{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:13:27Z","timestamp":1772039607876,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":62,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,12,9]],"date-time":"2019-12-09T00:00:00Z","timestamp":1575849600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,12,9]]},"DOI":"10.1145\/3359789.3359821","type":"proceedings-article","created":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T18:41:59Z","timestamp":1574448119000},"page":"430-443","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Cubismo"],"prefix":"10.1145","author":[{"given":"Abbas","family":"Naderi-Afooshteh","sequence":"first","affiliation":[{"name":"University of Virginia"}]},{"given":"Yonghwi","family":"Kwon","sequence":"additional","affiliation":[{"name":"University of Virginia"}]},{"given":"Anh","family":"Nguyen-Tuong","sequence":"additional","affiliation":[{"name":"University of Virginia"}]},{"given":"Mandana","family":"Bagheri-Marzijarani","sequence":"additional","affiliation":[{"name":"University of Virginia"}]},{"given":"Jack W.","family":"Davidson","sequence":"additional","affiliation":[{"name":"University of Virginia"}]}],"member":"320","published-online":{"date-parts":[[2019,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"A free online service for analysis of files and URLs enabling the identification of malicious content. 2016. VirusTotal. https:\/\/www.virustotal.com. (2016).  A free online service for analysis of files and URLs enabling the identification of malicious content. 2016. VirusTotal. https:\/\/www.virustotal.com. (2016)."},{"key":"e_1_3_2_1_2_1","unstructured":"Anonymous. 2019. Anonymized-for-review. https:\/\/www.anonymous.com\/. (2019).  Anonymous. 2019. Anonymized-for-review. https:\/\/www.anonymous.com\/. (2019)."},{"key":"e_1_3_2_1_3_1","unstructured":"Avast Software. 2019. Avast Antivirus. https:\/\/www.avast.com\/. (2019).  Avast Software. 2019. Avast Antivirus. https:\/\/www.avast.com\/. (2019)."},{"key":"e_1_3_2_1_4_1","unstructured":"Avast Software. 2019. AVG Antivirus. https:\/\/www.avg.com\/. (2019).  Avast Software. 2019. AVG Antivirus. https:\/\/www.avg.com\/. (2019)."},{"key":"e_1_3_2_1_5_1","unstructured":"b374k. 2019. PHP Webshell with handy features. https:\/\/github.com\/b374k\/b374k. (2019).  b374k. 2019. PHP Webshell with handy features. https:\/\/github.com\/b374k\/b374k. (2019)."},{"key":"e_1_3_2_1_6_1","unstructured":"Baidu. 2019. Baidu Antivirus. http:\/\/sd.baidu.com\/. (2019).  Baidu. 2019. Baidu Antivirus. http:\/\/sd.baidu.com\/. (2019)."},{"key":"e_1_3_2_1_7_1","volume-title":"Farnam Jahanian, and Jose Nazario.","author":"Bailey Michael","year":"2007","unstructured":"Michael Bailey , Jon Oberheide , Jon Andersen , Zhuoqing Morley Mao , Farnam Jahanian, and Jose Nazario. 2007 . Automated Classification and Analysis of Internet Malware. RAID ( 2007). Michael Bailey, Jon Oberheide, Jon Andersen, Zhuoqing Morley Mao, Farnam Jahanian, and Jose Nazario. 2007. Automated Classification and Analysis of Internet Malware. RAID (2007)."},{"key":"e_1_3_2_1_8_1","volume-title":"NDSS 2010, 17th Annual Network and Distributed System Security Symposium, February 28th-March 3rd","author":"Balzarotti Davide","year":"2010","unstructured":"Davide Balzarotti , Marco Cova , Christoph Karlberger , Christopher Kruegel , Engin Kirda , and Giovanni Vigna . 2010 . Efficient detection of split personalities in malware . In NDSS 2010, 17th Annual Network and Distributed System Security Symposium, February 28th-March 3rd , 2010, San Diego, USA. San Diego, UNITED STATES. http:\/\/www.eurecom.fr\/publication\/3022 Davide Balzarotti, Marco Cova, Christoph Karlberger, Christopher Kruegel, Engin Kirda, and Giovanni Vigna. 