{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:46:45Z","timestamp":1750308405613,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,11,15]],"date-time":"2019-11-15T00:00:00Z","timestamp":1573776000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,11,15]]},"DOI":"10.1145\/3371676.3371700","type":"proceedings-article","created":{"date-parts":[[2020,1,14]],"date-time":"2020-01-14T04:40:36Z","timestamp":1578976836000},"page":"11-19","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Semantic-based Malware Behavior Description"],"prefix":"10.1145","author":[{"given":"Ping","family":"Yang","sequence":"first","affiliation":[{"name":"State Key Laboratory of Mathematical Engineering and Advanced, University of Information and Engineering, Zhengzhou"}]},{"given":"Hui","family":"Shu","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Mathematical Engineering and Advanced, University of Information and Engineering, Zhengzhou"}]},{"given":"Xiaobing","family":"Xiong","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Mathematical Engineering and Advanced, University of Information and Engineering, Zhengzhou"}]},{"given":"Fei","family":"Kang","sequence":"additional","affiliation":[{"name":"State Key Laboratory of Mathematical Engineering and Advanced, University of Information and Engineering, Zhengzhou"}]}],"member":"320","published-online":{"date-parts":[[2020,1,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Zhuge Jianwei. Malware Analysis Practice [M] (in Chinese).  Zhuge Jianwei. Malware Analysis Practice [M] (in Chinese)."},{"key":"e_1_3_2_1_2_1","volume-title":"Research on Virtual Execution Analysis System of Malware [D]","author":"Wang Dong","year":"2011","unstructured":"Wang Dong . Research on Virtual Execution Analysis System of Malware [D] . University of Electronic Science and Technology , 2011 (in Chinese). Wang Dong. Research on Virtual Execution Analysis System of Malware [D]. University of Electronic Science and Technology, 2011 (in Chinese)."},{"key":"e_1_3_2_1_3_1","unstructured":"https:\/\/wenku.baidu.com\/view\/f2ea5259312b3169a451a447.html.  https:\/\/wenku.baidu.com\/view\/f2ea5259312b3169a451a447.html."},{"key":"e_1_3_2_1_4_1","volume-title":"A survey of malware behavior description and analysis[J]. Information and Electronic Engineering Frontier (in Einglish)","author":"Bo YU","year":"2018","unstructured":"Bo YU , Ying FANG , Qiang YANG , A survey of malware behavior description and analysis[J]. Information and Electronic Engineering Frontier (in Einglish) , 2018 (5). BoYU, Ying FANG, Qiang YANG, et al. A survey of malware behavior description and analysis[J]. Information and Electronic Engineering Frontier (in Einglish), 2018(5)."},{"key":"e_1_3_2_1_5_1","volume-title":"12th Asian Computing Science Conference, Doha, Qatar, December 9-11, 2007, Proceedings. Springer-Verlag","author":"Choi S","year":"2007","unstructured":"Choi S , Park H , Lim H I , A Static Birthmark of Binary Executables Based on API Call Structure[C]\/\/ Advances in Computer Science - ASIAN 2007. Computer and Network Security , 12th Asian Computing Science Conference, Doha, Qatar, December 9-11, 2007, Proceedings. Springer-Verlag , 2007 . Choi S, Park H, Lim H I, et al. A Static Birthmark of Binary Executables Based on API Call Structure[C]\/\/ Advances in Computer Science - ASIAN 2007. Computer and Network Security, 12th Asian Computing Science Conference, Doha, Qatar, December 9-11, 2007, Proceedings. Springer-Verlag, 2007."