{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:23:41Z","timestamp":1750220621321,"version":"3.41.0"},"reference-count":56,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2021,1,22]],"date-time":"2021-01-22T00:00:00Z","timestamp":1611273600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-sa\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001691","name":"Japan Society for the Promotion of Science","doi-asserted-by":"publisher","award":["JP17KT0081"],"award-info":[{"award-number":["JP17KT0081"]}],"id":[{"id":"10.13039\/501100001691","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Digital Threats"],"published-print":{"date-parts":[[2021,3,31]]},"abstract":"<jats:p>\n            Script languages are designed to be easy-to-use and require low learning costs. These features provide attackers options to choose a script language for developing their malicious scripts. This diversity of choice in the attacker side unexpectedly imposes a significant cost on the preparation for analysis tools in the defense side. That is, we have to prepare for multiple script languages to analyze malicious scripts written in them. We call this unbalanced cost for script languages\n            <jats:italic>asymmetry problem<\/jats:italic>\n            .\n          <\/jats:p>\n          <jats:p>To solve this problem, we propose a method for automatically detecting the hook and tap points in a script engine binary that is essential for building a script Application Programming Interface (API) tracer. Our method allows us to reduce the cost of reverse engineering of a script engine binary, which is the largest portion of the development of a script API tracer, and build a script API tracer for a script language with minimum manual intervention. This advantage results in solving the asymmetry problem. The experimental results showed that our method generated the script API tracers for the three script languages popular among attackers (Visual Basic for Applications (VBA), Microsoft Visual Basic Scripting Edition (VBScript), and PowerShell). The results also demonstrated that these script API tracers successfully analyzed real-world malicious scripts.<\/jats:p>","DOI":"10.1145\/3416126","type":"journal-article","created":{"date-parts":[[2021,1,22]],"date-time":"2021-01-22T11:29:49Z","timestamp":1611314989000},"page":"1-31","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Automatic Reverse Engineering of Script Engine Binaries for Building Script API Tracers"],"prefix":"10.1145","volume":"2","author":[{"given":"Toshinori","family":"Usui","sequence":"first","affiliation":[{"name":"NTT Secure Platform Laboratories\/Institute of Industrial Science, The University of Tokyo, Tokyo, Japan"}]},{"given":"Yuto","family":"Otsuki","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories, Japan"}]},{"given":"Tomonori","family":"Ikuse","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories, Japan"}]},{"given":"Yuhei","family":"Kawakoya","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories, Japan"}]},{"given":"Makoto","family":"Iwamura","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories, Japan"}]},{"given":"Jun","family":"Miyoshi","sequence":"additional","affiliation":[{"name":"NTT Secure Platform Laboratories, Japan"}]},{"given":"Kanta","family":"Matsuura","sequence":"additional","affiliation":[{"name":"Institute of Industrial Science, The University of Tokyo, Tokyo, Japan"}]}],"member":"320","published-online":{"date-parts":[[2021,1,22]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"VirusTotal. [n.d.]. Retrieved March 9 2017 from https:\/\/www.virustotal.com  VirusTotal. [n.d.]. Retrieved March 9 2017 from https:\/\/www.virustotal.com"},{"key":"e_1_2_1_2_1","volume-title":"Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC\u201912)","author":"Agten Pieter","year":"2012","unstructured":"Pieter Agten , Steven Van Acker , Yoran Brondsema , Phu H Phung , Lieven Desmet , and Frank Piessens . 2012 . JSand: Complete client-side sandboxing of third-party JavaScript without browser modifications . In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC\u201912) . ACM, 1--10. Pieter Agten, Steven Van Acker, Yoran Brondsema, Phu H Phung, Lieven Desmet, and Frank Piessens. 