{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:26:48Z","timestamp":1750220808335,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":55,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,15]],"date-time":"2019-11-15T00:00:00Z","timestamp":1573776000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,15]]},"DOI":"10.1145\/3338503.3357720","type":"proceedings-article","created":{"date-parts":[[2019,11,7]],"date-time":"2019-11-07T19:43:22Z","timestamp":1573155802000},"page":"15-26","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["MetaHunt"],"prefix":"10.1145","author":[{"given":"Li","family":"Wang","sequence":"first","affiliation":[{"name":"Pennsylvania State University, University Park, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dongpeng","family":"Xu","sequence":"additional","affiliation":[{"name":"University of New Hampshire, Durham, NH, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiang","family":"Ming","sequence":"additional","affiliation":[{"name":"University of Texas at Arlington, Arlington, TX, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yu","family":"Fu","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, University Park, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dinghao","family":"Wu","sequence":"additional","affiliation":[{"name":"Pennsylvania State University, University Park, PA, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2019,11,15]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/2659651.2659670"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2465351.2465380"},{"key":"e_1_3_2_1_3_1","volume-title":"Proceedings of the 2007 International Conference on Computer, Electrical, and Systems Science, and Engineering (CESSE'07)","author":"Beaucamps Philippe","year":"2007","unstructured":"Philippe Beaucamps . 2007 . Advanced Metamorphic Techniques in Computer Viruses . In Proceedings of the 2007 International Conference on Computer, Electrical, and Systems Science, and Engineering (CESSE'07) . Philippe Beaucamps. 2007. Advanced Metamorphic Techniques in Computer Viruses. In Proceedings of the 2007 International Conference on Computer, Electrical, and Systems Science, and Engineering (CESSE'07)."},{"volume-title":"Proceedings of Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'06)","author":"Bruschi D.","key":"e_1_3_2_1_4_1","unstructured":"D. Bruschi , L. Martignoni , and M. Monga . 2006. Detecting Self-mutating Malware Using Control-Flow Graph Matching . In Proceedings of Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'06) . D. Bruschi, L. Martignoni, and M. Monga. 2006. Detecting Self-mutating Malware Using Control-Flow Graph Matching. In Proceedings of Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'06)."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.31"},{"key":"e_1_3_2_1_6_1","unstructured":"Lorenzo Cavallaro. 2014. Malicious Software and its Underground Economy. https:\/\/www.coursera.org\/course\/malsoftware.  Lorenzo Cavallaro. 2014. Malicious Software and its Underground Economy. https:\/\/www.coursera.org\/course\/malsoftware."},{"volume-title":"Proceedings of the GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA'08)","author":"Cavallaro L.","key":"e_1_3_2_1_7_1","unstructured":"L. Cavallaro , P. Saxena , and R. Sekar . 2008. On the Limits of Information Flow Techniques for Malware Analysis and Containment . In Proceedings of the GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA'08) . L. Cavallaro, P. Saxena, and R. Sekar. 2008. On the Limits of Information Flow Techniques for Malware Analysis and Containment. In Proceedings of the GI International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment (DIMVA'08)."},{"volume-title":"Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI'10)","author":"Cha Sang Kil","key":"e_1_3_2_1_8_1","unstructured":"Sang Kil Cha , Iulian Moraru , Jiyong Jang , John Truelove , David Brumley , and David G. Andersen . 2010. SplitScreen: Enabling Efficient, Distributed Malware Detection . In Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI'10) . Sang Kil Cha, Iulian Moraru, Jiyong Jang, John Truelove, David Brumley, and David G. Andersen. 2010. SplitScreen: Enabling Efficient, Distributed Malware Detection. In Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI'10)."},{"volume-title":"Proceedings of the 4th ACM Workshop on Recurring Malcode (WORM'06)","author":"Mohamed","key":"e_1_3_2_1_9_1","unstructured":"Mohamed R. Chouchane and Arun Lakhotia. 