{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,28]],"date-time":"2025-10-28T05:55:55Z","timestamp":1761630955633,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":44,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T00:00:00Z","timestamp":1621814400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["HR00112090031"],"award-info":[{"award-number":["HR00112090031"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000006","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-17-1-2895, N00014-15-1-2162, N00014-18-1-2662"],"award-info":[{"award-number":["N00014-17-1-2895, N00014-15-1-2162, N00014-18-1-2662"]}],"id":[{"id":"10.13039\/100000006","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,5,24]]},"DOI":"10.1145\/3433210.3457894","type":"proceedings-article","created":{"date-parts":[[2021,6,4]],"date-time":"2021-06-04T15:26:39Z","timestamp":1622820399000},"page":"759-773","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Identifying Behavior Dispatchers for Malware Analysis"],"prefix":"10.1145","author":[{"given":"Kyuhong","family":"Park","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Burak","family":"Sahin","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Yongheng","family":"Chen","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Jisheng","family":"Zhao","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Evan","family":"Downing","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Hong","family":"Hu","sequence":"additional","affiliation":[{"name":"Penn State University, Collegeville, PA, USA"}]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]}],"member":"320","published-online":{"date-parts":[[2021,6,4]]},"reference":[{"key":"e_1_3_2_2_1_1","volume-title":"25th USENIX Security Symposium USENIX Security 16","author":"Andriesse Dennis","year":"2016","unstructured":"Dennis Andriesse , Xi Chen , Victor Van Der Veen , Asia Slowinska , and Herbert Bos . 2016 . An in-depth analysis of disassembly on full-scale x86\/x64 binaries . In 25th USENIX Security Symposium USENIX Security 16 . 583--600. Dennis Andriesse, Xi Chen, Victor Van Der Veen, Asia Slowinska, and Herbert Bos. 2016. An in-depth analysis of disassembly on full-scale x86\/x64 binaries. In 25th USENIX Security Symposium USENIX Security 16. 583--600."},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.11"},{"key":"e_1_3_2_2_3_1","volume-title":"Statistic Malware samples","author":"AV-TEST - The Independent IT-Security Institute","year":"2020","unstructured":"AV-TEST - The Independent IT-Security Institute . 2020. Statistic Malware samples in 2020 . https:\/\/www.av-test.org\/en\/statistics\/malware\/. AV-TEST - The Independent IT-Security Institute. 2020. Statistic Malware samples in 2020. https:\/\/www.av-test.org\/en\/statistics\/malware\/."},{"key":"e_1_3_2_2_4_1","volume-title":"Proceedings of the 2011 International Symposium on Software Testing and Analysis. ACM, 12--22","author":"Domagoj","year":"2011","unstructured":"Domagoj Babi?, Lorenzo Martignoni , Stephen McCamant , and Dawn Song . 2011 . Statically-directed Dynamic Automated Test Generation . In Proceedings of the 2011 International Symposium on Software Testing and Analysis. ACM, 12--22 . Domagoj Babi?, Lorenzo Martignoni, Stephen McCamant, and Dawn Song. 2011. Statically-directed Dynamic Automated Test Generation. In Proceedings of the 2011 International Symposium on Software Testing and Analysis. ACM, 12--22."},{"key":"e_1_3_2_2_5_1","article-title":"A Survey of Symbolic Execution Techniques","volume":"51","author":"Baldoni Roberto","year":"2018","unstructured":"Roberto Baldoni , Emilio Coppa , Daniele Cono D'elia , Camil Demetrescu , and Irene Finocchi . 2018 . A Survey of Symbolic Execution Techniques . Journal ACM Computing Surveys (CSUR) Surveys Homepage archive 51 , 50 (2018). Roberto Baldoni, Emilio Coppa, Daniele Cono D'elia, Camil Demetrescu, and Irene Finocchi. 2018. A Survey of Symbolic Execution Techniques. Journal ACM Computing Surveys (CSUR) Surveys Homepage archive 51, 50 (2018).","journal-title":"Journal ACM Computing Surveys (CSUR) Surveys Homepage archive"},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991114"},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPRO.2015.16"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134020"},{"key":"e_1_3_2_2_9_1","volume-title":"Gabriel Negreira Barbosa, and Pedro Drimel Neto","author":"Branco Rodrigo Rubira","year":"2012","unstructured":"Rodrigo Rubira Branco , Gabriel Negreira Barbosa, and Pedro Drimel Neto . 