2012. JSand: Complete client-side sandboxing of third-party JavaScript without browser modifications. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC\u201912). ACM, 1--10."},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the 14th European Conference on Software Maintenance and Reengineering (CSMR\u201910)","author":"Asadi Fatemeh","year":"2010","unstructured":"Fatemeh Asadi , Massimiliano Di Penta , Giuliano Antoniol , and Yann-Ga\u00ebl Gu\u00e9h\u00e9neuc . 2010 . A heuristic-based approach to identify concepts in execution traces . In Proceedings of the 14th European Conference on Software Maintenance and Reengineering (CSMR\u201910) . IEEE, 31--40. Fatemeh Asadi, Massimiliano Di Penta, Giuliano Antoniol, and Yann-Ga\u00ebl Gu\u00e9h\u00e9neuc. 2010. A heuristic-based approach to identify concepts in execution traces. In Proceedings of the 14th European Conference on Software Maintenance and Reengineering (CSMR\u201910). IEEE, 31--40."},{"key":"e_1_2_1_4_1","unstructured":"The Dependable Systems Lab at EPFL in Lausanne. [n.d.]. Chef. Retrieved January 1 2018 from https:\/\/github.com\/S2E\/s2e-old\/tree\/chef.  The Dependable Systems Lab at EPFL in Lausanne. [n.d.]. Chef. Retrieved January 1 2018 from https:\/\/github.com\/S2E\/s2e-old\/tree\/chef."},{"key":"e_1_2_1_5_1","unstructured":"Rohitab Batra. [n.d.]. API Monitor. Retrieved February 15 2019 from http:\/\/www.rohitab.com\/apimonitor.  Rohitab Batra. [n.d.]. API Monitor. Retrieved February 15 2019 from http:\/\/www.rohitab.com\/apimonitor."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2541940.2541977"},{"volume-title":"box.js. Retrieved","year":"2019","key":"e_1_2_1_7_1","unstructured":"CapacitorSet. [n.d.]. box.js. Retrieved February 15, 2019 from https:\/\/github.com\/CapacitorSet\/box-js. CapacitorSet. [n.d.]. box.js. Retrieved February 15, 2019 from https:\/\/github.com\/CapacitorSet\/box-js."},{"key":"e_1_2_1_8_1","volume-title":"Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS\u201916)","author":"Carmony Curtis","year":"2016","unstructured":"Curtis Carmony , Xunchao Hu , Heng Yin , Abhishek Vasisht Bhaskar , and Mu Zhang . 2016 . Extract me if you can: Abusing PDF parsers in malware detectors . In Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS\u201916) . Internet Society, 1--15. Curtis Carmony, Xunchao Hu, Heng Yin, Abhishek Vasisht Bhaskar, and Mu Zhang. 2016. Extract me if you can: Abusing PDF parsers in malware detectors. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS\u201916). Internet Society, 1--15."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046739"},{"key":"e_1_2_1_10_1","volume-title":"Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201908)","volume":"8","author":"Cozzie Anthony","unstructured":"Anthony Cozzie , Frank Stratton , Hui Xue , and Samuel T. King . 2008. Digging for data structures . In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201908) , Vol. 8 . 255--266. Anthony Cozzie, Frank Stratton, Hui Xue, and Samuel T. King. 2008. Digging for data structures. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI\u201908), Vol. 8. 255--266."},{"key":"e_1_2_1_11_1","doi-asserted-by":"crossref","first-page":"S13","DOI":"10.1016\/j.diin.2012.05.013","article-title":"Introlib: Efficient and transparent library call introspection for malware forensics","volume":"9","author":"Deng Zhui","year":"2012","unstructured":"Zhui Deng , Dongyan Xu , Xiangyu Zhang , and Xuxiang Jiang . 2012 . Introlib: Efficient and transparent library call introspection for malware forensics . Digital Investigation 9 (2012), S13 -- S23 . Zhui Deng, Dongyan Xu, Xiangyu Zhang, and Xuxiang Jiang. 2012. Introlib: Efficient and transparent library call introspection for malware forensics. Digital Investigation 9 (2012), S13--S23.","journal-title":"Digital Investigation"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201913)","author":"Dolan-Gavitt Brendan","year":"2013","unstructured":"Brendan Dolan-Gavitt , Tim Leek , Josh Hodosh , and Wenke Lee . 2013 . Tappan Zee (north) bridge: Mining memory accesses for introspection . In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201913) . ACM, 839--850. Brendan Dolan-Gavitt, Tim Leek, Josh Hodosh, and Wenke Lee. 2013. Tappan Zee (north) bridge: Mining memory accesses for introspection. