{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,18]],"date-time":"2026-04-18T03:15:15Z","timestamp":1776482115717,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","license":[{"start":{"date-parts":[[2010,10,4]],"date-time":"2010-10-04T00:00:00Z","timestamp":1286150400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2010,10,4]]},"DOI":"10.1145\/1866307.1866368","type":"proceedings-article","created":{"date-parts":[[2010,10,5]],"date-time":"2010-10-05T14:38:23Z","timestamp":1286289503000},"page":"536-546","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":37,"title":["Mimimorphism"],"prefix":"10.1145","author":[{"given":"Zhenyu","family":"Wu","sequence":"first","affiliation":[{"name":"The College of William and Mary, Williamsburg, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Steven","family":"Gianvecchio","sequence":"additional","affiliation":[{"name":"The College of William and Mary, Williamsburg, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mengjun","family":"Xie","sequence":"additional","affiliation":[{"name":"The College of William and Mary, Williamsburg, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Haining","family":"Wang","sequence":"additional","affiliation":[{"name":"The College of William and Mary, Williamsburg, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2010,10,4]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Autograph: Toward automated, distributed worm signature detection,\" in Proceedings of 13th USENIX Security Symposium","author":"Kim H.-A.","year":"2004","unstructured":"}} H.-A. Kim and B. Karp , \" Autograph: Toward automated, distributed worm signature detection,\" in Proceedings of 13th USENIX Security Symposium , 2004 . }}H.-A. Kim and B. Karp, \"Autograph: Toward automated, distributed worm signature detection,\" in Proceedings of 13th USENIX Security Symposium, 2004."},{"key":"e_1_3_2_1_2_1","volume-title":"Honeycomb: creating intrusion detection signatures using honeypots,\" in Proceedings of 2nd Workshop on Hot Topics in Networks (Hotnets-II)","author":"Kreibich C.","year":"2003","unstructured":"}} C. Kreibich and J. Crowcroft , \" Honeycomb: creating intrusion detection signatures using honeypots,\" in Proceedings of 2nd Workshop on Hot Topics in Networks (Hotnets-II) , 2003 . }}C. Kreibich and J. Crowcroft, \"Honeycomb: creating intrusion detection signatures using honeypots,\" in Proceedings of 2nd Workshop on Hot Topics in Networks (Hotnets-II), 2003."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.18"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.15"},{"key":"e_1_3_2_1_5_1","volume-title":"Automated worm fingerprinting,\" in Proceedings of the 6th ACM\/USENIX Symposium on Operating System Design and Implementation (OSDI)","author":"Singh S.","year":"2004","unstructured":"}} S. Singh , C. Estan , G. Varghese , and S. Savage , \" Automated worm fingerprinting,\" in Proceedings of the 6th ACM\/USENIX Symposium on Operating System Design and Implementation (OSDI) , 2004 . }}S. Singh, C. Estan, G. Varghese, and S. Savage, \"Automated worm fingerprinting,\" in Proceedings of the 6th ACM\/USENIX Symposium on Operating System Design and Implementation (OSDI), 2004."},{"key":"e_1_3_2_1_6_1","volume-title":"The Art of Computer Virus Research and Defense","author":"Szor P.","year":"2005","unstructured":"}} P. Szor , The Art of Computer Virus Research and Defense . Symantec Press , 2005 . }}P. Szor, The Art of Computer Virus Research and Defense. Symantec Press, 2005."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_12"},{"key":"e_1_3_2_1_8_1","volume-title":"Anomalous payload-based network intrusion detection,\" in Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID)","author":"Wang K.","year":"2004","unstructured":"}} K. Wang and S. Stolfo , \" Anomalous payload-based network intrusion detection,\" in Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID) , 2004 . }}K. Wang and S. Stolfo, \"Anomalous payload-based network intrusion detection,\" in Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID), 2004."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.48"},{"key":"e_1_3_2_1_10_1","volume-title":"Static disassembly of obfuscated binaries,\" in Proceedings of the 13th USENIX Security Symposium","author":"Kruegel C.","year":"2004","unstructured":"}} C. Kruegel , W. K. Robertson , F. Valeur , and G. Vigna , \" Static disassembly of obfuscated binaries,\" in Proceedings of the 13th USENIX Security Symposium , 2004 . }}C. Kruegel, W. K. Robertson, F. Valeur, and G. Vigna, \"Static disassembly of obfuscated binaries,\" in Proceedings of the 13th USENIX Security Symposium, 2004."