{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:14:40Z","timestamp":1750306480680,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,12,11]],"date-time":"2015-12-11T00:00:00Z","timestamp":1449792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Austrian Federal Ministry of Science, Research and Economy"},{"name":"National Foundation for Research, Technology and Development"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,12,11]]},"DOI":"10.1145\/2837185.2837199","type":"proceedings-article","created":{"date-parts":[[2016,4,7]],"date-time":"2016-04-07T22:22:33Z","timestamp":1460067753000},"page":"1-10","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Classifying malicious system behavior using event propagation trees"],"prefix":"10.1145","author":[{"given":"Stefan","family":"Marschalek","sequence":"first","affiliation":[{"name":"Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks, St. Poelten UAS, Austria"}]},{"given":"Robert","family":"Luh","sequence":"additional","affiliation":[{"name":"Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks, St. Poelten UAS, Austria & DMU, Leicester, UK"}]},{"given":"Manfred","family":"Kaiser","sequence":"additional","affiliation":[{"name":"Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks, St. Poelten UAS, Austria"}]},{"given":"Sebastian","family":"Schrittwieser","sequence":"additional","affiliation":[{"name":"Josef Ressel Center for Unified Threat Intelligence on Targeted Attacks, St. Poelten UAS, Austria"}]}],"member":"320","published-online":{"date-parts":[[2015,12,11]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Agile Malware Analysis - Joe Sandbox Desktop. http:\/\/www.joesecurity.org\/joe-sandbox-desktop.  Agile Malware Analysis - Joe Sandbox Desktop. http:\/\/www.joesecurity.org\/joe-sandbox-desktop."},{"key":"e_1_3_2_1_2_1","unstructured":"Anubis. https:\/\/anubis.iseclab.org\/.  Anubis. https:\/\/anubis.iseclab.org\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Malheur - Automatic Analysis of Malware Behavior. http:\/\/www.mlsec.org\/malheur\/.  Malheur - Automatic Analysis of Malware Behavior. http:\/\/www.mlsec.org\/malheur\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Process Monitor. https:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896645.  Process Monitor. https:\/\/technet.microsoft.com\/en-us\/sysinternals\/bb896645."},{"key":"e_1_3_2_1_5_1","first-page":"193","volume-title":"PST","author":"Abou-Assaleh T.","year":"2004","unstructured":"T. Abou-Assaleh , N. Cercone , V. Keselj , and R. Sweidan . Detection of New Malicious Code Using N-grams Signatures . In PST , pages 193 -- 196 , 2004 . T. Abou-Assaleh, N. Cercone, V. Keselj, and R. Sweidan. Detection of New Malicious Code Using N-grams Signatures. In PST, pages 193--196, 2004."},{"key":"e_1_3_2_1_6_1","first-page":"15","volume-title":"Security and Privacy, 2006 IEEE Symposium on","author":"Bhatkar S.","unstructured":"S. Bhatkar , A. Chaturvedi , and R. Sekar . Dataflow anomaly detection . In Security and Privacy, 2006 IEEE Symposium on , pages 15 --pp. IEEE, 2006. S. Bhatkar, A. Chaturvedi, and R. Sekar. Dataflow anomaly detection. In Security and Privacy, 2006 IEEE Symposium on, pages 15--pp. IEEE, 2006."},{"issue":"12","key":"e_1_3_2_1_7_1","first-page":"2476","article-title":"Evaluation of filesystem provenance visualization tools. Visualization and Computer Graphics","volume":"19","author":"Borkin M.","year":"2013","unstructured":"M. Borkin , C. S. Yeh , M. Boyd , P. Macko , K. Z. Gajos , M. Seltzer , H. Pfister , and others. Evaluation of filesystem provenance visualization tools. Visualization and Computer Graphics , IEEE Transactions on , 19 ( 12 ): 2476 -- 2485 , 2013 . M. Borkin, C. S. Yeh, M. Boyd, P. Macko, K. Z. Gajos, M. Seltzer, H. Pfister, and others. Evaluation of filesystem provenance visualization tools. Visualization and Computer Graphics, IEEE Transactions on, 19(12):2476--2485, 2013.","journal-title":"IEEE Transactions on"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1342211.1342215"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.20"},{"key":"e_1_3_2_1_10_1","unstructured":"R. S. Coutinho. D3.js drag and drop tree. https:\/\/github.com\/RodrigoSC\/dndTree.  