2012 . Scientific but Not Academical Overview of Malware Anti-Debugging , Anti-Disassembly and Anti-VM Technologies. In Black Hat USA Briefings (Black Hat USA). Las Vegas, NV. Rodrigo Rubira Branco, Gabriel Negreira Barbosa, and Pedro Drimel Neto. 2012. Scientific but Not Academical Overview of Malware Anti-Debugging, Anti-Disassembly and Anti-VM Technologies. In Black Hat USA Briefings (Black Hat USA). Las Vegas, NV."},{"key":"e_1_3_2_2_10_1","unstructured":"Derek L. Bruening. 2004. Efficient Transparent and Comprehensive Runtime Code Manipulation. Ph.D. Dissertation. Cambridge MA USA. AAI0807735.  Derek L. Bruening. 2004. Efficient Transparent and Comprehensive Runtime Code Manipulation. Ph.D. Dissertation. Cambridge MA USA. AAI0807735."},{"volume-title":"Botnet Detection","author":"Brumley David","key":"e_1_3_2_2_11_1","unstructured":"David Brumley , Cody Hartwig , Zhenkai Liang , James Newsome , Dawn Song , and Heng Yin . 2008. Automatically Identifying Trigger-based Behavior in Malware . In Botnet Detection . Springer , 65--88. David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, and Heng Yin. 2008. Automatically Identifying Trigger-based Behavior in Malware. In Botnet Detection. Springer, 65--88."},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866354"},{"key":"e_1_3_2_2_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243771"},{"key":"e_1_3_2_2_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1961296.1950396"},{"key":"e_1_3_2_2_15_1","volume-title":"Identifying Dormant Functionality in Malware Programs. In 2010 IEEE Symposium on Security and Privacy.","author":"Comparetti Paolo Milani","year":"2010","unstructured":"Paolo Milani Comparetti , Guido Salvaneschi , Eggngin Kirda , Clemens Kolbitsch , Christopher Kruegel , and Stefano Zanero . 2010 . Identifying Dormant Functionality in Malware Programs. In 2010 IEEE Symposium on Security and Privacy. Paolo Milani Comparetti, Guido Salvaneschi, Eggngin Kirda, Clemens Kolbitsch, Christopher Kruegel, and Stefano Zanero. 2010. Identifying Dormant Functionality in Malware Programs. In 2010 IEEE Symposium on Security and Privacy."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_2_17_1","unstructured":"FalconSandbox. 2020. Hybrid-Analysis. https:\/\/www.hybrid-analysis.com\/.  FalconSandbox. 2020. Hybrid-Analysis. https:\/\/www.hybrid-analysis.com\/."},{"key":"e_1_3_2_2_18_1","volume-title":"Zeus: King of the Bots. https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/security-center\/whitepapers\/ security-response-zeus-king-of-bots-09-en.pdf.","author":"Falliere Nicolas","year":"2019","unstructured":"Nicolas Falliere and Eric Chien . 2019 . Zeus: King of the Bots. https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/security-center\/whitepapers\/ security-response-zeus-king-of-bots-09-en.pdf. Nicolas Falliere and Eric Chien. 2019. Zeus: King of the Bots. https:\/\/www.symantec.com\/content\/dam\/symantec\/docs\/security-center\/whitepapers\/ security-response-zeus-king-of-bots-09-en.pdf."},{"key":"e_1_3_2_2_19_1","unstructured":"Hex-Rays. 2020. IDA F.L.I.R.T. https:\/\/www.hex-rays.com\/products\/ida\/tech\/flirt\/in_depth.shtml.  Hex-Rays. 2020. IDA F.L.I.R.T. https:\/\/www.hex-rays.com\/products\/ida\/tech\/flirt\/in_depth.shtml."},{"key":"e_1_3_2_2_20_1","volume-title":"28th USENIX Security Symposium USENIX Security 19","author":"Jung Jinho","year":"2019","unstructured":"Jinho Jung , Hong Hu , David Solodukhin , Daniel Pagan , Kyu Hyung Lee , and Taesoo Kim . 2019 . Fuzzification: Anti-fuzzing techniques . In 28th USENIX Security Symposium USENIX Security 19 . 1913--1930. Jinho Jung, Hong Hu, David Solodukhin, Daniel Pagan, Kyu Hyung Lee, and Taesoo Kim. 2019. Fuzzification: Anti-fuzzing techniques. In 28th USENIX Security Symposium USENIX Security 19. 1913--1930."},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPRO.2015.10"},{"key":"e_1_3_2_2_22_1","unstructured":"Jacob Kastrenakes. 2019. Agent Smith Malware Has Replaced Android Apps' Code on 25 Million Devices. https:\/\/www.theverge.com\/2019\/7\/10\/20688885\/agentsmith-android-malware-25-million-infections.  Jacob Kastrenakes. 2019. Agent Smith Malware Has Replaced Android Apps' Code on 25 Million Devices. https:\/\/www.theverge.com\/2019\/7\/10\/20688885\/agentsmith-android-malware-25-million-infections."},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813642"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046740"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053035"},{"key":"e_1_3_2_2_26_1","unstructured":"LordNoteworty. 2020. Al-Khaser. https:\/\/github.com\/LordNoteworthy\/al-khaser.  LordNoteworty. 2020. Al-Khaser. https:\/\/github.com\/LordNoteworthy\/al-khaser."},{"key":"e_1_3_2_2_27_1","unstructured":"Masrepus vfsrfs garanews. 2020. Unpacking PE files using Unicorn Engine. https:\/\/github.com\/unipacker\/unipacker.  