{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,16]],"date-time":"2026-05-16T16:19:12Z","timestamp":1778948352420,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":79,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T00:00:00Z","timestamp":1572998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["1850392"],"award-info":[{"award-number":["1850392"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"NSF","doi-asserted-by":"publisher","award":["1916499"],"award-info":[{"award-number":["1916499"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"AFRL","award":["FA8750-17-S-7007"],"award-info":[{"award-number":["FA8750-17-S-7007"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,6]]},"DOI":"10.1145\/3319535.3363199","type":"proceedings-article","created":{"date-parts":[[2019,11,7]],"date-time":"2019-11-07T13:08:32Z","timestamp":1573132112000},"page":"1849-1866","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":15,"title":["MalMax"],"prefix":"10.1145","author":[{"given":"Abbas","family":"Naderi-Afooshteh","sequence":"first","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yonghwi","family":"Kwon","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Anh","family":"Nguyen-Tuong","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ali","family":"Razmjoo-Qalaei","sequence":"additional","affiliation":[{"name":"ZDResearch, Charlottesville, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohammad-Reza","family":"Zamiri-Gourabi","sequence":"additional","affiliation":[{"name":"ZDResearch, Charlottesville, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jack W.","family":"Davidson","sequence":"additional","affiliation":[{"name":"University of Virginia, Charlottesville, VA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2019,11,6]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"A free online service for analysis of files and URLs enabling the identification of malicious content. 2016. VirusTotal. https:\/\/www.virustotal.com. (2016).  A free online service for analysis of files and URLs enabling the identification of malicious content. 2016. VirusTotal. https:\/\/www.virustotal.com. (2016)."},{"key":"e_1_3_2_2_2_1","volume-title":"NAVEX - Precise and Scalable Exploit Generation for Dynamic Web Applications. USENIX Security Symposium(2018)","author":"Alhuzali Abeer","year":"2018","unstructured":"Abeer Alhuzali , Rigel Gjomemo , Birhanu Eshete , and V N Venkatakrishnan . 2018 . NAVEX - Precise and Scalable Exploit Generation for Dynamic Web Applications. USENIX Security Symposium(2018) . Abeer Alhuzali, Rigel Gjomemo, Birhanu Eshete, and V N Venkatakrishnan. 2018. NAVEX - Precise and Scalable Exploit Generation for Dynamic Web Applications. USENIX Security Symposium(2018)."},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/2996758.2996768"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"crossref","unstructured":"Anonymous. 2019. Anonymized-for-review. Anonymous URL. (2019).  Anonymous. 2019. Anonymized-for-review. Anonymous URL. (2019).","DOI":"10.5194\/soil-2019-18-RC2"},{"key":"e_1_3_2_2_5_1","volume-title":"Farnam Jahanian, and Jose Nazario.","author":"Bailey Michael","year":"2007","unstructured":"Michael Bailey , Jon Oberheide , Jon Andersen , Zhuoqing Morley Mao , Farnam Jahanian, and Jose Nazario. 2007 . Automated Classification and Analysis of Internet Malware .RAID(2007). Michael Bailey, Jon Oberheide, Jon Andersen, Zhuoqing Morley Mao, Farnam Jahanian, and Jose Nazario. 2007. Automated Classification and Analysis of Internet Malware.RAID(2007)."},{"key":"e_1_3_2_2_6_1","unstructured":"Bartblaze. 2019. PHP Backdoors. https:\/\/github.com\/bartblaze\/PHP-backdoors.(2019).  Bartblaze. 