI":"10.3233\/FI-2011-530","article-title":"Typical paths of a graph","volume":"110","author":"cui","year":"2011","journal-title":"Fundam Inf"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.2002.806137"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1002\/sec.528"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2013.2291066"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2013.6703695"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.11"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.20"},{"key":"ref49","year":"2015","journal-title":"Graph Library"},{"key":"ref9","first-page":"29","article-title":"JACKSTRAWS: Picking command and control connections from bot traffic","author":"jacob","year":"2011","journal-title":"Proc 20th USENIX Conf Security"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/321921.321925"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2005.10.010"},{"key":"ref48","year":"2015","journal-title":"Kernel Object"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45028-9_21"},{"key":"ref42","doi-asserted-by":"crossref","first-page":"108","DOI":"10.1007\/978-3-540-70542-0_6","article-title":"Learning and classification of malware behavior","author":"rieck","year":"2008","journal-title":"Proc Int'l Conf Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA)"},{"key":"ref41","year":"2015","journal-title":"File Types Statistics"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-010-0142-4"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/INNOVATIONS.2012.6207739"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/7277179\/07206585.pdf?arnumber=7206585","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,20]],"date-time":"2022-05-20T14:55:53Z","timestamp":1653058553000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7206585\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,12]]},"references-count":56,"journal-issue":{"issue":"12"},"URL":"https:\/\/doi.org\/10.1109\/tifs.2015.2469253","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,12]]}}}