Masrepus vfsrfs garanews. 2020. Unpacking PE files using Unicorn Engine. https:\/\/github.com\/unipacker\/unipacker."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_2_29_1","unstructured":"Yuval Nativ. 2021. theZoo. https:\/\/thezoo.morirt.com\/.  Yuval Nativ. 2021. theZoo. https:\/\/thezoo.morirt.com\/."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359812"},{"key":"e_1_3_2_2_31_1","volume-title":"23rd USENIX Security Symposium USENIX Security 14","author":"Peng Fei","year":"2014","unstructured":"Fei Peng , Zhui Deng , Xiangyu Zhang , Dongyan Xu , Zhiqiang Lin , and Zhendong Su . 2014 . X-force: Force-executing binary programs for security applications . In 23rd USENIX Security Symposium USENIX Security 14 . 829--844. Fei Peng, Zhui Deng, Xiangyu Zhang, Dongyan Xu, Zhiqiang Lin, and Zhendong Su. 2014. X-force: Force-executing binary programs for security applications. In 23rd USENIX Security Symposium USENIX Security 14. 829--844."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"e_1_3_2_2_34_1","volume-title":"andWenke Lee","author":"Sharif Monirul I","year":"2008","unstructured":"Monirul I Sharif , Andrea Lanzi , Jonathon T Giffin , andWenke Lee . 2008 . Impeding Malware Analysis Using Conditional Code Obfuscation.. In NDSS. Citeseer . Monirul I Sharif, Andrea Lanzi, Jonathon T Giffin, andWenke Lee. 2008. Impeding Malware Analysis Using Conditional Code Obfuscation.. In NDSS. Citeseer."},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"crossref","unstructured":"Yan Shoshitaishvili Ruoyu Wang Christophe Hauser Christopher Kruegel and Giovanni Vigna. 2015. Firmalice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware.  Yan Shoshitaishvili Ruoyu Wang Christophe Hauser Christopher Kruegel and Giovanni Vigna. 2015. Firmalice-Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware.","DOI":"10.14722\/ndss.2015.23294"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"key":"e_1_3_2_2_37_1","unstructured":"The Linux Foundation. 2020. gRPC. https:\/\/grpc.io\/about\/.  The Linux Foundation. 2020. gRPC. https:\/\/grpc.io\/about\/."},{"key":"e_1_3_2_2_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.46"},{"key":"e_1_3_2_2_39_1","unstructured":"Vector35. 2020. BinaryNinja Intermediate Language. https:\/\/docs.binary.ninja\/dev\/bnil-llil.html.  Vector35. 2020. BinaryNinja Intermediate Language. https:\/\/docs.binary.ninja\/dev\/bnil-llil.html."},{"key":"e_1_3_2_2_40_1","unstructured":"VirusTotal. 2021. VirusTotal. https:\/\/virustotal.com\/.  VirusTotal. 2021. VirusTotal. https:\/\/virustotal.com\/."},{"key":"e_1_3_2_2_41_1","unstructured":"Wine. 2020. Wine API to Forward Windows API. https:\/\/source.winehq.org\/WineAPI\/.  Wine. 2020. Wine API to Forward Windows API. https:\/\/source.winehq.org\/WineAPI\/."},{"key":"e_1_3_2_2_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.56"},{"key":"e_1_3_2_2_43_1","volume-title":"2016 IEEE symposium on security and privacy (SP). IEEE, 377--396","author":"Yanick Fratantonio","year":"2016","unstructured":"Fratantonio Yanick , Bianchi Antonio , Robertson William , Kirda Engin , Kruegel Christopher , and Vigna Giovanni . 2016 . TriggerScope: Towards detecting logic bombs in android applications . In 2016 IEEE symposium on security and privacy (SP). IEEE, 377--396 . Fratantonio Yanick, Bianchi Antonio, Robertson William, Kirda Engin, Kruegel Christopher, and Vigna Giovanni. 2016. TriggerScope: Towards detecting logic bombs in android applications. In 2016 IEEE symposium on security and privacy (SP). IEEE, 377--396."},{"key":"e_1_3_2_2_44_1","unstructured":"Michal Zalewski. 2019. American Fuzzy Lop (2.52b). http:\/\/lcamtuf.coredump.cx\/afl.  Michal Zalewski. 2019. American Fuzzy Lop (2.52b). http:\/\/lcamtuf.coredump.cx\/afl."}],"event":{"name":"ASIA CCS '21: ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event Hong Kong","acronym":"ASIA CCS '21"},"container-title":["Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3457894","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3433210.3457894","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3433210.3457894","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3433210.3457894","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:12Z","timestamp":1750193292000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3457894"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,24]]},"references-count":44,"alternative-id":["10.1145\/3433210.3457894","10.1145\/3433210"],"URL":"https:\/\/doi.org\/10.1145\/3433210.3457894","relation":{},"subject":[],"published":{"date-parts":[[2021,5,24]]},"assertion":[{"value":"2021-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}