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/11663812_11"},{"key":"e_1_3_2_1_12_1","first-page":"411","volume-title":"MetaAware: Identifying metamorphic malware,\" in Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC)","author":"Zhang Q.","year":"2007","unstructured":"}} Q. Zhang and D. S. Reeves , \" MetaAware: Identifying metamorphic malware,\" in Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC) , 2007 , pp. 411 -- 420 . }}Q. Zhang and D. S. Reeves, \"MetaAware: Identifying metamorphic malware,\" in Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC), 2007, pp. 411--420."},{"key":"e_1_3_2_1_13_1","volume-title":"Polymorphic blending attacks,\" in Proceedings of the 15th USENIX Security Symposium","author":"Fogla P.","year":"2006","unstructured":"}} P. Fogla , M. Sharif , R. Perdisci , O. Kolesnikov , and W. Lee , \" Polymorphic blending attacks,\" in Proceedings of the 15th USENIX Security Symposium , 2006 . }}P. Fogla, M. Sharif, R. Perdisci, O. Kolesnikov, and W. Lee, \"Polymorphic blending attacks,\" in Proceedings of the 15th USENIX Security Symposium, 2006."},{"key":"e_1_3_2_1_14_1","first-page":"421","volume-title":"Limits of static analysis for malware detection,\" in Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC)","author":"Moser A.","year":"2007","unstructured":"}} A. Moser , C. Kruegel , and E. Kirda , \" Limits of static analysis for malware detection,\" in Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC) , 2007 , pp. 421 -- 430 . }}A. Moser, C. Kruegel, and E. Kirda, \"Limits of static analysis for malware detection,\" in Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC), 2007, pp. 421--430."},{"key":"e_1_3_2_1_15_1","volume-title":"Polymorphic shellcode engine using spectrum analysis,\" Phrack Issue 0x3d","author":"Detristan T.","year":"2003","unstructured":"}} T. Detristan , T. Ulenspiegel , Y. Malcom , and M. Underduk , \" Polymorphic shellcode engine using spectrum analysis,\" Phrack Issue 0x3d , 2003 . }}T. Detristan, T. Ulenspiegel, Y. Malcom, and M. Underduk, \"Polymorphic shellcode engine using spectrum analysis,\" Phrack Issue 0x3d, 2003."},{"key":"e_1_3_2_1_16_1","unstructured":"}}S. Macaulay \"Admmutate: Polymorphic shellcode engine \" http:\/\/www.ktwo.ca\/security.html  }}S. Macaulay \"Admmutate: Polymorphic shellcode engine \" http:\/\/www.ktwo.ca\/security.html"},{"key":"e_1_3_2_1_17_1","unstructured":"}}M. Khafir \"Trident polymorphic engine \" http:\/\/vx.netlux.org\/lib\/vx.php?id=et06  }}M. Khafir \"Trident polymorphic engine \" http:\/\/vx.netlux.org\/lib\/vx.php?id=et06"},{"key":"e_1_3_2_1_18_1","unstructured":"}}F. Perriot P. Ferrie and P. Szor \"Striking similarities: Win32\/simile \" http:\/\/securityresponse.symantec.com\/avcenter\/reference\/simile.pdf  }}F. Perriot P. Ferrie and P. Szor \"Striking similarities: Win32\/simile \" http:\/\/securityresponse.symantec.com\/avcenter\/reference\/simile.pdf"},{"key":"e_1_3_2_1_19_1","unstructured":"}}Z0mbie \"Automated reverse engineering: Mistfall engine \" http:\/\/vx.netlux.org\/lib\/vzo21.html  }}Z0mbie \"Automated reverse engineering: Mistfall engine \" http:\/\/vx.netlux.org\/lib\/vzo21.html"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102152"},{"key":"e_1_3_2_1_21_1","volume-title":"Defending against internet worms: a signature-based approach,\" in Proceedings of the 24th INFOCOM","author":"Tang Y.","year":"2005","unstructured":"}} Y. Tang and S. Chen , \" Defending against internet worms: a signature-based approach,\" in Proceedings of the 24th INFOCOM , 2005 . }}Y. Tang and S. Chen, \"Defending against internet worms: a signature-based approach,\" in Proceedings of the 24th INFOCOM, 2005."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180414"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2006.165"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.26"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_5"},{"key":"e_1_3_2_1_26_1","volume-title":"Catch me, if you can: Evading network signatures with web-based polymorphic worms,\" in Proceedings of 1st USENIX Workshop on Offensive Technologies","author":"Gundy M. V.","year":"2007","unstructured":"}} M. V. Gundy , D. Balzarotti , and G. Vigna , \" Catch me, if you can: Evading network signatures with web-based polymorphic worms,\" in Proceedings of 1st USENIX Workshop on Offensive Technologies , 2007 . }}M. V. Gundy, D. Balzarotti, and G. Vigna, \"Catch me, if you can: Evading network signatures with web-based polymorphic worms,\" in Proceedings of 1st USENIX Workshop on Offensive Technologies, 2007."