2006. Using Engine Signature to Detect Metamorphic Malware . In Proceedings of the 4th ACM Workshop on Recurring Malcode (WORM'06) . Mohamed R. Chouchane and Arun Lakhotia. 2006. Using Engine Signature to Detect Metamorphic Malware. In Proceedings of the 4th ACM Workshop on Recurring Malcode (WORM'06)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314397"},{"volume-title":"Proc. of the IEEE Symposium on Security and Privacy.","author":"Christodorescu M.","key":"e_1_3_2_1_11_1","unstructured":"M. Christodorescu , S. Jha , S. Seshia , D. Song , and R. Bryant . 2005. Semantics-aware malware detection . In Proc. of the IEEE Symposium on Security and Privacy. M. Christodorescu, S. Jha, S. Seshia, D. Song, and R. Bryant. 2005. Semantics-aware malware detection. In Proc. of the IEEE Symposium on Security and Privacy."},{"volume-title":"Introduction to Algorithms","author":"Cormen Thomas H.","key":"e_1_3_2_1_12_1","unstructured":"Thomas H. Cormen , Charles E. Leiserson , Ronald L. Rivest , and Clifford Stein . 2001. Introduction to Algorithms (Second ed.). MIT Press , Chapter 21: Data structures for Disjoint Sets, 498--524. Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein. 2001. Introduction to Algorithms (Second ed.). MIT Press, Chapter 21: Data structures for Disjoint Sets, 498--524."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.tcs.2015.02.024"},{"key":"e_1_3_2_1_14_1","volume-title":"International Static Analysis Symposium. 218--235","author":"Preda Mila Dalla","year":"2010","unstructured":"Mila Dalla Preda , Roberto Giacobazzi , Saumya Debray , Kevin Coogan , and Gregg M Townsend . 2010 . Modelling metamorphism by abstract interpretation . In International Static Analysis Symposium. 218--235 . Mila Dalla Preda, Roberto Giacobazzi, Saumya Debray, Kevin Coogan, and Gregg M Townsend. 2010. Modelling metamorphism by abstract interpretation. In International Static Analysis Symposium. 218--235."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2908080.2908126"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/3062341.3062387"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJMIS.2010.039240"},{"volume-title":"Proceedings of the ACM Conference on Computer and Communications Security (CCS'08)","author":"Dinaburg A.","key":"e_1_3_2_1_18_1","unstructured":"A. Dinaburg , P. Royal , M. Sharif , and W. Lee . 2008. Ether: Malware Analysis via Hardware Virtualization Extensions . In Proceedings of the ACM Conference on Computer and Communications Security (CCS'08) . A. Dinaburg, P. Royal, M. Sharif, and W. Lee. 2008. Ether: Malware Analysis via Hardware Virtualization Extensions. In Proceedings of the ACM Conference on Computer and Communications Security (CCS'08)."},{"key":"e_1_3_2_1_19_1","unstructured":"The Mental Driller. last reviewed 04\/14\/2015. Metamorphism in practice or How I made MetaPHOR and what I've learnt. http:\/\/vxheaven.org\/lib\/vmd01.html.  The Mental Driller. last reviewed 04\/14\/2015. Metamorphism in practice or How I made MetaPHOR and what I've learnt. http:\/\/vxheaven.org\/lib\/vmd01.html."},{"volume-title":"Proceedings of the 2007 International Conference in Computer Aided Verification (CAV'07)","author":"Ganesh Vijay","key":"e_1_3_2_1_20_1","unstructured":"Vijay Ganesh and David L. Dill . 2007. A Decision Procedure for Bit-vectors and Arrays . In Proceedings of the 2007 International Conference in Computer Aided Verification (CAV'07) . Vijay Ganesh and David L. Dill. 2007. A Decision Procedure for Bit-vectors and Arrays. In Proceedings of the 2007 International Conference in Computer Aided Verification (CAV'07)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88625-9_16"},{"volume-title":"Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08)","author":"Godefroid P.","key":"e_1_3_2_1_22_1","unstructured":"P. Godefroid , M. Y. Levin , and D. Molnar . 2008. Automated Whitebox Fuzz Testing . In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08) . P. Godefroid, M. Y. Levin, and D. Molnar. 2008. Automated Whitebox Fuzz Testing. In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08)."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the 22nd USENIX Security Symposium.","author":"Jang Jiyong","year":"2013","unstructured":"Jiyong Jang , Maverick Woo , and David Brumley . 2013 . Towards Automatic Software Lineage Inference . In Proceedings of the 22nd USENIX Security Symposium. Jiyong Jang, Maverick Woo, and David Brumley. 2013. Towards Automatic Software Lineage Inference. In Proceedings of the 22nd USENIX Security Symposium."