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201913). ACM, 839--850."},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.11"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2003.1183929"},{"key":"e_1_2_1_16_1","volume-title":"Proceedings of the 33rd IEEE Symposium on Security and Privacy (SP\u201912)","author":"Fu Yangchun","year":"2012","unstructured":"Yangchun Fu and Zhiqiang Lin . 2012 . Space traveling across VM: Automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection . In Proceedings of the 33rd IEEE Symposium on Security and Privacy (SP\u201912) . IEEE, 586--600. Yangchun Fu and Zhiqiang Lin. 2012. Space traveling across VM: Automatically bridging the semantic gap in virtual machine introspection via online kernel data redirection. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (SP\u201912). IEEE, 586--600."},{"key":"e_1_2_1_17_1","unstructured":"Inc. GitHub. [n.d.]. GitHub. Retrieved May 14 2020 from https:\/\/github.com\/.  Inc. GitHub. [n.d.]. GitHub. Retrieved May 14 2020 from https:\/\/github.com\/."},{"key":"e_1_2_1_18_1","volume-title":"Proceedings of the 20th International Conference on Information Security (ISC\u201917)","author":"Haijiang Xie","year":"2017","unstructured":"Xie Haijiang , Zhang Yuanyuan , Li Juanru , and Gu Dawu . 2017 . Nightingale: Translating embedded VM code in x86 binary executables . In Proceedings of the 20th International Conference on Information Security (ISC\u201917) . Springer, 387--404. Xie Haijiang, Zhang Yuanyuan, Li Juanru, and Gu Dawu. 2017. Nightingale: Translating embedded VM code in x86 binary executables. In Proceedings of the 20th International Conference on Information Security (ISC\u201917). Springer, 387--404."},{"key":"e_1_2_1_19_1","volume-title":"jsunpack-n. Retrieved","author":"Hartstein Blake","year":"2019","unstructured":"Blake Hartstein . [n.d.]. jsunpack-n. Retrieved February 15, 2019 from https:\/\/github.com\/urule99\/jsunpack-n. Blake Hartstein. [n.d.]. jsunpack-n. Retrieved February 15, 2019 from https:\/\/github.com\/urule99\/jsunpack-n."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243866"},{"key":"e_1_2_1_21_1","unstructured":"Timo Hirvonen. [n.d.]. Sulo. Retrieved February 15 2019 from https:\/\/github.com\/F-Secure\/Sulo.  Timo Hirvonen. [n.d.]. Sulo. Retrieved February 15 2019 from https:\/\/github.com\/F-Secure\/Sulo."},{"key":"e_1_2_1_22_1","volume-title":"Retrieved","author":"Hirvonen Timo","year":"2014","unstructured":"Timo Hirvonen . 2014 . Dynamic Flash instrumentation for fun and profit. Blackhat USA briefings 2014 , Retrieved February 15, 2019 from https:\/\/www.blackhat.com\/docs\/us-14\/materials\/us-14-Hirvonen-Dynamic-Flash-Instrumentation-For-Fun-And-Profit.pdf. Timo Hirvonen. 2014. Dynamic Flash instrumentation for fun and profit. Blackhat USA briefings 2014, Retrieved February 15, 2019 from https:\/\/www.blackhat.com\/docs\/us-14\/materials\/us-14-Hirvonen-Dynamic-Flash-Instrumentation-For-Fun-And-Profit.pdf."},{"key":"e_1_2_1_23_1","volume-title":"The beast within\u2014Evading dynamic malware analysis using Microsoft COM. Blackhat USA briefings","author":"Hund Ralf","year":"2016","unstructured":"Ralf Hund . 2016. The beast within\u2014Evading dynamic malware analysis using Microsoft COM. Blackhat USA briefings 2016 . Ralf Hund. 2016. The beast within\u2014Evading dynamic malware analysis using Microsoft COM. Blackhat USA briefings 2016."},{"volume-title":"Retrieved","year":"2019","key":"e_1_2_1_24_1","unstructured":"KahuSecurity. [n.d.]. Revelo Javascript Deobfuscator . Retrieved February 15, 2019 from http:\/\/www.kahusecurity.com\/posts\/revelo_javascript_deobfuscator.html. KahuSecurity. [n.d.]. Revelo Javascript Deobfuscator. Retrieved February 15, 2019 from http:\/\/www.kahusecurity.com\/posts\/revelo_javascript_deobfuscator.html."},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES\u201917)","author":"Kalysch Anatoli","year":"2017","unstructured":"Anatoli Kalysch , Johannes G\u00f6tzfried , and Tilo M\u00fcller . 2017 . VMAttack: Deobfuscating virtualization-based packed binaries . In Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES\u201917) . 