},{"key":"e_1_3_2_1_6_1","first-page":"52","article-title":"Towards understanding malware behaviour by the extraction of API calls[C]\/\/Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second","volume":"2010","author":"Alazab M","unstructured":"Alazab M , Venkataraman S , Watters P . Towards understanding malware behaviour by the extraction of API calls[C]\/\/Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second . IEEE , 2010 : 52 -- 59 . Alazab M, Venkataraman S, Watters P. Towards understanding malware behaviour by the extraction of API calls[C]\/\/Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second. IEEE, 2010: 52--59.","journal-title":"IEEE"},{"key":"e_1_3_2_1_7_1","unstructured":"https:\/\/www.fireeye.com\/blog\/threat-research\/2015\/11\/flare_ida_pro_script.html.FLARE IDA Pro Script Series: Automating Function Argument Extraction.  https:\/\/www.fireeye.com\/blog\/threat-research\/2015\/11\/flare_ida_pro_script.html.FLARE IDA Pro Script Series: Automating Function Argument Extraction."},{"issue":"9","key":"e_1_3_2_1_8_1","first-page":"116","article-title":"Malware behavior description and detection based on predicate temporal logic [J]","volume":"40","author":"Jinran","year":"2013","unstructured":"Jinran , Fan Rongrong, Gu Xiaoqi . Malware behavior description and detection based on predicate temporal logic [J] . Computer Science , 2013 , 40 ( 9 ): 116 -- 119 (in Chinese). Jinran, Fan Rongrong, Gu Xiaoqi. Malware behavior description and detection based on predicate temporal logic [J]. Computer Science, 2013, 40 (9): 116--119 (in Chinese).","journal-title":"Computer Science"},{"issue":"11","key":"e_1_3_2_1_9_1","first-page":"3730","article-title":"Hierarchical Analysis of Malware behavior Based on API Relevance[J]","volume":"35","author":"Zhenlian Li","year":"2014","unstructured":"Zhenlian Li , Shu Hui, Kang Fei et al . Hierarchical Analysis of Malware behavior Based on API Relevance[J] . Computer Engineering and Design , 2014 , 35 ( 11 ): 3730 -- 3735 (in Chinese). Zhenlian Li, Shu Hui, Kang Fei et al. Hierarchical Analysis of Malware behavior Based on API Relevance[J]. Computer Engineering and Design, 2014, 35(11):3730--3735 (in Chinese).","journal-title":"Computer Engineering and Design"},{"key":"e_1_3_2_1_10_1","volume-title":"a Fast and Portable Dynamic Translator[C]\/\/ Proceedings of the annual conference on USENIX Annual Technical Conference","author":"Bellard F. QEMU","year":"2005","unstructured":"Bellard F. QEMU , a Fast and Portable Dynamic Translator[C]\/\/ Proceedings of the annual conference on USENIX Annual Technical Conference , 2005 . USENIX Association , 2005. Bellard F. QEMU, a Fast and Portable Dynamic Translator[C]\/\/ Proceedings of the annual conference on USENIX Annual Technical Conference, 2005. USENIX Association, 2005."},{"key":"e_1_3_2_1_11_1","volume-title":"A Layered Architecture for Detecting Malware behaviors[C]\/\/ International Symposium on Recent Advances in Intrusion Detection","author":"Martignoni L","year":"2008","unstructured":"Martignoni L , Stinson E , Fredrikson M , A Layered Architecture for Detecting Malware behaviors[C]\/\/ International Symposium on Recent Advances in Intrusion Detection . Springer-Verlag , 2008 . Martignoni L, Stinson E, Fredrikson M, et al. A Layered Architecture for Detecting Malware behaviors[C]\/\/ International Symposium on Recent Advances in Intrusion Detection. Springer-Verlag, 2008."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-015-0261-z"},{"key":"e_1_3_2_1_14_1","volume-title":"Optimistic Hybrid Analysis: Accelerating Dynamic Analysis through Predicated Static Analysis. 348--362. 10.1145\/3173162.3177153","author":"Devecsery M.","year":"2018","unstructured":"Devecsery , David & M. Chen , Peter & Flinn, Jason & Narayanasamy, Satish . ( 2018 ). Optimistic Hybrid Analysis: Accelerating Dynamic Analysis through Predicated Static Analysis. 348--362. 