2019. PHP Backdoors. https:\/\/github.com\/bartblaze\/PHP-backdoors.(2019)."},{"key":"e_1_3_2_2_7_1","unstructured":"Ulrich Bayer Imam Habibi Davide Balzarotti and Engin Kirda. 2009. A View on Current Malware Behaviors. LEET(2009).  Ulrich Bayer Imam Habibi Davide Balzarotti and Engin Kirda. 2009. A View on Current Malware Behaviors. LEET(2009)."},{"key":"e_1_3_2_2_8_1","volume-title":"USENIX Security Symposium. Usenix.","author":"Blazytko Tim","year":"2017","unstructured":"Tim Blazytko , Moritz Contag , Cornelius Aschermann , and Thorsten Holz . 2017 . Syntia: Synthesizing the semantics of obfuscated code . In USENIX Security Symposium. Usenix. Tim Blazytko, Moritz Contag, Cornelius Aschermann, and Thorsten Holz. 2017.Syntia: Synthesizing the semantics of obfuscated code. In USENIX Security Symposium. Usenix."},{"key":"e_1_3_2_2_9_1","volume-title":"ACM Conference onComputer and Communications Security(2013)","author":"Borgolte Kevin","year":"2013","unstructured":"Kevin Borgolte , Christopher Kruegel , and Giovanni Vigna . 2013 . Delta - automatic identification of unknown web-based infection campaigns . ACM Conference onComputer and Communications Security(2013) . Kevin Borgolte, Christopher Kruegel, and Giovanni Vigna. 2013. Delta - automatic identification of unknown web-based infection campaigns. ACM Conference onComputer and Communications Security(2013)."},{"key":"e_1_3_2_2_10_1","unstructured":"Built With. 2016. CMS Usage Statistics. http:\/\/trends.builtwith.com\/cms. (2016).  Built With. 2016. CMS Usage Statistics. http:\/\/trends.builtwith.com\/cms. (2016)."},{"key":"e_1_3_2_2_11_1","unstructured":"Davide Canali and Davide Balzarotti. 2013. Behind the Scenes of Online Attacks- an Analysis of Exploitation Behaviors on the Web. NDSS(2013).  Davide Canali and Davide Balzarotti. 2013. Behind the Scenes of Online Attacks- an Analysis of Exploitation Behaviors on the Web. NDSS(2013)."},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336768"},{"key":"e_1_3_2_2_13_1","volume-title":"Article 49 (Aug.","author":"Chang Jian","year":"2013","unstructured":"Jian Chang , Krishna K. Venkatasubramanian , Andrew G. West , and Insup Lee . 2013. Analyzing and Defending Against Web-based Malware. ACM Comput. Surv.45, 4 , Article 49 (Aug. 2013 ), 35 pages. https:\/\/doi.org\/10.1145\/2501654.2501663 10.1145\/2501654.2501663 Jian Chang, Krishna K. Venkatasubramanian, Andrew G. West, and Insup Lee. 2013. Analyzing and Defending Against Web-based Malware. ACM Comput. Surv.45, 4, Article 49 (Aug. 2013), 35 pages. https:\/\/doi.org\/10.1145\/2501654.2501663"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"e_1_3_2_2_15_1","volume-title":"Traveling the Silk Road: A measurement analysis of alarge anonymous online marketplace. arXiv.org(July","author":"Christin Nicolas","year":"2012","unstructured":"Nicolas Christin . 2012. Traveling the Silk Road: A measurement analysis of alarge anonymous online marketplace. arXiv.org(July 2012 ). arXiv:1207.7139v2 Nicolas Christin. 2012. Traveling the Silk Road: A measurement analysis of alarge anonymous online marketplace. arXiv.org(July 2012). arXiv:1207.7139v2"},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"crossref","unstructured":"Mihai Christodorescu and Somesh Jha. 2004. Testing malware detectors. ISSTA(2004) 34.  Mihai Christodorescu and Somesh Jha. 2004. Testing malware detectors. ISSTA(2004) 34.","DOI":"10.1145\/1007512.1007518"},{"key":"e_1_3_2_2_17_1","volume-title":"Semantics-Aware Malware Detection. In 2005 IEEE Symposium on Security and Privacy(S&P'05)","author":"Christodorescu M","year":"2005","unstructured":"M Christodorescu , S Jha , S A Seshia , D Song , and R E Bryant . 