},{"key":"e_1_3_2_1_27_1","volume-title":"Limits of learning-based signature generation with adversaries,\" in Proceedings of the 15th Annual Network and Distributed Systems Security Symposium (NDSS)","author":"Venkataraman S.","year":"2008","unstructured":"}} S. Venkataraman , A. Blum , and D. Song , \" Limits of learning-based signature generation with adversaries,\" in Proceedings of the 15th Annual Network and Distributed Systems Security Symposium (NDSS) , 2008 . }}S. Venkataraman, A. Blum, and D. Song, \"Limits of learning-based signature generation with adversaries,\" in Proceedings of the 15th Annual Network and Distributed Systems Security Symposium (NDSS), 2008."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.20"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/11506881_11"},{"key":"e_1_3_2_1_30_1","volume-title":"An architecture for generating semantics-aware signatures,\" in Proceedings of the 14th USENIX Security Symposium","author":"Yegneswaran V.","year":"2005","unstructured":"}} V. Yegneswaran , J. T. Giffin , P. Barford , and S. Jha , \" An architecture for generating semantics-aware signatures,\" in Proceedings of the 14th USENIX Security Symposium , 2005 . }}V. Yegneswaran, J. T. Giffin, P. Barford, and S. Jha, \"An architecture for generating semantics-aware signatures,\" in Proceedings of the 14th USENIX Security Symposium, 2005."},{"key":"e_1_3_2_1_31_1","volume-title":"On the (im)possibility of obfuscating programs,\" in Proceedings of the 21st Annual International Cryptology Conference (CRYPTO)","author":"Barak B.","year":"2001","unstructured":"}} B. Barak , O. Goldreich , R. Impagliazzo , S. Rudich , A. Sahai , S. P. Vadhan , and K. Yang , \" On the (im)possibility of obfuscating programs,\" in Proceedings of the 21st Annual International Cryptology Conference (CRYPTO) , 2001 . }}B. Barak, O. Goldreich, R. Impagliazzo, S. Rudich, A. Sahai, S. P. Vadhan, and K. Yang, \"On the (im)possibility of obfuscating programs,\" in Proceedings of the 21st Annual International Cryptology Conference (CRYPTO), 2001."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/586110.586145"},{"key":"e_1_3_2_1_33_1","volume-title":"Undermining an anomaly-based intrusion detection system using common exploits,\" in Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID)","author":"Tan K. M. C.","year":"2002","unstructured":"}} K. M. C. Tan , K. S. Killourhy , and R. A. Maxion , \" Undermining an anomaly-based intrusion detection system using common exploits,\" in Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID) , 2002 . }}K. M. C. Tan, K. S. Killourhy, and R. A. Maxion, \"Undermining an anomaly-based intrusion detection system using common exploits,\" in Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID), 2002."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_3"},{"key":"e_1_3_2_1_35_1","volume-title":"Automating mimicry attacks using static binary analysis,\" in Proceedings of the 14th USENIX Security Symposium","author":"Kruegel C.","year":"2005","unstructured":"}} C. Kruegel , E. Kirda , D. Mutz , W. Robertson , and G. Vigna , \" Automating mimicry attacks using static binary analysis,\" in Proceedings of the 14th USENIX Security Symposium , 2005 . }}C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna, \"Automating mimicry attacks using static binary analysis,\" in Proceedings of the 14th USENIX Security Symposium, 2005."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1368310.1368334"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1080\/0161-119291866883"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/272991.272995"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.33"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-30557-6_2"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/512529.512542"}],"event":{"name":"CCS '10: 17th ACM Conference on Computer and Communications Security 2010","location":"Chicago Illinois USA","acronym":"CCS '10","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 17th ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1866307.1866368","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1866307.1866368","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:08:59Z","timestamp":1750248539000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1866307.1866368"}},"subtitle":["a new approach to binary code obfuscation"],"short-title":[],"issued":{"date-parts":[[2010,10,4]]},"references-count":41,"alternative-id":["10.1145\/1866307.1866368","10.1145\/1866307"],"URL":"https:\/\/doi.org\/10.1145\/1866307.1866368","relation":{},"subject":[],"published":{"date-parts":[[2010,10,4]]},"assertion":[{"value":"2010-10-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}