2010. Efficient detection of split personalities in malware. In NDSS 2010, 17th Annual Network and Distributed System Security Symposium, February 28th-March 3rd, 2010, San Diego, USA. San Diego, UNITED STATES. http:\/\/www.eurecom.fr\/publication\/3022"},{"key":"e_1_3_2_1_9_1","volume-title":"A View on Current Malware Behaviors. LEET","author":"Bayer Ulrich","year":"2009","unstructured":"Ulrich Bayer , Imam Habibi , Davide Balzarotti , and Engin Kirda . 2009. A View on Current Malware Behaviors. LEET ( 2009 ). Ulrich Bayer, Imam Habibi, Davide Balzarotti, and Engin Kirda. 2009. A View on Current Malware Behaviors. LEET (2009)."},{"key":"e_1_3_2_1_10_1","unstructured":"Bkav Corporation. 2019. Bkav Internet Security. http:\/\/www.bkav.com\/bkav-internet-security. (2019).  Bkav Corporation. 2019. Bkav Internet Security. http:\/\/www.bkav.com\/bkav-internet-security. (2019)."},{"key":"e_1_3_2_1_11_1","volume-title":"USENIX Security Symposium. Usenix.","author":"Blazytko Tim","year":"2017","unstructured":"Tim Blazytko , Moritz Contag , Cornelius Aschermann , and Thorsten Holz . 2017 . Syntia: Synthesizing the semantics of obfuscated code . In USENIX Security Symposium. Usenix. Tim Blazytko, Moritz Contag, Cornelius Aschermann, and Thorsten Holz. 2017. Syntia: Synthesizing the semantics of obfuscated code. In USENIX Security Symposium. Usenix."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Kevin Borgolte Christopher Kruegel and Giovanni Vigna. 2013. Delta: automatic identification of unknown web-based infection campaigns. ACM.  Kevin Borgolte Christopher Kruegel and Giovanni Vigna. 2013. Delta: automatic identification of unknown web-based infection campaigns. ACM.","DOI":"10.1145\/2508859.2516725"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-68768-14"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2501654.2501663"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"e_1_3_2_1_16_1","unstructured":"Christian Johansson. 2017. Doesn't support comments outside of namespaces declared with bracketed syntax. https:\/\/github.com\/nikic\/PHP-Parser\/issues\/412. (2017). Accessed: 2019-05-30.  Christian Johansson. 2017. Doesn't support comments outside of namespaces declared with bracketed syntax. https:\/\/github.com\/nikic\/PHP-Parser\/issues\/412. (2017). Accessed: 2019-05-30."},{"key":"e_1_3_2_1_17_1","volume-title":"Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace. arXiv.org (July","author":"Christin Nicolas","year":"2012","unstructured":"Nicolas Christin . 2012. Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace. arXiv.org (July 2012 ). arXiv:1207.7139v2 Nicolas Christin. 2012. Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace. arXiv.org (July 2012). arXiv:1207.7139v2"},{"key":"e_1_3_2_1_18_1","volume-title":"Testing malware detectors. ISSTA","author":"Christodorescu Mihai","year":"2004","unstructured":"Mihai Christodorescu and Somesh Jha . 2004. Testing malware detectors. ISSTA ( 2004 ), 34. Mihai Christodorescu and Somesh Jha. 2004. Testing malware detectors. ISSTA (2004), 34."},{"key":"e_1_3_2_1_19_1","volume-title":"Semantics-Aware Malware Detection. In 2005 IEEE Symposium on Security and Privacy (S&P'05)","author":"Christodorescu M","year":"2005","unstructured":"M Christodorescu , S Jha , S A Seshia , D Song , and R E Bryant . 2005 . Semantics-Aware Malware Detection. In 2005 IEEE Symposium on Security and Privacy (S&P'05) . IEEE, 32--46. M Christodorescu, S Jha, S A Seshia, D Song, and R E Bryant. 2005. Semantics-Aware Malware Detection. In 2005 IEEE Symposium on Security and Privacy (S&P'05). IEEE, 32--46."