{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,28]],"date-time":"2025-07-28T06:33:55Z","timestamp":1753684435561,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,8,17]],"date-time":"2021-08-17T00:00:00Z","timestamp":1629158400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,8,17]]},"DOI":"10.1145\/3465481.3470115","type":"proceedings-article","created":{"date-parts":[[2021,8,16]],"date-time":"2021-08-16T17:57:21Z","timestamp":1629136641000},"page":"1-12","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Accurate and Robust Malware Analysis through Similarity of External Calls Dependency Graphs (ECDG)"],"prefix":"10.1145","author":[{"given":"Cassius","family":"Puodzius","sequence":"first","affiliation":[{"name":"Inria, FR"}]},{"given":"Olivier","family":"Zendra","sequence":"additional","affiliation":[{"name":"Inria, FR"}]},{"given":"Annelie","family":"Heuser","sequence":"additional","affiliation":[{"name":"Irisa, FR"}]},{"given":"Lamine","family":"Noureddine","sequence":"additional","affiliation":[{"name":"Inria, FR"}]}],"member":"320","published-online":{"date-parts":[[2021,8,17]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n.d.]. AV Test - malware statistics. https:\/\/www.av-test.org\/en\/statistics\/malware\/."},{"key":"e_1_3_2_1_2_1","unstructured":"[n.d.]. Yara - VirusTotal. https:\/\/virustotal.github.io\/yara\/."},{"key":"e_1_3_2_1_3_1","unstructured":"2012. VirusTotal. https:\/\/www.virustotal.com."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2857705.2857713"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.5555\/1776434.1776449"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3182657"},{"key":"e_1_3_2_1_7_1","unstructured":"Ulrich Bayer Paolo\u00a0Milani Comparetti Clemens Hlauschek Christopher Kruegel and Engin Kirda. 2009. Scalable behavior-based malware clustering.. In NDSS Vol.\u00a09. Citeseer 8\u201311."},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the Linux Symposium, Vol.\u00a01","author":"Branco Rodrigo\u00a0Rubira","year":"2007","unstructured":"Rodrigo\u00a0Rubira Branco. 2007. Ltrace internals. In Proceedings of the Linux Symposium, Vol.\u00a01. Ottawa, ON, Canada, June, 41\u201352."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLC.2013.6890868"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1287624.1287628"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.20"},{"key":"e_1_3_2_1_12_1","volume-title":"Enhancing the Detection of Metamorphic Malware using Call Graphs. Computers & Security 46 (10","author":"Elhadi Ammar","year":"2014","unstructured":"Ammar Elhadi, Mohd Maarof, Bazara Barry, and Hentabli Hamza. 2014. Enhancing the Detection of Metamorphic Malware using Call Graphs. Computers & Security 46 (10 2014), 62\u201378."},{"key":"e_1_3_2_1_13_1","volume-title":"Structural Comparison of Executable Objects. In In Proceedings of the IEEE Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA. 161\u2013173","author":"Flake Halvar","year":"2004","unstructured":"Halvar Flake. 2004. Structural Comparison of Executable Objects. In In Proceedings of the IEEE Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA. 161\u2013173."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-88625-9_16"},{"volume-title":"Recent Advances in Intrusion Detection","author":"Griffin Kent","key":"e_1_3_2_1_15_1","unstructured":"Kent Griffin, Scott Schneider, Xin Hu, and Tzi-cker Chiueh. 2009. Automatic Generation of String Signatures for Malware Detection. In Recent Advances in Intrusion Detection, Engin Kirda, Somesh Jha, and Davide Balzarotti(Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 101\u2013120."},{"key":"e_1_3_2_1_16_1","volume-title":"Proceedings of the Seventh Australasian Data Mining Conference (AusDM 2008)","author":"Gurrutxaga Ibai","year":"2008","unstructured":"Ibai Gurrutxaga, Olatz Arbelaitz, Jes\u00fas\u00a0M. P\u00e9rez, Javier Muguerza, Jos\u00e9\u00a0Ignacio Mart\u00edn, and I\u00f1igo Perona. 2008. Evaluation of Malware clustering based on its dynamic behaviour. In Proceedings of the Seventh Australasian Data Mining Conference (AusDM 2008)(CRPIT, Vol.\u00a087), John\u00a0F. Roddick, Jiuyong Li, Peter Christen, and Paul\u00a0J. Kennedy (Eds.). Australian Computer Society, 163\u2013170."