10.1145\/3173162.3177153 . Devecsery, David & M. Chen, Peter & Flinn, Jason & Narayanasamy, Satish. (2018). Optimistic Hybrid Analysis: Accelerating Dynamic Analysis through Predicated Static Analysis. 348--362. 10.1145\/3173162.3177153."},{"key":"e_1_3_2_1_15_1","unstructured":"https:\/\/baike.baidu.com\/item\/%E5%8F%AF%E6%89%A9%E5%B1%95%E6%A0%87%E8%AE%B0%E8%AF%AD%E8%A8%80\/2885849?fromtitle=xml&fromid=86251&fr=aladdin.  https:\/\/baike.baidu.com\/item\/%E5%8F%AF%E6%89%A9%E5%B1%95%E6%A0%87%E8%AE%B0%E8%AF%AD%E8%A8%80\/2885849?fromtitle=xml&fromid=86251&fr=aladdin."},{"key":"e_1_3_2_1_16_1","unstructured":"Deschamps N 2008. Specification language for code behavior.  Deschamps N 2008. Specification language for code behavior."},{"key":"e_1_3_2_1_17_1","volume-title":"International Symposium","author":"Gr\u00e9goire Jacob","year":"2009","unstructured":"Gr\u00e9goire Jacob , Herv\u00e9 Debar, Filiol E. Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language[C]\/\/ Recent Advances in Intrusion Detection , International Symposium , Raid, Saint-malo, France, September. DBLP , 2009 . Gr\u00e9goire Jacob, Herv\u00e9 Debar, Filiol E. Malware Behavioral Detection by Attribute-Automata Using Abstraction from Platform and Language[C]\/\/ Recent Advances in Intrusion Detection, International Symposium, Raid, Saint-malo, France, September. DBLP, 2009."},{"key":"e_1_3_2_1_18_1","volume-title":"Schutz und Zuverl\u00e4ssigkeit, Beitr\u00e4ge der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f\u00fcr Informatik e.V. (GI), 5.-7. Oktober 2010 in Berlin. DBLP","author":"Trinius P","year":"2010","unstructured":"Trinius P , Willems C , Holz T , A Malware Instruction Set for Behavior-Based Analysis[C]\/\/ Sicherheit 2010: Sicherheit , Schutz und Zuverl\u00e4ssigkeit, Beitr\u00e4ge der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f\u00fcr Informatik e.V. (GI), 5.-7. Oktober 2010 in Berlin. DBLP , 2010 . Trinius P, Willems C, Holz T, et al. A Malware Instruction Set for Behavior-Based Analysis[C]\/\/ Sicherheit 2010: Sicherheit, Schutz und Zuverl\u00e4ssigkeit, Beitr\u00e4ge der 5. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft f\u00fcr Informatik e.V. (GI), 5.-7. Oktober 2010 in Berlin. DBLP, 2010."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"crossref","unstructured":"Huang HD Acampora G Loia V etal 2011. Applying FML and fuzzy ontologies to malware behavioural analysis.Proc IEEE Int Conf on Fuzzy Systems p. 2018--2025.  Huang HD Acampora G Loia V et al. 2011. Applying FML and fuzzy ontologies to malware behavioural analysis.Proc IEEE Int Conf on Fuzzy Systems p. 2018--2025.","DOI":"10.1109\/FUZZY.2011.6007716"},{"key":"e_1_3_2_1_20_1","volume-title":"2005 IEEE Symposium on. IEEE","author":"Christodorescu M","year":"2005","unstructured":"Christodorescu M , Jha S , Seshia S A , Semantics-Aware Malware Detection[C]\/\/ Security and Privacy , 2005 IEEE Symposium on. IEEE , 2005 . Christodorescu M, Jha S, Seshia S A, et al. Semantics-Aware Malware Detection[C]\/\/ Security and Privacy, 2005 IEEE Symposium on. IEEE, 2005."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1190215.1190270"},{"key":"e_1_3_2_1_22_1","volume-title":"Kruegel C. [ACM Press the 1st conference - Hyderabad, India (2008","author":"Christodorescu M","year":"2008","unstructured":"Christodorescu M , Jha S , Kruegel C. [ACM Press the 1st conference - Hyderabad, India (2008 .02.19- 2008 .02.22)] Proceedings of the 1st conference on India software engineering conference - ISEC \"08 - Mining specifications of malware behavior[J]. 2008:5. Christodorescu M, Jha S, Kruegel C. [ACM Press the 1st conference - Hyderabad, India (2008.02.19-2008.02.22)] Proceedings of the 1st conference on India software engineering conference - ISEC \"08 - Mining specifications of malware behavior[J]. 