R. S. Coutinho. D3.js drag and drop tree. https:\/\/github.com\/RodrigoSC\/dndTree."},{"issue":"4","key":"e_1_3_2_1_11_1","first-page":"807","article-title":"A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns. Computers","volume":"63","author":"Creech G.","year":"2014","unstructured":"G. Creech and J. Hu . A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns. Computers , IEEE Transactions on , 63 ( 4 ): 807 -- 819 , 2014 . G. Creech and J. Hu. A Semantic Approach to Host-Based Intrusion Detection Systems Using Contiguousand Discontiguous System Call Patterns. Computers, IEEE Transactions on, 63(4):807--819, 2014.","journal-title":"IEEE Transactions on"},{"key":"e_1_3_2_1_12_1","first-page":"54","volume-title":"Daskapan. Systems for Detecting Advanced Persistent Threats: A Development Roadmap Using Intelligent Data Analysis. In Cyber Security, 2012 Intl. Conference on","author":"Vries J. De","year":"2012","unstructured":"J. De Vries , H. Hoogstraaten , J. van den Berg, and S . Daskapan. Systems for Detecting Advanced Persistent Threats: A Development Roadmap Using Intelligent Data Analysis. In Cyber Security, 2012 Intl. Conference on , pages 54 -- 61 . IEEE, 2012 . J. De Vries, H. Hoogstraaten, J. van den Berg, and S. Daskapan. Systems for Detecting Advanced Persistent Threats: A Development Roadmap Using Intelligent Data Analysis. In Cyber Security, 2012 Intl. Conference on, pages 54--61. IEEE, 2012."},{"key":"e_1_3_2_1_13_1","first-page":"395","volume-title":"ICEIS (2)","author":"Devesa J.","year":"2010","unstructured":"J. Devesa , I. Santos , X. Cantero , Y. K. Penya , and P. G. Bringas . Automatic Behaviour-based Analysis and Classification System for Malware Detection . In ICEIS (2) , pages 395 -- 399 , 2010 . J. Devesa, I. Santos, X. Cantero, Y. K. Penya, and P. G. Bringas. Automatic Behaviour-based Analysis and Classification System for Malware Detection. In ICEIS (2), pages 395--399, 2010."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"crossref","first-page":"191","DOI":"10.1007\/978-3-642-33704-8_17","volume-title":"Computer Network Security","author":"Dolgikh A.","year":"2012","unstructured":"A. Dolgikh , T. Nykodym , V. Skormin , and Z. Birnbaum . Using behavioral modeling and customized normalcy profiles as protection against targeted cyber-attacks . In Computer Network Security , pages 191 -- 202 . Springer , 2012 . A. Dolgikh, T. Nykodym, V. Skormin, and Z. Birnbaum. Using behavioral modeling and customized normalcy profiles as protection against targeted cyber-attacks. In Computer Network Security, pages 191--202. Springer, 2012."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SOSE.2014.52"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2089125.2089126"},{"key":"e_1_3_2_1_17_1","first-page":"80590O","volume-title":"SPIE Defense, Security, and Sensing","author":"Gr\u00e9gio A. R.","year":"2011","unstructured":"A. R. Gr\u00e9gio , D. S. Fernandes Filho , V. M. Afonso , R. D. Santos , M. Jino , and P. L. de Geus . Behavioral analysis of malicious code through network traffic and system call monitoring . In SPIE Defense, Security, and Sensing , pages 80590O - 80590O . Intl. Society for Optics and Photonics , 2011 . A. R. Gr\u00e9gio, D. S. Fernandes Filho, V. M. Afonso, R. D. Santos, M. Jino, and P. L. de Geus. Behavioral analysis of malicious code through network traffic and system call monitoring. In SPIE Defense, Security, and Sensing, pages 80590O-80590O. Intl. Society for Optics and Photonics, 2011."