2005 . Semantics-Aware Malware Detection. In 2005 IEEE Symposium on Security and Privacy(S&P'05) . IEEE, 32--46. M Christodorescu, S Jha, S A Seshia, D Song, and R E Bryant. 2005. Semantics-Aware Malware Detection. In 2005 IEEE Symposium on Security and Privacy(S&P'05). IEEE, 32--46."},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.12"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666657"},{"key":"e_1_3_2_2_20_1","unstructured":"Christine Council and Sammi Seaman. 2016. ClamAV. https:\/\/www.clamav.net\/.(2016).  Christine Council and Sammi Seaman. 2016. ClamAV. https:\/\/www.clamav.net\/.(2016)."},{"key":"e_1_3_2_2_21_1","unstructured":"cys3c. 2016. Backdoor Man. https:\/\/github.com\/cys3c\/BackdoorMan. (2016).  cys3c. 2016. Backdoor Man. https:\/\/github.com\/cys3c\/BackdoorMan. (2016)."},{"key":"e_1_3_2_2_22_1","volume-title":"Simulation of Built-in PHP Featuresfor Precise Static Code Analysis. NDSS 2014(2014)","author":"Dahse Johannes","year":"2014","unstructured":"Johannes Dahse and Thorsten Holz . 2014 . Simulation of Built-in PHP Featuresfor Precise Static Code Analysis. NDSS 2014(2014) . Johannes Dahse and Thorsten Holz. 2014. Simulation of Built-in PHP Featuresfor Precise Static Code Analysis. NDSS 2014(2014)."},{"key":"e_1_3_2_2_23_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Egele Manuel","year":"2014","unstructured":"Manuel Egele , Maverick Woo , Peter Chapman , and David Brumley . 2014 . Blanket execution: Dynamic similarity testing for program binaries and components . In 23rd USENIX Security Symposium (USENIX Security 14) . 303--317. Manuel Egele, Maverick Woo, Peter Chapman, and David Brumley. 2014. Blanket execution: Dynamic similarity testing for program binaries and components. In 23rd USENIX Security Symposium (USENIX Security 14). 303--317."},{"key":"e_1_3_2_2_24_1","volume-title":"USENIX Security Symposium(2015)","author":"Graziano Mariano","year":"2015","unstructured":"Mariano Graziano , Davide Canali , Leyla Bilge , Andrea Lanzi , and DavideBalzarotti. 2015 . Needles in a Haystack - Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence . USENIX Security Symposium(2015) . Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, and DavideBalzarotti. 2015. Needles in a Haystack - Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence. USENIX Security Symposium(2015)."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2015.7081870"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"crossref","unstructured":"Xin Hu and Kang G Shin. 2013. DUET - integration of dynamic and static analysesfor malware clustering with cluster ensembles.ACSAC(2013) 79--88.  Xin Hu and Kang G Shin. 2013. DUET - integration of dynamic and static analysesfor malware clustering with cluster ensembles.ACSAC(2013) 79--88.","DOI":"10.1145\/2523649.2523677"},{"key":"e_1_3_2_2_27_1","unstructured":"Inscapsula. 2017. 2017 Data Breach Investigations Report. https:\/\/www.ictsecuritymagazine.com\/wp-content\/uploads\/2017-Data-Breach-Investigations-Report.pdf. (2017).  Inscapsula. 2017. 2017 Data Breach Investigations Report. https:\/\/www.ictsecuritymagazine.com\/wp-content\/uploads\/2017-Data-Breach-Investigations-Report.pdf. (2017)."},{"key":"e_1_3_2_2_28_1","unstructured":"Inscapsula. 2017. How Backdoors Bypass Security Solutions with Advanced Camouflage Techniques. https:\/\/www.incapsula.com\/blog\/backdoor-malware-analysis-obfuscation-techniques.html. (2017).  Inscapsula. 2017. How Backdoors Bypass Security Solutions with Advanced Camouflage Techniques. https:\/\/www.incapsula.com\/blog\/backdoor-malware-analysis-obfuscation-techniques.html. (2017)."},{"key":"e_1_3_2_2_29_1","volume-title":"Evil Seed - A Guided Approachto Finding Malicious Web Pages. IEEE Symposium on Security and Privacy(2012)","author":"Invernizzi Luca","year":"2012","unstructured":"Luca Invernizzi and Paolo Milani Comparetti . 