1--10. Anatoli Kalysch, Johannes G\u00f6tzfried, and Tilo M\u00fcller. 2017. VMAttack: Deobfuscating virtualization-based packed binaries. In Proceedings of the 12th International Conference on Availability, Reliability and Security (ARES\u201917). 1--10."},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the 16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201915)","author":"Kawakoya Yuhei","year":"2013","unstructured":"Yuhei Kawakoya , Makoto Iwamura , Eitaro Shioji , and Takeo Hariu . 2013 . API Chaser: Anti-analysis resistant malware analyzer . In Proceedings of the 16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201915) . Springer, 123--143. Yuhei Kawakoya, Makoto Iwamura, Eitaro Shioji, and Takeo Hariu. 2013. API Chaser: Anti-analysis resistant malware analyzer. In Proceedings of the 16th International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201915). Springer, 123--143."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1101908.1101923"},{"key":"e_1_2_1_28_1","unstructured":"Philippe Lagadec. [n.d.]. ViperMonkey. Retrieved September 20 2019 from https:\/\/github.com\/decalage2\/ViperMonkey.  Philippe Lagadec. [n.d.]. ViperMonkey. Retrieved September 20 2019 from https:\/\/github.com\/decalage2\/ViperMonkey."},{"key":"e_1_2_1_29_1","volume-title":"Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS\u201911)","author":"Lee JongHyup","year":"2011","unstructured":"JongHyup Lee , Thanassis Avgerinos , and David Brumley . 2011 . TIE: Principled reverse engineering of types in binary programs . In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS\u201911) . Internet Society, 1--18. JongHyup Lee, Thanassis Avgerinos, and David Brumley. 2011. TIE: Principled reverse engineering of types in binary programs. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS\u201911). Internet Society, 1--18."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664252"},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS\u201910)","author":"Lin Zhiqiang","year":"2010","unstructured":"Zhiqiang Lin , Xiangyu Zhang , and Dongyan Xu . 2010 . Automatic reverse engineering of data structures from binary execution . In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS\u201910) . Internet Society, 1--18. Zhiqiang Lin, Xiangyu Zhang, and Dongyan Xu. 2010. Automatic reverse engineering of data structures from binary execution. In Proceedings of the 17th Annual Network and Distributed System Security Symposium (NDSS\u201910). Internet Society, 1--18."},{"key":"e_1_2_1_32_1","volume-title":"Vijay Janapa Reddi, and Kim Hazelwood","author":"Luk Chi-Keung","year":"2005","unstructured":"Chi-Keung Luk , Robert Cohn , Robert Muth , Harish Patil , Artur Klauser , Geoff Lowney , Steven Wallace , Vijay Janapa Reddi, and Kim Hazelwood . 2005 . Pin : Building customized program analysis tools with dynamic instrumentation. In ACM Sigplan Notices, Vol. 40 . ACM , 190--200. Chi-Keung Luk, Robert Cohn, Robert Muth, Harish Patil, Artur Klauser, Geoff Lowney, Steven Wallace, Vijay Janapa Reddi, and Kim Hazelwood. 2005. Pin: Building customized program analysis tools with dynamic instrumentation. In ACM Sigplan Notices, Vol. 40. ACM, 190--200."},{"key":"e_1_2_1_33_1","volume-title":"Proceedings of the 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA\u201919)","author":"Maier Alwin","year":"2019","unstructured":"Alwin Maier , Hugo Gascon , Christian Wressnegger , and Konrad Rieck . 2019 . TypeMiner: Recovering types in binary programs using machine learning . In Proceedings of the 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA\u201919) . Springer, 288--308. Alwin Maier, Hugo Gascon, Christian Wressnegger, and Konrad Rieck. 2019. TypeMiner: Recovering types in binary programs using machine learning. In Proceedings of the 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA\u201919). Springer, 288--308."},{"volume-title":"Retrieved","year":"2018","key":"e_1_2_1_34_1","unstructured":"Microsoft. [n.d.]. Antimalware Scan Interface . Retrieved August 16, 2018 from https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/amsi\/antimalware-scan-interface-portal. Microsoft. [n.d.]