},{"key":"e_1_3_2_1_20_1","unstructured":"Christine Council and Sammi Seaman. 2016. ClamAV. https:\/\/www.clamav.net\/. (2016).  Christine Council and Sammi Seaman. 2016. ClamAV. https:\/\/www.clamav.net\/. (2016)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_22_1","volume-title":"Proceedings of the 23rd USENIX Conference on Security Symposium (SEC'14)","author":"Egele Manuel","year":"2014","unstructured":"Manuel Egele , Maverick Woo , Peter Chapman , and David Brumley . 2014 . Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components . In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC'14) . USENIX Association, Berkeley, CA, USA, 303--317. http:\/\/dl.acm.org\/citation.cfm?id=2671225.2671245 Manuel Egele, Maverick Woo, Peter Chapman, and David Brumley. 2014. Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components. In Proceedings of the 23rd USENIX Conference on Security Symposium (SEC'14). USENIX Association, Berkeley, CA, USA, 303--317. http:\/\/dl.acm.org\/citation.cfm?id=2671225.2671245"},{"key":"e_1_3_2_1_23_1","volume-title":"USENIX Security Symposium","author":"Graziano Mariano","year":"2015","unstructured":"Mariano Graziano , Davide Canali , Leyla Bilge , Andrea Lanzi , and Davide Balzarotti . 2015 . Needles in a Haystack - Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence . USENIX Security Symposium (2015). Mariano Graziano, Davide Canali, Leyla Bilge, Andrea Lanzi, and Davide Balzarotti. 2015. Needles in a Haystack - Mining Information from Public Dynamic Analysis Sandboxes for Malware Intelligence. USENIX Security Symposium (2015)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314618"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2015.7081870"},{"key":"e_1_3_2_1_26_1","unstructured":"Inscapsula. 2017. 2017 Data Breach Investigations Report. https:\/\/www.ictsecuritymagazine.com\/wp-content\/uploads\/2017-Data-Breach-Investigations-Report.pdf. (2017).  Inscapsula. 2017. 2017 Data Breach Investigations Report. https:\/\/www.ictsecuritymagazine.com\/wp-content\/uploads\/2017-Data-Breach-Investigations-Report.pdf. (2017)."},{"key":"e_1_3_2_1_27_1","unstructured":"Inscapsula. 2017. How Backdoors Bypass Security Solutions with Advanced Camouflage Techniques. https:\/\/www.incapsula.com\/blog\/backdoor-malware-analysis-obfuscation-techniques.html. (2017).  Inscapsula. 2017. How Backdoors Bypass Security Solutions with Advanced Camouflage Techniques. https:\/\/www.incapsula.com\/blog\/backdoor-malware-analysis-obfuscation-techniques.html. (2017)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.33"},{"key":"e_1_3_2_1_29_1","unstructured":"ionCube Ltd. 2019. ionCube. https:\/\/www.ioncube.com\/phpencoder.php. (2019).  ionCube Ltd. 2019. ionCube. https:\/\/www.ioncube.com\/phpencoder.php. (2019)."},{"key":"e_1_3_2_1_30_1","volume-title":"Transcend: Detecting concept drift in malware classification models. In PROCEEDINGS OF THE 26TH USENIX SECURITY SYMPOSIUM (USENIX SECURITY'17)","author":"Jordaney Roberto","year":"2017","unstructured":"Roberto Jordaney , Kumar Sharad , Santanu K Dash , Zhi Wang , Davide Papini , Ilia Nouretdinov , and Lorenzo Cavallaro . 2017 . Transcend: Detecting concept drift in malware classification models. In PROCEEDINGS OF THE 26TH USENIX SECURITY SYMPOSIUM (USENIX SECURITY'17) . USENIX Association , 625--642. Roberto Jordaney, Kumar Sharad, Santanu K Dash, Zhi Wang, Davide Papini, Ilia Nouretdinov, and Lorenzo Cavallaro. 2017. Transcend: Detecting concept drift in malware classification models. In PROCEEDINGS OF THE 26TH USENIX SECURITY SYMPOSIUM (USENIX SECURITY'17). USENIX Association, 625--642."