2012 . Evil Seed - A Guided Approachto Finding Malicious Web Pages. IEEE Symposium on Security and Privacy(2012) . Luca Invernizzi and Paolo Milani Comparetti. 2012. Evil Seed - A Guided Approachto Finding Malicious Web Pages. IEEE Symposium on Security and Privacy(2012)."},{"key":"e_1_3_2_2_30_1","unstructured":"ionCube Ltd. 2019. ionCube. https:\/\/www.ioncube.com\/phpencoder.php. (2019).  ionCube Ltd. 2019. ionCube. https:\/\/www.ioncube.com\/phpencoder.php. (2019)."},{"key":"e_1_3_2_2_31_1","volume-title":"Transcend: Detecting conceptdrift in malware classification models. In PROCEEDINGS OF THE 26TH USENIX SECURITY SYMPOSIUM (USENIX SECURITY'17)","author":"Jordaney Roberto","year":"2017","unstructured":"Roberto Jordaney , Kumar Sharad , Santanu K Dash , Zhi Wang , Davide Papini , Ilia Nouretdinov , and Lorenzo Cavallaro . 2017 . Transcend: Detecting conceptdrift in malware classification models. In PROCEEDINGS OF THE 26TH USENIX SECURITY SYMPOSIUM (USENIX SECURITY'17) . USENIX Association , 625--642. Roberto Jordaney, Kumar Sharad, Santanu K Dash, Zhi Wang, Davide Papini,Ilia Nouretdinov, and Lorenzo Cavallaro. 2017. Transcend: Detecting conceptdrift in malware classification models. In PROCEEDINGS OF THE 26TH USENIX SECURITY SYMPOSIUM (USENIX SECURITY'17). USENIX Association, 625--642."},{"key":"e_1_3_2_2_32_1","volume-title":"Pixy: a staticanalysis tool for detecting Web application vulnerabilities. Security and Privacy(2006), 6 pp.--263","author":"Jovanovic Nenad","unstructured":"Nenad Jovanovic , Christopher Kruegel , and Engin Kirda . 2006. Pixy: a staticanalysis tool for detecting Web application vulnerabilities. Security and Privacy(2006), 6 pp.--263 . Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. 2006. Pixy: a staticanalysis tool for detecting Web application vulnerabilities. Security and Privacy(2006), 6 pp.--263."},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"crossref","unstructured":"Nenad Jovanovic Christopher Kruegel and Engin Kirda. 2006. Precise aliasanalysis for static detection of web application vulnerabilities. PLAS(2006).  Nenad Jovanovic Christopher Kruegel and Engin Kirda. 2006. Precise aliasanalysis for static detection of web application vulnerabilities. PLAS(2006).","DOI":"10.1145\/1134744.1134751"},{"key":"e_1_3_2_2_34_1","volume-title":"USENIX Security Symposium(2013)","author":"Kapravelos Alexandros","year":"2013","unstructured":"Alexandros Kapravelos , Yan Shoshitaishvili , Marco Cova , Christopher Kruegel ,and Giovanni Vigna . 2013 . Revolver - An Automated Approach to the Detectionof Evasive Web-based Malware . USENIX Security Symposium(2013) . Alexandros Kapravelos, Yan Shoshitaishvili, Marco Cova, Christopher Kruegel,and Giovanni Vigna. 2013. Revolver - An Automated Approach to the Detectionof Evasive Web-based Malware. USENIX Security Symposium(2013)."},{"key":"e_1_3_2_2_35_1","volume-title":"USENIX Security Symposium(2016)","author":"Kharraz Amin","year":"2016","unstructured":"Amin Kharraz , Sajjad Arshad , Collin Mulliner , William K Robertson , and En-gin Kirda. 2016 . UNVEIL - A Large-Scale, Automated Approach to Detecting Ransomware . USENIX Security Symposium(2016) . Amin Kharraz, Sajjad Arshad, Collin Mulliner, William K Robertson, and En-gin Kirda. 2016. UNVEIL - A Large-Scale, Automated Approach to Detecting Ransomware. USENIX Security Symposium(2016)."},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052674"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.48"},{"key":"e_1_3_2_2_38_1","volume-title":"Proc BlackHat USA Security Conference(2014)","author":"Kruegel C","year":"2014","unstructured":"C Kruegel . 