{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T07:07:48Z","timestamp":1761808068187},"reference-count":29,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2016,5,4]],"date-time":"2016-05-04T00:00:00Z","timestamp":1462320000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Secur Inform"],"published-print":{"date-parts":[[2016,12]]},"DOI":"10.1186\/s13388-016-0027-2","type":"journal-article","created":{"date-parts":[[2016,5,4]],"date-time":"2016-05-04T07:40:23Z","timestamp":1462347623000},"update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":20,"title":["Detecting obfuscated malware using reduced opcode set and optimised runtime trace"],"prefix":"10.1186","volume":"5","author":[{"given":"Philip","family":"O\u2019kane","sequence":"first","affiliation":[]},{"given":"Sakir","family":"Sezer","sequence":"additional","affiliation":[]},{"given":"Kieran","family":"McLaughlin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,5,4]]},"reference":[{"issue":"1","key":"27_CR1","doi-asserted-by":"crossref","first-page":"42","DOI":"10.1049\/iet-sen.2013.0020","volume":"8","author":"P Okane","year":"2014","unstructured":"Okane P, Sakir S, McLaughlin K, Im EG (2014) Malware detection: program run length against detection rate. IET Softw 8(1):42\u201351","journal-title":"IET Softw"},{"issue":"5","key":"27_CR2","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1109\/MSP.2011.98","volume":"9","author":"P O\u2019Kane","year":"2011","unstructured":"O\u2019Kane P, Sezer S, McLaughlin K (2011) Obfuscation: the hidden malware. IEEE Secur Privacy 9(5):41\u201347","journal-title":"IEEE Secur Privacy"},{"issue":"3","key":"27_CR3","doi-asserted-by":"crossref","first-page":"154","DOI":"10.1016\/j.jvlc.2012.02.002","volume":"23","author":"M Eskandari","year":"2012","unstructured":"Eskandari M, Hashemi S (2012) A graph mining approach for detecting unknown malwares. J Vis Lang Comput 23(3):154\u2013162","journal-title":"J Vis Lang Comput"},{"key":"27_CR4","doi-asserted-by":"crossref","unstructured":"Sung A, Xu J, Chavez P, Mukkamala S, et al (2004) Static analyzer of vicious executables (save). In: Proceedings of the 20th annual computer security applications conference, 2004","DOI":"10.1109\/CSAC.2004.37"},{"key":"27_CR5","doi-asserted-by":"crossref","unstructured":"Tian R, Batten L, Islam R, et al (2009) An automated classification system based on the strings of trojan and virus families. In: Proceedings of the 4rd international conference on malicious and unwanted software: MALWARE, 2009, pp 23\u201330","DOI":"10.1109\/MALWARE.2009.5403021"},{"key":"27_CR6","doi-asserted-by":"crossref","unstructured":"Sami A, Yadegari B, Rahimi H, et al (2010) Malware detection based on mining API calls. In: Proceedings of the 2010 ACM symposium on applied computing, 2010, pp 1020\u20131025","DOI":"10.1145\/1774088.1774303"},{"issue":"11","key":"27_CR7","doi-asserted-by":"crossref","first-page":"955","DOI":"10.1109\/TSE.2005.120","volume":"31","author":"A Lakhotia","year":"2005","unstructured":"Lakhotia A, Kumar EU, Venable M (2005) A method for detecting obfuscated calls in malicious binaries. IEEE Trans Softw Eng 31(11):955\u2013968","journal-title":"IEEE Trans Softw Eng"},{"issue":"2","key":"27_CR8","doi-asserted-by":"crossref","first-page":"156","DOI":"10.1504\/IJESDF.2007.016865","volume":"1","author":"D Bilar","year":"2007","unstructured":"Bilar D (2007) Opcodes as predictor for malware. Int J Electron Secur Digit Forensics 1(2):156\u2013168","journal-title":"Int J Electron Secur Digit Forensics"},{"key":"27_CR9","unstructured":"Bilar D (2007) Callgraph properties of executables and generative mechanisms. AI Communications, special issue on Network Analysis in Natural Sciences and Engineering 20(4): 231\u2013243"},{"key":"27_CR10","unstructured":"Agrawal H (2011) Detection of global metamorphic malware variants using control and data flow analysis. WIPO Patent No. 2011119940, 30 September 2011"},{"key":"27_CR11","doi-asserted-by":"crossref","unstructured":"I Santos, YK Penya, J Devesa, PG Garcia (2009) N-grams-based file signatures for malware detection. S3Lab, Deusto Technological Foundation","DOI":"10.5220\/0001863603170320"},{"key":"27_CR12","doi-asserted-by":"crossref","unstructured":"Santos I, Brezo F, Nieves J, Penya YK, Sanz B, Laorden C, Bringas PG (2010) Opcode-sequence-based malware detection. In: Proceedings of the 2nd international symposium on engineering secure software and systems (ESSoS), Pisa (Italy), 3\u20134th February 2010, LNCS 5965, pp 35\u201343","DOI":"10.1007\/978-3-642-11747-3_3"},{"key":"27_CR13","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1016\/j.ins.2011.08.020","volume":"231","author":"I Santos","year":"2013","unstructured":"Santos I, Brezo F, Ugarte-Pedrero X, Bringas PG (2013) Opcode sequences as representation of executables for data-mining-based unknown malware detection. Inf Sci 231:64\u201382","journal-title":"Inf Sci"},{"key":"27_CR14","doi-asserted-by":"crossref","unstructured":"Anderson B, Storlie C, Lane T (2012, October) Improving malware classification: bridging the static\/dynamic gap. In: Proceedings of the 5th ACM workshop on Security and artificial intelligence, pp 