},{"key":"e_1_3_2_1_31_1","volume-title":"Precise alias analysis for static detection of web application vulnerabilities. PLAS","author":"Jovanovic Nenad","year":"2006","unstructured":"Nenad Jovanovic , Christopher Kruegel , and Engin Kirda . 2006. Precise alias analysis for static detection of web application vulnerabilities. PLAS ( 2006 ). Nenad Jovanovic, Christopher Kruegel, and Engin Kirda. 2006. Precise alias analysis for static detection of web application vulnerabilities. PLAS (2006)."},{"key":"e_1_3_2_1_32_1","volume-title":"USENIX Security Symposium","author":"Kapravelos Alexandros","year":"2013","unstructured":"Alexandros Kapravelos , Yan Shoshitaishvili , Marco Cova , Christopher Kruegel , and Giovanni Vigna . 2013 . Revolver - An Automated Approach to the Detection of Evasive Web-based Malware . USENIX Security Symposium (2013). Alexandros Kapravelos, Yan Shoshitaishvili, Marco Cova, Christopher Kruegel, and Giovanni Vigna. 2013. Revolver - An Automated Approach to the Detection of Evasive Web-based Malware. USENIX Security Symposium (2013)."},{"key":"e_1_3_2_1_33_1","volume-title":"USENIX Security Symposium","author":"Kharraz Amin","year":"2016","unstructured":"Amin Kharraz , Sajjad Arshad , Collin Mulliner , William K Robertson , and Engin Kirda . 2016 . UNVEIL - A Large-Scale, Automated Approach to Detecting Ransomware . USENIX Security Symposium (2016). Amin Kharraz, Sajjad Arshad, Collin Mulliner, William K Robertson, and Engin Kirda. 2016. UNVEIL - A Large-Scale, Automated Approach to Detecting Ransomware. USENIX Security Symposium (2016)."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052674"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855768.1855790"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.48"},{"key":"e_1_3_2_1_37_1","volume-title":"Proc BlackHat USA Security Conference","author":"Kruegel C","year":"2014","unstructured":"C Kruegel . 2014 . Full system emulation: Achieving successful automated dynamic analysis of evasive malware . Proc BlackHat USA Security Conference (2014). C Kruegel. 2014. Full system emulation: Achieving successful automated dynamic analysis of evasive malware. Proc BlackHat USA Security Conference (2014)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIME-E.2014.7011581"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-018"},{"key":"e_1_3_2_1_40_1","unstructured":"mobilefish.coml. 2019. Simple online PHP obfuscator. https:\/\/www.mobilefish.com\/services\/phpobfuscator\/phpobfuscator.php. (2019).  mobilefish.coml. 2019. Simple online PHP obfuscator. https:\/\/www.mobilefish.com\/services\/phpobfuscator\/phpobfuscator.php. (2019)."},{"key":"e_1_3_2_1_41_1","volume-title":"Exploring Multiple Execution Paths for Malware Analysis. In 2007 IEEE Symposium on Security and Privacy (SP '07)","author":"Moser Andreas","year":"2007","unstructured":"Andreas Moser , Christopher Kruegel , and Engin Kirda . 2007 . Exploring Multiple Execution Paths for Malware Analysis. In 2007 IEEE Symposium on Security and Privacy (SP '07) . IEEE, 231--245. Andreas Moser, Christopher Kruegel, and Engin Kirda. 2007. Exploring Multiple Execution Paths for Malware Analysis. In 2007 IEEE Symposium on Security and Privacy (SP '07). IEEE, 231--245."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","unstructured":"Naderi-Afooshteh Abbas and Kwon Yonghwi and Nguyen-Tuong Anh and Bagheri-Marzijarani Mandana and Davidson Jack. 2019. CUBISMO Research Artifacts. https:\/\/cubismo.s3.amazonaws.com\/cubismo.html. (2019).  