2014 . Full system emulation: Achieving successful automated dynamic analysis of evasive malware . Proc BlackHat USA Security Conference(2014) . C Kruegel. 2014. Full system emulation: Achieving successful automated dynamic analysis of evasive malware. Proc BlackHat USA Security Conference(2014)."},{"key":"e_1_3_2_2_39_1","unstructured":"Larry Masters. 2016. CakePHP. https:\/\/cakephp.org\/. (2016).  Larry Masters. 2016. CakePHP. https:\/\/cakephp.org\/. (2016)."},{"key":"e_1_3_2_2_40_1","volume-title":"Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade. USENIX Security Symposium(2011)","author":"Leontiadis Nektarios","year":"2011","unstructured":"Nektarios Leontiadis , Tyler Moore , and Nicolas Christin . 2011 . Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade. USENIX Security Symposium(2011) . Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. 2011. Measuring and Analyzing Search-Redirection Attacks in the Illicit Online Prescription Drug Trade. USENIX Security Symposium(2011)."},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIME-E.2014.7011581"},{"key":"e_1_3_2_2_42_1","unstructured":"Zend Technologies Ltd. 2015. zendguard. http:\/\/www.zend.com\/en\/products\/zend-guard. (2015).  Zend Technologies Ltd. 2015. zendguard. http:\/\/www.zend.com\/en\/products\/zend-guard. (2015)."},{"key":"e_1_3_2_2_43_1","unstructured":"MarketWired. 2014. Joomla! CMS Passes 50 Million Downloads. http:\/\/www.marketwired.com\/press-release\/joomla-cms-passes-50-million-downloads-1882565.htm. (2014).  MarketWired. 2014. Joomla! CMS Passes 50 Million Downloads. http:\/\/www.marketwired.com\/press-release\/joomla-cms-passes-50-million-downloads-1882565.htm. (2014)."},{"key":"e_1_3_2_2_44_1","unstructured":"Mattias Geniar. 2019. PHP Exploit Scripts. https:\/\/github.com\/mattiasgeniar\/php-exploit-scripts\/. (2019).  Mattias Geniar. 2019. PHP Exploit Scripts. https:\/\/github.com\/mattiasgeniar\/php-exploit-scripts\/. (2019)."},{"key":"e_1_3_2_2_45_1","volume-title":"Memcached: Free and open source, high-performance,distributed memory object caching system. https:\/\/memcached.org\/.","year":"2019","unstructured":"memcached.org. 2019 . Memcached: Free and open source, high-performance,distributed memory object caching system. https:\/\/memcached.org\/. (2019). Accessed : 2019-08--25. memcached.org. 2019. Memcached: Free and open source, high-performance,distributed memory object caching system. https:\/\/memcached.org\/. (2019). Accessed: 2019-08--25."},{"key":"e_1_3_2_2_46_1","unstructured":"Michal Cihar. 2016. phpMyAdmin. https:\/\/www.phpmyadmin.net\/. (2016).  Michal Cihar. 2016. phpMyAdmin. https:\/\/www.phpmyadmin.net\/. (2016)."},{"key":"e_1_3_2_2_47_1","volume-title":"Exploring Multiple Execution Paths for Malware Analysis. In 2007 IEEE Symposium on Security andPrivacy (SP '07)","author":"Moser Andreas","year":"2007","unstructured":"Andreas Moser , Christopher Kruegel , and Engin Kirda . 2007 . Exploring Multiple Execution Paths for Malware Analysis. In 2007 IEEE Symposium on Security andPrivacy (SP '07) . IEEE, 231--245. Andreas Moser, Christopher Kruegel, and Engin Kirda. 2007. Exploring Multiple Execution Paths for Malware Analysis. In 2007 IEEE Symposium on Security andPrivacy (SP '07). IEEE, 231--245."},{"key":"e_1_3_2_2_48_1","unstructured":"NBS Systems. 2016. PHP Malware Finder. https:\/\/github.com\/nbs-system\/php-malware-finder. (2016).  NBS Systems. 2016. PHP Malware Finder. https:\/\/github.com\/nbs-system\/php-malware-finder. (2016)."},{"key":"e_1_3_2_2_49_1","unstructured":"Nimbusec GmbH. 2016. shell ray - a php webshell detector. https:\/\/shellray.com\/.(2016). Accessed: 2016-09--30.  