},{"key":"e_1_3_2_1_19_1","volume-title":"A survey of malware detection techniques","author":"Idika N.","year":"2007","unstructured":"N. Idika and A. P. Mathur . A survey of malware detection techniques . Purdue University , 48, 2007 . N. Idika and A. P. Mathur. A survey of malware detection techniques. Purdue University, 48, 2007."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","DOI":"10.1007\/b95112","volume-title":"Coloured petri nets: modelling and validation of concurrent systems","author":"Jensen K.","year":"2009","unstructured":"K. Jensen and L. M. Kristensen . Coloured petri nets: modelling and validation of concurrent systems . Springer , Dordrecht; New York , 2009 . K. Jensen and L. M. Kristensen. Coloured petri nets: modelling and validation of concurrent systems. Springer, Dordrecht; New York, 2009."},{"key":"e_1_3_2_1_21_1","volume-title":"Black Hat Conference, USA","author":"Kendall K.","year":"2007","unstructured":"K. Kendall and C. McMillan . Practical malware analysis . In Black Hat Conference, USA , 2007 . K. Kendall and C. McMillan. Practical malware analysis. In Black Hat Conference, USA, 2007."},{"key":"e_1_3_2_1_22_1","volume-title":"symposium, RAID 2007, Gold Coast [i.e. Coast], Australia, September 5-7, 2007: proceedings. Number 4637 in Lecture notes in computer science. Springer-Verlag, Berlin; New York","author":"Kruegel C.","year":"2007","unstructured":"C. Kruegel , R. Lippmann , and A. Clark , editors. Recent advances in intrusion detection: 10th intl . symposium, RAID 2007, Gold Coast [i.e. Coast], Australia, September 5-7, 2007: proceedings. Number 4637 in Lecture notes in computer science. Springer-Verlag, Berlin; New York , 2007 . C. Kruegel, R. Lippmann, and A. Clark, editors. Recent advances in intrusion detection: 10th intl. symposium, RAID 2007, Gold Coast [i.e. Coast], Australia, September 5-7, 2007: proceedings. Number 4637 in Lecture notes in computer science. Springer-Verlag, Berlin; New York, 2007."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2012.6461015"},{"key":"e_1_3_2_1_24_1","volume-title":"ACSAC 2007","author":"Moser A.","year":"2007","unstructured":"A. Moser , C. Kruegel , and E. Kirda . Limits of static analysis for malware detection. In Computer security applications conference, 2007 . ACSAC 2007 . Twenty-third annual, pages 421--430. IEEE , 2007 . A. Moser, C. Kruegel, and E. Kirda. Limits of static analysis for malware detection. In Computer security applications conference, 2007. ACSAC 2007. Twenty-third annual, pages 421--430. IEEE, 2007."},{"key":"e_1_3_2_1_25_1","volume-title":"arXiv preprint cs\/0703132","author":"Peshkin L.","year":"2007","unstructured":"L. Peshkin . Structure induction by lossless graph compression. arXiv preprint cs\/0703132 , 2007 . L. Peshkin. Structure induction by lossless graph compression. arXiv preprint cs\/0703132, 2007."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/2011216.2011217"},{"key":"e_1_3_2_1_27_1","volume-title":"Modern operating systems","author":"Tanenbaum A. S.","year":"2014","unstructured":"A. S. Tanenbaum and H. Bos . Modern operating systems . Prentice Hall Press , 2014 . A. S. Tanenbaum and H. Bos.Modern operating systems. Prentice Hall Press, 2014."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/VIZSEC.2009.5375540"},{"key":"e_1_3_2_1_29_1","volume-title":"A malware instruction set for behavior-based analysis","author":"Trinius P.","year":"2009","unstructured":"P. Trinius , C. Willems , T. Holz , and K. Rieck . A malware instruction set for behavior-based analysis . 