Naderi-Afooshteh Abbas and Kwon Yonghwi and Nguyen-Tuong Anh and Bagheri-Marzijarani Mandana and Davidson Jack. 2019. CUBISMO Research Artifacts. https:\/\/cubismo.s3.amazonaws.com\/cubismo.html. (2019).","DOI":"10.1145\/3359789.3359821"},{"key":"e_1_3_2_1_43_1","unstructured":"NBS Systems. 2016. PHP Malware Finder. https:\/\/github.com\/nbs-system\/php-malware-finder. (2016).  NBS Systems. 2016. PHP Malware Finder. https:\/\/github.com\/nbs-system\/php-malware-finder. (2016)."},{"key":"e_1_3_2_1_44_1","unstructured":"Nikita Popov. 2019. PHP-Parser. https:\/\/github.com\/nikic\/PHP-Parser. (2019). Accessed: 2019-05-30.  Nikita Popov. 2019. PHP-Parser. https:\/\/github.com\/nikic\/PHP-Parser. (2019). Accessed: 2019-05-30."},{"key":"e_1_3_2_1_45_1","volume-title":"X-Force - Force-Executing Binary Programs for Security Applications. USENIX Security Symposium","author":"Peng Fei","year":"2014","unstructured":"Fei Peng , Zhui Deng , Xiangyu Zhang , Dongyan Xu , Zhiqiang Lin , and Zhendong Su . 2014 . X-Force - Force-Executing Binary Programs for Security Applications. USENIX Security Symposium (2014). Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-Force - Force-Executing Binary Programs for Security Applications. USENIX Security Symposium (2014)."},{"key":"e_1_3_2_1_46_1","volume-title":"Ghost Turns Zombie - Exploring the Life Cycle of Web-based Malware. LEET","author":"Polychronakis Michalis","year":"2008","unstructured":"Michalis Polychronakis and Niels Provos . 2008. Ghost Turns Zombie - Exploring the Life Cycle of Web-based Malware. LEET ( 2008 ). Michalis Polychronakis and Niels Provos. 2008. Ghost Turns Zombie - Exploring the Life Cycle of Web-based Malware. LEET (2008)."},{"key":"e_1_3_2_1_47_1","unstructured":"R-fx Networks. 2016. Linux Malware Detect. https:\/\/www.rfxn.com\/projects\/linux-malware-detect\/. (2016).  R-fx Networks. 2016. Linux Malware Detect. https:\/\/www.rfxn.com\/projects\/linux-malware-detect\/. (2016)."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/2491956.2462168"},{"key":"e_1_3_2_1_49_1","unstructured":"James Scott. 2017. Signature Based Malware Detection is Dead. (2017).  James Scott. 2017. Signature Based Malware Detection is Dead. (2017)."},{"key":"e_1_3_2_1_50_1","volume-title":"Automatically Detecting Vulnerable Websites Before They Turn Malicious. USENIX Security Symposium","author":"Soska Kyle","year":"2014","unstructured":"Kyle Soska and Nicolas Christin . 2014 . Automatically Detecting Vulnerable Websites Before They Turn Malicious. USENIX Security Symposium (2014). Kyle Soska and Nicolas Christin. 2014. Automatically Detecting Vulnerable Websites Before They Turn Malicious. USENIX Security Symposium (2014)."},{"key":"e_1_3_2_1_51_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Staicu Cristian-Alexandru","year":"2018","unstructured":"Cristian-Alexandru Staicu and Michael Pradel . 2018 . Freezing the web: A study of redos vulnerabilities in javascript-based web servers . In 27th USENIX Security Symposium (USENIX Security 18) . 361--376. Cristian-Alexandru Staicu and Michael Pradel. 2018. Freezing the web: A study of redos vulnerabilities in javascript-based web servers. In 27th USENIX Security Symposium (USENIX Security 18). 361--376."},{"key":"e_1_3_2_1_52_1","volume-title":"Website Report","year":"2017","unstructured":"Sucuri. 2017. Hacked Website Report 2017 . https:\/\/www.fortinet.com\/content\/dam\/fortinet\/assets\/threat-reports\/Fortinet-Threat-Report-Q2-2017.pdf. (2017). Sucuri. 2017. Hacked Website Report 2017. https:\/\/www.fortinet.com\/content\/dam\/fortinet\/assets\/threat-reports\/Fortinet-Threat-Report-Q2-2017.pdf. (2017)."},{"key":"e_1_3_2_1_53_1","volume-title":"POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs. ACM","author":"Sun Bo","year":"2016","unstructured":"Bo Sun , Akinori Fujino , and Tatsuya Mori . 