Nimbusec GmbH. 2016. shell ray - a php webshell detector. https:\/\/shellray.com\/.(2016). Accessed: 2016-09--30."},{"key":"e_1_3_2_2_50_1","unstructured":"Oracle Corporation. 2019. MySQL: The world's most popular open source data-base. https:\/\/mysql.com\/. (2019). Accessed: 2019-08--25.  Oracle Corporation. 2019. MySQL: The world's most popular open source data-base. https:\/\/mysql.com\/. (2019). Accessed: 2019-08--25."},{"key":"e_1_3_2_2_51_1","unstructured":"Pastebin. 2019. Pastebin. https:\/\/pastebin.com\/. (2019).  Pastebin. 2019. Pastebin. https:\/\/pastebin.com\/. (2019)."},{"key":"e_1_3_2_2_52_1","volume-title":"X-Force - Force-Executing Binary Programs for Security Applications. USENIX Security Symposium(2014)","author":"Peng Fei","year":"2014","unstructured":"Fei Peng , Zhui Deng , Xiangyu Zhang , Dongyan Xu , Zhiqiang Lin , and Zhendong Su . 2014 . X-Force - Force-Executing Binary Programs for Security Applications. USENIX Security Symposium(2014) . Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-Force - Force-Executing Binary Programs for Security Applications. USENIX Security Symposium(2014)."},{"key":"e_1_3_2_2_53_1","volume-title":"23rd USENIX Security Symposium (USENIX Security 14)","author":"Peng Fei","year":"2014","unstructured":"Fei Peng , Zhui Deng , Xiangyu Zhang , Dongyan Xu , Zhiqiang Lin , and Zhendong Su . 2014 . X-force: force-executing binary programs for security applications . In 23rd USENIX Security Symposium (USENIX Security 14) . 829--844. Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-force: force-executing binary programs for security applications. In 23rd USENIX Security Symposium (USENIX Security 14). 829--844."},{"key":"e_1_3_2_2_54_1","volume-title":"PHP: Autoloading Classes - Manual. https:\/\/www.php.net\/autoload.","year":"2019","unstructured":"php.net. 2019 . PHP: Autoloading Classes - Manual. https:\/\/www.php.net\/autoload. (2019). php.net. 2019. PHP: Autoloading Classes - Manual. https:\/\/www.php.net\/autoload. (2019)."},{"key":"e_1_3_2_2_55_1","unstructured":"Michalis Polychronakis and Niels Provos. 2008. Ghost Turns Zombie - Exploringthe Life Cycle of Web-based Malware. LEET(2008).  Michalis Polychronakis and Niels Provos. 2008. Ghost Turns Zombie - Exploringthe Life Cycle of Web-based Malware. LEET(2008)."},{"key":"e_1_3_2_2_56_1","first-page":"4","article-title":"The Ghost in the Browser: Analysis of Web-based Malware","volume":"7","author":"Provos Niels","year":"2007","unstructured":"Niels Provos , Dean McNamee , Panayiotis Mavrommatis , Ke Wang , Nagendra Modadugu , 2007 . The Ghost in the Browser: Analysis of Web-based Malware . Hot Bots 7 (2007), 4 -- 4 . Niels Provos, Dean McNamee, Panayiotis Mavrommatis, Ke Wang, Nagendra Modadugu, et al. 2007. The Ghost in the Browser: Analysis of Web-based Malware. Hot Bots 7 (2007), 4--4.","journal-title":"Hot Bots"},{"key":"e_1_3_2_2_57_1","unstructured":"R-fx Networks. 2016. Linux Malware Detect. https:\/\/www.rfxn.com\/projects\/linux-malware-detect\/. (2016).  R-fx Networks. 2016. Linux Malware Detect. https:\/\/www.rfxn.com\/projects\/linux-malware-detect\/. (2016)."},{"key":"e_1_3_2_2_58_1","unstructured":"r57. 2016. r57c99 Official Website. http:\/\/www.r57c99.com\/. (2016). Accessed: 2016-09--30.  r57. 2016. r57c99 Official Website. http:\/\/www.r57c99.com\/. (2016). Accessed: 2016-09--30."},{"key":"e_1_3_2_2_59_1","volume-title":"Redis: An open source, in-memory data structure store. https:\/\/redis.io\/.","year":"2019","unstructured":"RedisLabs. 2019 . Redis: An open source, in-memory data structure store. https:\/\/redis.io\/. (2019). Accessed : 2019-08--25. RedisLabs. 2019. Redis: An open source, in-memory data structure store. https:\/\/redis.io\/. (2019). Accessed: 2019-08--25."