2009 . P. Trinius, C. Willems, T. Holz, and K. Rieck. A malware instruction set for behavior-based analysis. 2009."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2009.5403018"},{"key":"e_1_3_2_1_31_1","first-page":"105","volume-title":"Eurographics Conference on Visualization (EuroVis) State of The Art Reports","author":"Wagner M.","unstructured":"M. Wagner , F. Fischer , R. Luh , A. Haberson , A. Rind , D. Keim , W. Aigner , R. Borgo , F. Ganovelli , and I. Viola . A Survey of Visualization Systems for Malware Analysis . In Eurographics Conference on Visualization (EuroVis) State of The Art Reports , pages 105 -- 125 . EuroGraphics. M. Wagner, F. Fischer, R. Luh, A. Haberson, A. Rind, D. Keim, W. Aigner, R. Borgo, F. Ganovelli, and I. Viola. A Survey of Visualization Systems for Malware Analysis. In Eurographics Conference on Visualization (EuroVis) State of The Art Reports, pages 105--125. EuroGraphics."},{"key":"e_1_3_2_1_32_1","first-page":"470","volume-title":"A Behavior Feature Generation Method for Obfuscated Malware Detection","author":"Wang R.","year":"2012","unstructured":"R. Wang , X. Jia , and C. Nie . A Behavior Feature Generation Method for Obfuscated Malware Detection . pages 470 -- 474 . IEEE , Aug. 2012 . R. Wang, X. Jia, and C. Nie. A Behavior Feature Generation Method for Obfuscated Malware Detection. pages 470--474. IEEE, Aug. 2012."},{"key":"e_1_3_2_1_33_1","volume-title":"Toward automated dynamic malware analysis using cwsandbox","author":"Willems C.","year":"2007","unstructured":"C. Willems , T. Holz , and F. Freiling . Toward automated dynamic malware analysis using cwsandbox . IEEE Security & Privacy , (2):32--39, 2007 . C. Willems, T. Holz, and F. Freiling. Toward automated dynamic malware analysis using cwsandbox. IEEE Security & Privacy, (2):32--39, 2007."},{"key":"e_1_3_2_1_34_1","volume-title":"Data Mining: Practical Machine Learning Tools and Techniques","author":"Witten I. H.","year":"2005","unstructured":"I. H. Witten and E. Frank . Data Mining: Practical Machine Learning Tools and Techniques , Second Edition (Morgan Kaufmann Series in Data Management Systems). Morgan Kaufmann Publishers Inc ., San Francisco, CA, USA, 2005 . I. H. Witten and E. Frank. Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems). Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, 2005."},{"key":"e_1_3_2_1_35_1","first-page":"25","volume-title":"DAVAST: data-centric system level activity visualization","author":"W\u00fcchner T.","year":"2014","unstructured":"T. W\u00fcchner , A. Pretschner , and M. Ochoa . DAVAST: data-centric system level activity visualization . pages 25 -- 32 . ACM Press , 2014 . T. W\u00fcchner, A. Pretschner, and M. Ochoa. DAVAST: data-centric system level activity visualization. pages 25--32. ACM Press, 2014."}],"event":{"name":"iiWAS '15: The 17th International Conference on Information Integration and Web-based Application & Services","acronym":"iiWAS '15","location":"Brussels Belgium"},"container-title":["Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2837185.2837199","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2837185.2837199","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:48:21Z","timestamp":1750225701000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2837185.2837199"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,12,11]]},"references-count":34,"alternative-id":["10.1145\/2837185.2837199","10.1145\/2837185"],"URL":"https:\/\/doi.org\/10.1145\/2837185.2837199","relation":{},"subject":[],"published":{"date-parts":[[2015,12,11]]},"assertion":[{"value":"2015-12-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}