},{"key":"e_1_3_2_1_17_1","unstructured":"Irfan\u00a0Ul Haq and Juan Caballero. 2019. A Survey of Binary Code Similarity. CoRR abs\/1909.11424(2019). arxiv:1909.11424http:\/\/arxiv.org\/abs\/1909.11424"},{"key":"e_1_3_2_1_18_1","unstructured":"Chuntao Jiang Frans Coenen and Michele Zito. 2004. A Survey of Frequent Subgraph Mining Algorithms."},{"key":"e_1_3_2_1_19_1","volume-title":"ADMA 2010(Lecture Notes in Computer Science, Vol.\u00a06440)","author":"Jiang Chuntao","year":"2010","unstructured":"Chuntao Jiang, Frans Coenen, and Michele Zito. 2010. Finding Frequent Subgraphs in Longitudinal Social Network Data Using a Weighted Graph Mining Approach. In Advanced Data Mining and Applications - 6th International Conference, ADMA 2010(Lecture Notes in Computer Science, Vol.\u00a06440). Springer, 405\u2013416."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1155\/2015\/659101"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.5555\/2070671.2070678"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10618-014-0367-9"},{"volume-title":"Recent Advances in Intrusion Detection","author":"Kruegel Christopher","key":"e_1_3_2_1_23_1","unstructured":"Christopher Kruegel, Engin Kirda, Darren Mutz, William Robertson, and Giovanni Vigna. 2006. Polymorphic Worm Detection Using Structural Information of Executables. In Recent Advances in Intrusion Detection. Springer Berlin Heidelberg, 207\u2013226."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1774088.1774505"},{"key":"e_1_3_2_1_25_1","volume-title":"On Challenges in Evaluating Malware Clustering. In RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010. Proceedings(Lecture Notes in Computer Science, Vol.\u00a06307)","author":"Li Peng","year":"2010","unstructured":"Peng Li, Limin Liu, Debin Gao, and Michael\u00a0K. Reiter. 2010. On Challenges in Evaluating Malware Clustering. In RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010. Proceedings(Lecture Notes in Computer Science, Vol.\u00a06307). Springer, 238\u2013255."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37682-5_8"},{"key":"e_1_3_2_1_27_1","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Ming Jiang","year":"2017","unstructured":"Jiang Ming, Dongpeng Xu, Yufei Jiang, and Dinghao Wu. 2017. BinSim: Trace-based Semantic Binary Diffing via System Call Sliced Segment Equivalence Checking. In 26th USENIX Security Symposium (USENIX Security 17). 253\u2013270."},{"key":"e_1_3_2_1_28_1","volume-title":"Amal: High-fidelity, behavior-based automated malware analysis and classification. computers & security 52(2015), 251\u2013266.","author":"Mohaisen Aziz","year":"2015","unstructured":"Aziz Mohaisen, Omar Alrawi, and Manar Mohaisen. 2015. Amal: High-fidelity, behavior-based automated malware analysis and classification. computers & security 52(2015), 251\u2013266."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-016-0267-1"},{"key":"e_1_3_2_1_30_1","volume-title":"Deriving common malware behavior through graph clustering. Computers & Security 39 (11","author":"Park Younghee","year":"2013","unstructured":"Younghee Park, D.s Reeves, and Mark Stamp. 2013. Deriving common malware behavior through graph clustering. Computers & Security 39 (11 2013), 419\u2013430."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/2011216.2011217"},{"key":"e_1_3_2_1_32_1","volume-title":"Proceedings of the 2007 joint conference on empirical methods in natural language processing and computational natural language learning (EMNLP-CoNLL). 410\u2013420","author":"Rosenberg Andrew","year":"2007","unstructured":"Andrew Rosenberg and Julia Hirschberg. 2007. V-measure: A conditional entropy-based external cluster evaluation measure. In Proceedings of the 2007 joint conference on empirical methods in natural language processing and computational natural language learning (EMNLP-CoNLL). 410\u2013420."},{"key":"e_1_3_2_1_33_1","unstructured":"Florian Roth. 2013. HyarGen. https:\/\/github.com\/Neo23x0\/yarGen"},{"key":"e_1_3_2_1_34_1","unstructured":"Florian Roth. 2015. How to Write Simple but Sound Yara Rules. https:\/\/www.nextron-systems.com\/2015\/02\/16\/write-simple-sound-yara-rules\/"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1016\/0377-0427(87)90125-7"},{"key":"e_1_3_2_1_36_1","first-page":"3","article-title":"Constructing the Call Graph of a Program","volume":"5","author":"Ryder G.","year":"1979","unstructured":"Barbara\u00a0G. Ryder. 