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491956.2462168"},{"key":"e_1_3_2_2_61_1","volume-title":"Proceedings, Sushil Jajodia and Javier Lopez (Eds.). Springer Berlin Heidelberg","author":"Sharif Monirul","unstructured":"Monirul Sharif , Vinod Yegneswaran , Hassen Saidi , Phillip Porras , and Wenke Lee .2008. Eureka : A Framework for Enabling Static Malware Analysis. In Computer Security - ESORICS 2008: 13th European Symposium on Research in Computer Security, M\u00e1laga, Spain, October 6--8, 2008 . Proceedings, Sushil Jajodia and Javier Lopez (Eds.). Springer Berlin Heidelberg , Berlin, Heidelberg, 481--500. Monirul Sharif, Vinod Yegneswaran, Hassen Saidi, Phillip Porras, and Wenke Lee.2008. Eureka: A Framework for Enabling Static Malware Analysis. In Computer Security - ESORICS 2008: 13th European Symposium on Research in Computer Security, M\u00e1laga, Spain, October 6--8, 2008. Proceedings, Sushil Jajodia and Javier Lopez (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 481--500."},{"key":"e_1_3_2_2_62_1","unstructured":"Monirul I Sharif Andrea Lanzi Jonathon T Giffin and Wenke Lee. Impeding Malware Analysis Using Conditional Code Obfuscation.  Monirul I Sharif Andrea Lanzi Jonathon T Giffin and Wenke Lee. Impeding Malware Analysis Using Conditional Code Obfuscation."},{"key":"e_1_3_2_2_63_1","volume-title":"Automatically Detecting Vulnerable Websites Before They Turn Malicious. USENIX Security Symposium(2014)","author":"Soska Kyle","year":"2014","unstructured":"Kyle Soska and Nicolas Christin . 2014 . Automatically Detecting Vulnerable Websites Before They Turn Malicious. USENIX Security Symposium(2014) . Kyle Soska and Nicolas Christin. 2014. Automatically Detecting Vulnerable Websites Before They Turn Malicious. USENIX Security Symposium(2014)."},{"key":"e_1_3_2_2_64_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Staicu Cristian-Alexandru","year":"2018","unstructured":"Cristian-Alexandru Staicu and Michael Pradel . 2018 . Freezing the web: A study of redos vulnerabilities in javascript-based web servers . In 27th USENIX Security Symposium (USENIX Security 18) . 361--376. Cristian-Alexandru Staicu and Michael Pradel. 2018. Freezing the web: A study of redos vulnerabilities in javascript-based web servers. In 27th USENIX Security Symposium (USENIX Security 18). 361--376."},{"key":"e_1_3_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/2872427.2882992"},{"key":"e_1_3_2_2_66_1","volume-title":"Website Report","year":"2017","unstructured":"Sucuri. 2017. Hacked Website Report 2017 . https:\/\/www.fortinet.com\/content\/dam\/fortinet\/assets\/threat-reports\/Fortinet-Threat-Report-Q2--2017.pdf. (2017). Sucuri. 2017. Hacked Website Report 2017. https:\/\/www.fortinet.com\/content\/dam\/fortinet\/assets\/threat-reports\/Fortinet-Threat-Report-Q2--2017.pdf. (2017)."},{"key":"e_1_3_2_2_67_1","volume-title":"POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs. ACM","author":"Sun Bo","year":"2016","unstructured":"Bo Sun , Akinori Fujino , and Tatsuya Mori . 2016 . POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs. ACM , New York , New York, USA. Bo Sun, Akinori Fujino, and Tatsuya Mori. 2016. POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs. ACM, New York, New York, USA."},{"key":"e_1_3_2_2_68_1","unstructured":"The PHP Group. 2016. PHP runkit book.http:\/\/php.net\/manual\/en\/book.runkit.php. (2016).  The PHP Group. 2016. PHP runkit book.http:\/\/php.net\/manual\/en\/book.runkit.php. (2016)."},{"key":"e_1_3_2_2_69_1","unstructured":"UnPHP. 2016. UnPHP - The Online PHP Decoder. http:\/\/unphp.net\/. (2016). Accessed: 2016-09--30.  UnPHP. 2016. UnPHP - The Online PHP Decoder. http:\/\/unphp.net\/. (2016). Accessed: 2016-09--30."