3\u201314. ACM","DOI":"10.1145\/2381896.2381900"},{"issue":"1","key":"27_CR15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1186\/2190-8532-1-1","volume":"1","author":"A Shabtai","year":"2012","unstructured":"Shabtai A, Moskovitch R, Feher C, Dolev S, Elovici Y (2012) Detecting unknown malicious code by applying classification techniques on opcode patterns. Secur Inf 1(1):1\u201322","journal-title":"Secur Inf"},{"key":"27_CR16","doi-asserted-by":"crossref","unstructured":"Moskovitch R, Feher C, Tzachar N, Berger E, Gitelman M, Dolev S, Elovici Y (2008) Unknown malcode detection using opcode representation. In: Proceedings of the 1st European conference on intelligence and security informatics (EuroISI08), 2008, pp 204\u2013215","DOI":"10.1007\/978-3-540-89900-6_21"},{"key":"27_CR17","doi-asserted-by":"crossref","unstructured":"Song Y, Locasto M, Stavro A (2007) On the infeasibility of modeling polymorphic shellcode. In: ACM CCS, 2007, pp 541\u2013551","DOI":"10.1145\/1315245.1315312"},{"key":"27_CR18","volume-title":"Reversing: secrets of reverse engineering","author":"E Eilam","year":"2011","unstructured":"Eilam E (2011) Reversing: secrets of reverse engineering. Wiley, New York"},{"key":"27_CR19","unstructured":"Ferrie P (2011) The ultimate anti debugge reference. http:\/\/pferrie.host22.com\/papers\/antidebug.pdf . Written May 2011, last accessed 11 October 2012"},{"key":"27_CR20","unstructured":"Chen X, Andersen J, Mao ZM, Bailey M, Nazario J (2008) Towards an understanding of anti-virtualization and anti-debugging behavior in modern malware. In: ICDSN proceedings, 2008, pp 177\u2013186"},{"key":"27_CR21","unstructured":"Heaven VX (2013) Malware collection. http:\/\/vxheaven.org\/vl.php . Last accessed Oct 2013"},{"issue":"3","key":"27_CR22","doi-asserted-by":"crossref","first-page":"500","DOI":"10.1109\/TIFS.2013.2242890","volume":"8","author":"P O\u2019Kane","year":"2013","unstructured":"O\u2019Kane P, Sezer S, McLaughlin K, Im EG (2013) SVM training phase reduction using dataset feature filtering for malware detection. IEEE Trans Inf Forensics Secur 8(3):500\u2013509","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"27_CR23","isbn-type":"print","doi-asserted-by":"crossref","DOI":"10.1002\/9781118029145","volume-title":"Data mining: concepts, models, methods, and algorithms","author":"M Kantardzic","year":"2011","unstructured":"Kantardzic M (2011) Data mining: concepts, models, methods, and algorithms. Wiley, London. ISBN 0-471-22852-4","ISBN":"http:\/\/id.crossref.org\/isbn\/0471228524"},{"issue":"12","key":"27_CR24","doi-asserted-by":"crossref","first-page":"3140","DOI":"10.1109\/TIT.2002.805090","volume":"48","author":"R Herbrich","year":"2002","unstructured":"Herbrich R, Graepel T (2002) A PAC-Bayesian margin bound for linear classifiers. IEEE Trans Inf Theory 48(12):3140\u20133150","journal-title":"IEEE Trans Inf Theory"},{"key":"27_CR25","series-title":"Pattern Recognition","first-page":"277","volume-title":"Normalization in support vector machines","author":"ABA Graf","year":"2001","unstructured":"Graf ABA, Borer S (2001) Normalization in support vector machines., Pattern RecognitionSpringer, Berlin, Heidelberg, pp 277\u2013282"},{"issue":"1","key":"27_CR26","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/S0169-2607(98)00098-4","volume":"59","author":"J Parke","year":"1999","unstructured":"Parke J, Holford NHG, Charles BG (1999) A procedure for generating bootstrap samples for the validation of nonlinear mixed-effects population models. Comput Methods Programs Biomed 59(1):19\u201329","journal-title":"Comput Methods Programs Biomed"},{"key":"27_CR27","unstructured":"Curtsinger C, Livshits B, Zorn B, Seifert C (2011) Zozzle: low-overhead mostly static javascript malware detection. In: Proceedings of the usenix security symposium, Aug 2011"},{"key":"27_CR28","doi-asserted-by":"crossref","unstructured":"Dahl G, Stokes JW, Deng L, Yu D (2013) Large-scale malware classification using random projections and neural networks. Poster (MLSP-P5.4), May ICASSP 2013, Vancouver Canada, IEEE Signal Processing Society, 2013","DOI":"10.1109\/ICASSP.2013.6638293"},{"key":"27_CR29","doi-asserted-by":"crossref","unstructured":"Ye Y, Wang D, Li T, Ye D (2007) IMDS: intelligent malware detection system. In: Proceedings of the 13th ACM SIGKDD international conference on knowledge discovery and data mining. ACM, 2007","DOI":"10.1145\/1281192.1281308"}],"container-title":["Security Informatics"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13388-016-0027-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s13388-016-0027-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13388-016-0027-2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,7]],"date-time":"2019-09-07T04:31:55Z","timestamp":1567830715000},"score":1,"resource":{"primary":{"URL":"http:\/\/security-informatics.springeropen.com\/articles\/10.1186\/s13388-016-0027-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,5,4]]},"references-count":29,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2016,12]]}},"alternative-id":["27"],"URL":"https:\/\/doi.org\/10.1186\/s13388-016-0027-2","relation":{},"ISSN":["2190-8532"],"issn-type":[{"value":"2190-8532","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,5,4]]},"article-number":"2"}}