2008:5."},{"key":"e_1_3_2_1_23_1","first-page":"1","volume-title":"Proc 16th Symp on Network and Distributed System Security","author":"Bayer U","unstructured":"Bayer U , Comparetti PM , Hlauscheck C , , 2009. Scalable, behavior-based malware clustering . Proc 16th Symp on Network and Distributed System Security , p. 1 -- 21 . Bayer U, Comparetti PM, Hlauscheck C, et al., 2009. Scalable, behavior-based malware clustering. Proc 16th Symp on Network and Distributed System Security, p.1--21."},{"key":"e_1_3_2_1_24_1","volume-title":"Tennessee","author":"Park Y","year":"2010","unstructured":"Park Y , Reeves D , Mulukutla V , [ACM Press the Sixth Annual Workshop - Oak Ridge , Tennessee ( 2010 .04.21-2010.04.23)] Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW \"10 - Fast malware classification by automated behavioral graph matching[J]. 2010:1. Park Y, Reeves D, Mulukutla V, et al. [ACM Press the Sixth Annual Workshop - Oak Ridge, Tennessee (2010.04.21-2010.04.23)] Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research - CSIIRW \"10 - Fast malware classification by automated behavioral graph matching[J]. 2010:1."},{"key":"e_1_3_2_1_25_1","volume-title":"Detecting Self - mutating Malware Using Control-Flow Graph Matching[J]","author":"Bruschi D","year":"2006","unstructured":"Bruschi D , Martignoni L , Monga M. Detecting Self - mutating Malware Using Control-Flow Graph Matching[J] . 2006 . Bruschi D, Martignoni L, Monga M. Detecting Self - mutating Malware Using Control-Flow Graph Matching[J]. 2006."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-008-0102-4"},{"key":"e_1_3_2_1_27_1","volume-title":"CA","author":"Nari S","year":"2013","unstructured":"Nari S , Ghorbani A A . [IEEE 2013 International Conference on Computing , Networking and Communications (ICNC 2013) - San Diego , CA ( 2013 .1.28-2013.1.31)] 2013 International Conference on Computing, Networking and Communications (ICNC) - Automated malware classification based on network behavior[J]. 2013:642--647. Nari S, Ghorbani A A. [IEEE 2013 International Conference on Computing, Networking and Communications (ICNC 2013) - San Diego, CA (2013.1.28-2013.1.31)] 2013 International Conference on Computing, Networking and Communications (ICNC) - Automated malware classification based on network behavior[J]. 2013:642--647."},{"key":"e_1_3_2_1_28_1","volume-title":"China","author":"Feng Y","year":"2014","unstructured":"Feng Y , Anand S , Dillig I , [ACM Press the 22nd ACM SIGSOFT International Symposium - Hong Kong , China ( 2014 .11.16-2014.11.21)] Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014 - Apposcopy: semantics-based detection of Android malware through static analysis[J]. 2014:576--587. Feng Y, Anand S, Dillig I, et al. [ACM Press the 22nd ACM SIGSOFT International Symposium - Hong Kong, China (2014.11.16-2014.11.21)] Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering - FSE 2014 - Apposcopy: semantics-based detection of Android malware through static analysis[J]. 2014:576--587."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.10.011"},{"key":"e_1_3_2_1_30_1","volume-title":"Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability[J]","author":"Feng Y","year":"2016","unstructured":"Feng Y , Bastani O , Martins R , Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability[J] . 2016 . Feng Y, Bastani O, Martins R, et al. Automated Synthesis of Semantic Malware Signatures using Maximum Satisfiability[J]. 2016."