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPRO.2015.10"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2430553.2430558"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2004.1281665"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2009.5403019"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1774088.1774505"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2635868.2635900"},{"key":"e_1_3_2_1_30_1","volume-title":"Proceedings of the 15th Annual International Conference on Information Security and Cryptology (ICISC'12)","author":"Ming Jiang","year":"2012","unstructured":"Jiang Ming , Meng Pan , and Debin Gao . 2012 . iBinHunt: Binary Hunting with Inter-Procedural Control Flow . In Proceedings of the 15th Annual International Conference on Information Security and Cryptology (ICISC'12) . Jiang Ming, Meng Pan, and Debin Gao. 2012. iBinHunt: Binary Hunting with Inter-Procedural Control Flow. In Proceedings of the 15th Annual International Conference on Information Security and Cryptology (ICISC'12)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813617"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-18467-8_28"},{"key":"e_1_3_2_1_33_1","first-page":"77","article-title":"Frankenstein: Stitching Malware from Benign Binaries","volume":"12","author":"Mohan Vishwath","year":"2012","unstructured":"Vishwath Mohan and Kevin W Hamlen . 2012 . Frankenstein: Stitching Malware from Benign Binaries . WOOT , Vol. 12 (2012), 77 -- 84 . Vishwath Mohan and Kevin W Hamlen. 2012. Frankenstein: Stitching Malware from Benign Binaries. WOOT, Vol. 12 (2012), 77--84.","journal-title":"WOOT"},{"key":"e_1_3_2_1_34_1","volume-title":"Proceedings of the 3rd International Conference on Security of Information and Networks (SIN'10)","author":"Nair Vinod P.","year":"2010","unstructured":"Vinod P. Nair , Harshit Jain , Yashwant K. Golecha , Manoj Singh Gaur , and Vijay Laxmi . 2010 . MEDUSA: MEtamorphic Malware Dynamic Analysis Using Signature from API . In Proceedings of the 3rd International Conference on Security of Information and Networks (SIN'10) . Vinod P. Nair, Harshit Jain, Yashwant K. Golecha, Manoj Singh Gaur, and Vijay Laxmi. 2010. MEDUSA: MEtamorphic Malware Dynamic Analysis Using Signature from API. In Proceedings of the 3rd International Conference on Security of Information and Networks (SIN'10)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2013.83"},{"key":"e_1_3_2_1_36_1","volume-title":"Proceedings of the 2009 Black Hat USA.","author":"Oh Jeong Wook","year":"2009","unstructured":"Jeong Wook Oh . 2009 . Fight against 1-day exploits: Diffing Binaries vs Anti-diffing Binaries . In Proceedings of the 2009 Black Hat USA. Jeong Wook Oh. 2009. Fight against 1-day exploits: Diffing Binaries vs Anti-diffing Binaries. In Proceedings of the 2009 Black Hat USA."},{"key":"e_1_3_2_1_37_1","volume-title":"Obfuscation: The Hidden Malware","author":"Kane Philip","year":"2011","unstructured":"Philip O Kane , Sakir Sezer , and Kieran McLaughlin . 2011 . Obfuscation: The Hidden Malware . IEEE Security and Privacy , Vol . 9, 5 (2011). Philip OKane, Sakir Sezer, and Kieran McLaughlin. 2011. Obfuscation: The Hidden Malware. IEEE Security and Privacy, Vol. 9, 5 (2011)."},{"key":"e_1_3_2_1_38_1","unstructured":"Orr. last reviewed 04\/14\/2015. The Molecular Virology of Lexotan32: Metamorphism Illustrated. http:\/\/www.openrce.org\/articles\/full_view\/29.  Orr. last reviewed 04\/14\/2015. The Molecular Virology of Lexotan32: Metamorphism Illustrated. http:\/\/www.openrce.org\/articles\/full_view\/29."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2011.6127478"},{"key":"e_1_3_2_1_40_1","volume-title":"Annual Report","author":"Security Panda","year":"2017","unstructured":"Panda Security . 2017. PandaLabs Annual Report 2017 . https:\/\/www.pandasecurity.com\/mediacenter\/src\/uploads\/2017\/11\/PandaLabs_Annual_Report_2017.pdf. Panda Security. 2017. PandaLabs Annual Report 2017. https:\/\/www.pandasecurity.com\/mediacenter\/src\/uploads\/2017\/11\/PandaLabs_Annual_Report_2017.pdf."},{"key":"e_1_3_2_1_41_1","volume-title":"Symposium on Security for Asia Network (SyScan'14)","author":"Payer Mathias","year":"2014","unstructured":"Mathias Payer . 2014 . Embracing the new threat: towards automatically, self-diversifying malware . Symposium on Security for Asia Network (SyScan'14) . Mathias Payer. 2014. Embracing the new threat: towards automatically, self-diversifying malware. Symposium on Security for Asia Network (SyScan'14)."