. Antimalware Scan Interface. Retrieved August 16, 2018 from https:\/\/docs.microsoft.com\/en-us\/windows\/desktop\/amsi\/antimalware-scan-interface-portal."},{"key":"e_1_2_1_35_1","unstructured":"Yuto Otsuki Eiji Takimoto Shoichi Saito Eric W. Cooper and Koichi Mouri. 2015. Identifying system calls invoked by malware using branch trace facilities. In International MultiConference of Engineers and Computer Scientists (IMECS'15). Newswood Limited.  Yuto Otsuki Eiji Takimoto Shoichi Saito Eric W. Cooper and Koichi Mouri. 2015. Identifying system calls invoked by malware using branch trace facilities. In International MultiConference of Engineers and Computer Scientists (IMECS'15). Newswood Limited."},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201915)","author":"Pellegrino Giancarlo","year":"2015","unstructured":"Giancarlo Pellegrino , Constantin Tsch\u00fcrtz , Eric Bodden , and Christian Rossow . 2015 . j\u00e4k: Using dynamic analysis to crawl and test modern web applications . In Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201915) . Springer, 295--316. Giancarlo Pellegrino, Constantin Tsch\u00fcrtz, Eric Bodden, and Christian Rossow. 2015. j\u00e4k: Using dynamic analysis to crawl and test modern web applications. In Proceedings of the 18th International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201915). Springer, 295--316."},{"key":"e_1_2_1_37_1","volume-title":"Proceedings of the 6th International Workshop on Security (IWSEC\u201911)","author":"Pfoh Jonas","year":"2011","unstructured":"Jonas Pfoh , Christian Schneider , and Claudia Eckert . 2011 . Nitro: Hardware-based system call tracing for virtual machines . In Proceedings of the 6th International Workshop on Security (IWSEC\u201911) . Springer, 96--112. Jonas Pfoh, Christian Schneider, and Claudia Eckert. 2011. Nitro: Hardware-based system call tracing for virtual machines. In Proceedings of the 6th International Workshop on Security (IWSEC\u201911). Springer, 96--112."},{"key":"e_1_2_1_38_1","unstructured":"ReactOS Project. [n.d.]. ReactOS. Retrieved August 16 2018 from https:\/\/www.reactos.org\/.  ReactOS Project. [n.d.]. ReactOS. Retrieved August 16 2018 from https:\/\/www.reactos.org\/."},{"key":"e_1_2_1_39_1","unstructured":"Microsoft Research. [n.d.]. Detours. Retrieved April 8 2020 from https:\/\/github.com\/microsoft\/Detours.  Microsoft Research. [n.d.]. Detours. Retrieved April 8 2020 from https:\/\/github.com\/microsoft\/Detours."},{"key":"e_1_2_1_40_1","volume-title":"Proceedings of the 3rd USENIX Workshop on Offensive Technologies (WOOT\u201909)","author":"Rolles Rolf","year":"2009","unstructured":"Rolf Rolles . 2009 . Unpacking virtualization obfuscators . In Proceedings of the 3rd USENIX Workshop on Offensive Technologies (WOOT\u201909) . USENIX. Rolf Rolles. 2009. Unpacking virtualization obfuscators. In Proceedings of the 3rd USENIX Workshop on Offensive Technologies (WOOT\u201909). USENIX."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23226"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.27"},{"key":"e_1_2_1_43_1","volume-title":"Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS\u201911)","author":"Slowinska Asia","year":"2011","unstructured":"Asia Slowinska , Traian Stancescu , and Herbert Bos . 2011 . Howard: A dynamic excavator for reverse engineering data structures . In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS\u201911) . Internet Society, 1--20. Asia Slowinska, Traian Stancescu, and Herbert Bos. 2011. Howard: A dynamic excavator for reverse engineering data structures. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS\u201911). Internet Society, 1--20."},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1016\/0022-2836(81)90087-5"},{"key":"e_1_2_1_45_1","unstructured":"VMProtect Software. [n.d.]. VMProtect. Retrieved April 27 2020 from https:\/\/vmpsoft.com\/.  VMProtect Software. [n.d.]. VMProtect. Retrieved April 27 2020 from https:\/\/vmpsoft.com\/."},{"key":"e_1_2_1_46_1","unstructured":"T. Sven. [n.d.]. JSDetox. Retrieved September 20 2019 from http:\/\/relentless-coding.org\/projects\/jsdetox\/.  T. Sven. [n.d.]. JSDetox. Retrieved September 20 2019 from http:\/\/relentless-coding.org\/projects\/jsdetox\/."