2016 . POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs. ACM , New York , New York, USA. Bo Sun, Akinori Fujino, and Tatsuya Mori. 2016. POSTER: Toward Automating the Generation of Malware Analysis Reports Using the Sandbox Logs. ACM, New York, New York, USA."},{"key":"e_1_3_2_1_54_1","unstructured":"Symantec. 2019. 2019 Internet Security Threat Report. https:\/\/www.symantec.com\/security-center\/threat-report. (2019).  Symantec. 2019. 2019 Internet Security Threat Report. https:\/\/www.symantec.com\/security-center\/threat-report. (2019)."},{"key":"e_1_3_2_1_55_1","unstructured":"Vojt\u011bch Sokol. 2019. srcProtector for PHP. http:\/\/phpobfuscator.net\/. (2019).  Vojt\u011bch Sokol. 2019. srcProtector for PHP. http:\/\/phpobfuscator.net\/. (2019)."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-007-0074-9"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950352"},{"key":"e_1_3_2_1_58_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Wong Michelle Y","year":"2018","unstructured":"Michelle Y Wong and David Lie . 2018 . Tackling runtime-based obfuscation in Android with TIRO . In 27th USENIX Security Symposium (USENIX Security 18) . 1247--1262. Michelle Y Wong and David Lie. 2018. Tackling runtime-based obfuscation in Android with TIRO. In 27th USENIX Security Symposium (USENIX Security 18). 1247--1262."},{"key":"e_1_3_2_1_59_1","volume-title":"Towards a sandbox for the deobfuscation and dissection of PHP malware. In 2014 Information Security for South Africa (ISSA)","author":"Wrench Peter M","unstructured":"Peter M Wrench and Barry V W Irwin . 2014. Towards a sandbox for the deobfuscation and dissection of PHP malware. In 2014 Information Security for South Africa (ISSA) . IEEE , 1--8. Peter M Wrench and Barry V W Irwin. 2014. Towards a sandbox for the deobfuscation and dissection of PHP malware. In 2014 Information Security for South Africa (ISSA). IEEE, 1--8."},{"key":"e_1_3_2_1_60_1","volume-title":"Towards a PHP webshell taxonomy using deobfuscation-assisted similarity analysis. ISSA","author":"Wrench Peter M","year":"2015","unstructured":"Peter M Wrench and Barry V W Irwin . 2015. Towards a PHP webshell taxonomy using deobfuscation-assisted similarity analysis. ISSA ( 2015 ). Peter M Wrench and Barry V W Irwin. 2015. Towards a PHP webshell taxonomy using deobfuscation-assisted similarity analysis. ISSA (2015)."},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382257"},{"key":"e_1_3_2_1_62_1","unstructured":"Zend Technologies Ltd. 2015. Zend Guard. http:\/\/www.zend.com\/en\/products\/zend-guard. (2015).  Zend Technologies Ltd. 2015. Zend Guard. http:\/\/www.zend.com\/en\/products\/zend-guard. (2015)."}],"event":{"name":"ACSAC '19: 2019 Annual Computer Security Applications Conference","location":"San Juan Puerto Rico USA","acronym":"ACSAC '19"},"container-title":["Proceedings of the 35th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359821","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3359789.3359821","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:45:04Z","timestamp":1750203904000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359821"}},"subtitle":["decloaking server-side malware via cubist program analysis"],"short-title":[],"issued":{"date-parts":[[2019,12,9]]},"references-count":62,"alternative-id":["10.1145\/3359789.3359821","10.1145\/3359789"],"URL":"https:\/\/doi.org\/10.1145\/3359789.3359821","relation":{},"subject":[],"published":{"date-parts":[[2019,12,9]]},"assertion":[{"value":"2019-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}