},{"key":"e_1_3_2_1_43_1","volume-title":"Striking Similarities: Win32\/Simile and Metamorphic Virus Code. Symantec Security Response.","author":"Perriot Fr\u00e9d\u00e9ric","year":"2003","unstructured":"Fr\u00e9d\u00e9ric Perriot , Peter Ferrie , and P\u00e9ter Sz\u00f6r . 2003 . Striking Similarities: Win32\/Simile and Metamorphic Virus Code. Symantec Security Response. Fr\u00e9d\u00e9ric Perriot, Peter Ferrie, and P\u00e9ter Sz\u00f6r. 2003. Striking Similarities: Win32\/Simile and Metamorphic Virus Code. Symantec Security Response."},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of the 6th International Conference on Information Systems, Technology and Management (ICISTM'12)","author":"Preda Mila Dalla","year":"2012","unstructured":"Mila Dalla Preda . 2012 . The Grand Challenge in Metamorphic Analysis . In Proceedings of the 6th International Conference on Information Systems, Technology and Management (ICISTM'12) . Mila Dalla Preda. 2012. The Grand Challenge in Metamorphic Analysis. In Proceedings of the 6th International Conference on Information Systems, Technology and Management (ICISTM'12)."},{"key":"e_1_3_2_1_45_1","volume-title":"Miller","author":"Roundy Kevin A.","year":"2013","unstructured":"Kevin A. Roundy and Barton P . Miller . 2013 . Binary-code Obfuscations in Prevalent Packer Tools. Comput. Surveys , Vol. 46 , 1 (2013). Kevin A. Roundy and Barton P. Miller. 2013. Binary-code Obfuscations in Prevalent Packer Tools. Comput. Surveys, Vol. 46, 1 (2013)."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"volume-title":"The Art of Computer Virus Research and Defense","author":"Szor Peter","key":"e_1_3_2_1_47_1","unstructured":"Peter Szor . 2005. The Art of Computer Virus Research and Defense . Addison-Wesley Professional . Peter Szor. 2005. The Art of Computer Virus Research and Defense. Addison-Wesley Professional."},{"key":"e_1_3_2_1_48_1","unstructured":"P\u00e9ter Sz\u00f6r and Peter Ferrie. 2001. Hunting For Metamorphic. Symantec White Paper.  P\u00e9ter Sz\u00f6r and Peter Ferrie. 2001. Hunting For Metamorphic. Symantec White Paper."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-013-0194-3"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-008-0081-5"},{"key":"e_1_3_2_1_51_1","volume-title":"Reassembleable Disassembling. In Proceedings of the 24th USENIX Security Symposium (USENIX Security '15)","author":"Wang Shuai","year":"2015","unstructured":"Shuai Wang , Pei Wang , and Dinghao Wu . 2015 . Reassembleable Disassembling. In Proceedings of the 24th USENIX Security Symposium (USENIX Security '15) . USENIX Association. Shuai Wang, Pei Wang, and Dinghao Wu. 2015. Reassembleable Disassembling. In Proceedings of the 24th USENIX Security Symposium (USENIX Security '15). USENIX Association."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2016.106"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-008-0094-0"},{"key":"e_1_3_2_1_54_1","unstructured":"Ryan Welton. 2015. Obfuscating Android Applications using O-LLVM and the NDK. http:\/\/fuzion24.github.io\/.  Ryan Welton. 2015. Obfuscating Android Applications using O-LLVM and the NDK. http:\/\/fuzion24.github.io\/."},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-006-0028-7"},{"volume-title":"Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC'07)","author":"Zhang Qinghua","key":"e_1_3_2_1_56_1","unstructured":"Qinghua Zhang and Douglas S. Reeves . 2007. MetaAware: Identifying Metamorphic Malware . In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC'07) . Qinghua Zhang and Douglas S. Reeves. 2007. MetaAware: Identifying Metamorphic Malware. In Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC'07)."}],"event":{"name":"CCS '19: 2019 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"London United Kingdom","acronym":"CCS '19"},"container-title":["Proceedings of the 3rd ACM Workshop on Software Protection"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3338503.3357720","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3338503.3357720","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:12:49Z","timestamp":1750201969000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3338503.3357720"}},"subtitle":["Towards Taming Malware Mutation via Studying the Evolution of Metamorphic Virus"],"short-title":[],"issued":{"date-parts":[[2019,11,15]]},"references-count":55,"alternative-id":["10.1145\/3338503.3357720","10.1145\/3338503"],"URL":"https:\/\/doi.org\/10.1145\/3338503.3357720","relation":{},"subject":[],"published":{"date-parts":[[2019,11,15]]},"assertion":[{"value":"2019-11-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}