},{"key":"e_1_2_1_47_1","unstructured":"PowerShell Team. [n.d.]. PowerShell. Retrieved August 16 2018 from https:\/\/github.com\/powershell.  PowerShell Team. [n.d.]. PowerShell. Retrieved August 16 2018 from https:\/\/github.com\/powershell."},{"key":"e_1_2_1_48_1","volume-title":"Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC\u201919)","author":"Usui Toshinori","year":"2019","unstructured":"Toshinori Usui , Yuto Otsuki , Yuhei Kawakoya , Makoto Iwamura , Jun Miyoshi , and Kanta Matsuura . 2019 . My script engines know what you did in the dark: Converting engines into script API tracers . In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC\u201919) . ACSA, 466--477. Toshinori Usui, Yuto Otsuki, Yuhei Kawakoya, Makoto Iwamura, Jun Miyoshi, and Kanta Matsuura. 2019. My script engines know what you did in the dark: Converting engines into script API tracers. In Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC\u201919). ACSA, 466--477."},{"key":"e_1_2_1_49_1","volume-title":"Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201912)","author":"Overveldt Timon Van","year":"2012","unstructured":"Timon Van Overveldt , Christopher Kruegel , and Giovanni Vigna . 2012 . FlashDetect: ActionScript 3 malware detection . In Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201912) . Springer, 274--293. Timon Van Overveldt, Christopher Kruegel, and Giovanni Vigna. 2012. FlashDetect: ActionScript 3 malware detection. In Proceedings of the 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID\u201912). Springer, 274--293."},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1002\/smr.4360070105"},{"volume-title":"Proceedings of the 1999 IEEE Symposium on Application-Specific Systems and Software Engineering and Technology (Cat. No. PR00122)","author":"Wong W. Eric","key":"e_1_2_1_52_1","unstructured":"W. Eric Wong , Swapna S. Gokhale , Joseph R. Horgan , and Kishor S. Trivedi . 1999. Locating program features using execution slices . In Proceedings of the 1999 IEEE Symposium on Application-Specific Systems and Software Engineering and Technology (Cat. No. PR00122) (ASSET\u201999). IEEE, 194--203. W. Eric Wong, Swapna S. Gokhale, Joseph R. Horgan, and Kishor S. Trivedi. 1999. Locating program features using execution slices. In Proceedings of the 1999 IEEE Symposium on Application-Specific Systems and Software Engineering and Technology (Cat. No. PR00122) (ASSET\u201999). IEEE, 194--203."},{"key":"e_1_2_1_53_1","volume-title":"Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201918)","author":"Xu Dongpeng","year":"2018","unstructured":"Dongpeng Xu , Jiang Ming , Yu Fu , and Dinghao Wu . 2018 . VMHunt: A verifiable approach to partially-virtualized binary code simplification . In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201918) . ACM, 442--458. Dongpeng Xu, Jiang Ming, Yu Fu, and Dinghao Wu. 2018. VMHunt: A verifiable approach to partially-virtualized binary code simplification. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS\u201918). ACM, 442--458."},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_8"},{"key":"e_1_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_3"},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_25"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23331"}],"container-title":["Digital Threats: Research and Practice"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3416126","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3416126","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:01:21Z","timestamp":1750197681000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3416126"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,22]]},"references-count":56,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,3,31]]}},"alternative-id":["10.1145\/3416126"],"URL":"https:\/\/doi.org\/10.1145\/3416126","relation":{},"ISSN":["2692-1626","2576-5337"],"issn-type":[{"type":"print","value":"2692-1626"},{"type":"electronic","value":"2576-5337"}],"subject":[],"published":{"date-parts":[[2021,1,22]]},"assertion":[{"value":"2020-05-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-08-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-01-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}