1979. Constructing the Call Graph of a Program. IEEE Trans. Softw. Eng. 5, 3 (May 1979), 216\u2013226.","journal-title":"IEEE Trans. Softw. Eng."},{"key":"e_1_3_2_1_37_1","volume-title":"Maat: Automatically Analyzing VirusTotal for Accurate Labeling and Effective Malware Detection. arXiv preprint arXiv:2007.00510(2020).","author":"Salem Aleieldin","year":"2020","unstructured":"Aleieldin Salem, Sebastian Banescu, and Alexander Pretschner. 2020. Maat: Automatically Analyzing VirusTotal for Accurate Labeling and Effective Malware Detection. arXiv preprint arXiv:2007.00510(2020)."},{"volume-title":"2017 12th International Conference for Internet Technology and Secured Transactions (ICITST). 494\u2013497","author":"Sel\u00e7uk A.","key":"e_1_3_2_1_38_1","unstructured":"A.\u00a0A. Sel\u00e7uk, F. Orhan, and B. Batur. 2017. Undecidable problems in malware analysis. In 2017 12th International Conference for Internet Technology and Secured Transactions (ICITST). 494\u2013497."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Shanhu Shang Ning Zheng Jian Xu Ming Xu and Haiping Zhang. 2010. Detecting malware variants via function-call graph similarity. 113 \u2013 120.","DOI":"10.1109\/MALWARE.2010.5665787"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.17"},{"volume-title":"Implementing discrete mathematics - combinatorics and graph theory with Mathematica","author":"Skiena Steven","key":"e_1_3_2_1_41_1","unstructured":"Steven Skiena. 1990. Implementing discrete mathematics - combinatorics and graph theory with Mathematica.Addison-Wesley. I\u2013VIII pages."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1016\/0169-7439(89)80095-4"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1162\/153244303321897735"},{"key":"e_1_3_2_1_44_1","unstructured":"Pang-Ning Tan Michael Steinbach and Vipin Kumar. 2016. Introduction to data mining. Pearson Education India."},{"key":"e_1_3_2_1_45_1","unstructured":"Radare Team. 2020. Radare2 github repository. https:\/\/github.com\/radareorg\/radare2"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"Lingfei Wu Ming Xu Jian Xu Ning Zheng and Haiping Zhang. 2013. A novel malware variants detection method based On function-call graph. 1\u20135.","DOI":"10.1109\/ANTHOLOGY.2013.6784887"},{"key":"e_1_3_2_1_47_1","volume-title":"Proceedings of the 2002 IEEE International Conference on Data Mining (ICDM","author":"Yan Xifeng","year":"2002","unstructured":"Xifeng Yan and Jiawei Han. 2002. gSpan: Graph-Based Substructure Pattern Mining.. In Proceedings of the 2002 IEEE International Conference on Data Mining (ICDM 2002). IEEE Computer Society, Maebashi City, Japan, 721\u2013724."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"crossref","unstructured":"Y. Zhang C. Rong Q. Huang Y. Wu Z. Yang and J. Jiang. 2017. Based on Multi-features and Clustering Ensemble Method for Automatic Malware Categorization. In 2017 IEEE Trustcom\/BigDataSE\/ICESS. 73\u201382.","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.222"},{"key":"e_1_3_2_1_49_1","unstructured":"zynamics. [n.d.]. BinDiff. https:\/\/www.zynamics.com\/bindiff.html."}],"event":{"name":"ARES 2021: The 16th International Conference on Availability, Reliability and Security","acronym":"ARES 2021","location":"Vienna Austria"},"container-title":["Proceedings of the 16th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3465481.3470115","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3465481.3470115","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:17:42Z","timestamp":1750191462000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3465481.3470115"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,17]]},"references-count":49,"alternative-id":["10.1145\/3465481.3470115","10.1145\/3465481"],"URL":"https:\/\/doi.org\/10.1145\/3465481.3470115","relation":{},"subject":[],"published":{"date-parts":[[2021,8,17]]},"assertion":[{"value":"2021-08-17","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}