},{"key":"e_1_3_2_2_70_1","unstructured":"Virus Total. 2016. yara: The pattern matching swiss knife for malware researchers(and everyone else). http:\/\/virustotal.github.io\/yara\/. (2016).  Virus Total. 2016. yara: The pattern matching swiss knife for malware researchers(and everyone else). http:\/\/virustotal.github.io\/yara\/. (2016)."},{"key":"e_1_3_2_2_71_1","unstructured":"W3Techs. 2018. Usage statistics and market share of PHP for websites. https:\/\/w3techs.com\/technologies\/details\/pl-php\/all\/all. (2018). Accessed: 2018--12--5.  W3Techs. 2018. Usage statistics and market share of PHP for websites. https:\/\/w3techs.com\/technologies\/details\/pl-php\/all\/all. (2018). Accessed: 2018--12--5."},{"key":"e_1_3_2_2_72_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-007-0074-9"},{"key":"e_1_3_2_2_73_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74320-0_12"},{"key":"e_1_3_2_2_74_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Wong Michelle Y","year":"2018","unstructured":"Michelle Y Wong and David Lie . 2018 . Tackling runtime-based obfuscation in Android with TIRO . In 27th USENIX Security Symposium (USENIX Security 18) .1247--1262. Michelle Y Wong and David Lie. 2018. Tackling runtime-based obfuscation in Android with TIRO. In 27th USENIX Security Symposium (USENIX Security 18).1247--1262."},{"key":"e_1_3_2_2_75_1","unstructured":"Wordpress. 2016. Wordpress Pluggable Functions. https:\/\/codex.wordpress.org\/PluggableFunctions. (2016). Accessed: 2019-08--25.  Wordpress. 2016. Wordpress Pluggable Functions. https:\/\/codex.wordpress.org\/PluggableFunctions. (2016). Accessed: 2019-08--25."},{"key":"e_1_3_2_2_76_1","volume-title":"Towards a sandbox for the deobfuscation and dissection of PHP malware. In 2014 Information Security for South Africa (ISSA)","author":"Wrench Peter M","unstructured":"Peter M Wrench and Barry V W Irwin . 2014. Towards a sandbox for the deobfuscation and dissection of PHP malware. In 2014 Information Security for South Africa (ISSA) . IEEE , 1--8. Peter M Wrench and Barry V W Irwin. 2014. Towards a sandbox for the deobfuscation and dissection of PHP malware. In 2014 Information Security for South Africa (ISSA). IEEE, 1--8."},{"key":"e_1_3_2_2_77_1","doi-asserted-by":"crossref","unstructured":"Peter M Wrench and Barry V W Irwin. 2015. Towards a PHP webshell taxonomyusing deobfuscation-assisted similarity analysis. ISSA(2015).  Peter M Wrench and Barry V W Irwin. 2015. Towards a PHP webshell taxonomyusing deobfuscation-assisted similarity analysis. ISSA(2015).","DOI":"10.1109\/ISSA.2015.7335066"},{"key":"e_1_3_2_2_78_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_2"},{"key":"e_1_3_2_2_79_1","doi-asserted-by":"publisher","DOI":"10.1145\/2834050.2834095"}],"event":{"name":"CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security","location":"London United Kingdom","acronym":"CCS '19","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3363199","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3319535.3363199","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3319535.3363199","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:44:32Z","timestamp":1750203872000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3319535.3363199"}},"subtitle":["Multi-Aspect Execution for Automated Dynamic Web Server Malware Analysis"],"short-title":[],"issued":{"date-parts":[[2019,11,6]]},"references-count":79,"alternative-id":["10.1145\/3319535.3363199","10.1145\/3319535"],"URL":"https:\/\/doi.org\/10.1145\/3319535.3363199","relation":{},"subject":[],"published":{"date-parts":[[2019,11,6]]},"assertion":[{"value":"2019-11-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}