},{"key":"e_1_3_2_1_31_1","volume-title":"Abstraction-Based Malware Analysis Using Rewriting and Model Checking[M]\/\/ Computer Security - ESORICS","author":"Beaucamps P","year":"2012","unstructured":"Beaucamps P , Gnaedig I , Marion J Y . Abstraction-Based Malware Analysis Using Rewriting and Model Checking[M]\/\/ Computer Security - ESORICS 2012 . Springer Berlin Heidelberg , 2012. Beaucamps P, Gnaedig I, Marion J Y. Abstraction-Based Malware Analysis Using Rewriting and Model Checking[M]\/\/ Computer Security - ESORICS 2012. Springer Berlin Heidelberg, 2012."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2013.2291066"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2746266.2746281"},{"key":"e_1_3_2_1_34_1","volume-title":"Malware Characterization Using Windows API Call Sequences[C]\/\/ International Conference on Security, Privacy, and Applied Cryptography Engineering","author":"Gupta S","year":"2016","unstructured":"Gupta S , Sharma H , Kaur S. Malware Characterization Using Windows API Call Sequences[C]\/\/ International Conference on Security, Privacy, and Applied Cryptography Engineering . Springer , Cham , 2016 . Gupta S, Sharma H, Kaur S. Malware Characterization Using Windows API Call Sequences[C]\/\/ International Conference on Security, Privacy, and Applied Cryptography Engineering. Springer, Cham, 2016."},{"key":"e_1_3_2_1_35_1","first-page":"1","article-title":"A Novel Approach to Detect Malware Based on API Call Sequence Analysis[J]","volume":"2015","author":"Ki Y","year":"2015","unstructured":"Ki Y , Kim E , Kim H K . A Novel Approach to Detect Malware Based on API Call Sequence Analysis[J] . International Journal of Distributed Sensor Networks , 2015 , 2015 : 1 -- 9 . Ki Y, Kim E, Kim H K. A Novel Approach to Detect Malware Based on API Call Sequence Analysis[J]. International Journal of Distributed Sensor Networks, 2015, 2015:1--9.","journal-title":"International Journal of Distributed Sensor Networks"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/882495.884433"},{"key":"e_1_3_2_1_37_1","volume-title":"Behavior Abstraction in Malware Analysis - Extended Version[C]\/\/ International Conference on Runtime Verification","author":"Beaucamps P","year":"2010","unstructured":"Beaucamps P , Gnaedig I , Marion J Y . Behavior Abstraction in Malware Analysis - Extended Version[C]\/\/ International Conference on Runtime Verification . Springer-Verlag , 2010 . Beaucamps P, Gnaedig I, Marion J Y. Behavior Abstraction in Malware Analysis - Extended Version[C]\/\/ International Conference on Runtime Verification. Springer-Verlag, 2010."},{"key":"e_1_3_2_1_38_1","unstructured":"Kirillov I Beck D Chase P etal 2011. Malware attribute enumeration and characterization (MAEC\u2122).  Kirillov I Beck D Chase P et al. 2011. Malware attribute enumeration and characterization (MAEC\u2122)."}],"event":{"name":"ICCNS 2019: 2019 the 9th International Conference on Communication and Network Security","sponsor":["University of Tokyo","Chongqing University of Posts and Telecommunications"],"location":"Chongqing China","acronym":"ICCNS 2019"},"container-title":["Proceedings of the 2019 9th International Conference on Communication and Network Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3371676.3371700","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3371676.3371700","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T17:45:23Z","timestamp":1750268723000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3371676.3371700"}},"subtitle":["Past and Future"],"short-title":[],"issued":{"date-parts":[[2019,11,15]]},"references-count":38,"alternative-id":["10.1145\/3371676.3371700","10.1145\/3371676"],"URL":"https:\/\/doi.org\/10.1145\/3371676.3371700","relation":{},"subject":[],"published":{"date-parts":[[2019,11,15]]},"assertion":[{"value":"2020-01-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}