{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T16:42:44Z","timestamp":1773247364745,"version":"3.50.1"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2016,9,26]],"date-time":"2016-09-26T00:00:00Z","timestamp":1474848000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001659","name":"German Research Foundation","doi-asserted-by":"crossref","id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["EURASIP J. on Info. Security"],"published-print":{"date-parts":[[2016,12]]},"DOI":"10.1186\/s13635-016-0045-0","type":"journal-article","created":{"date-parts":[[2016,9,26]],"date-time":"2016-09-26T12:52:30Z","timestamp":1474894350000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":59,"title":["Hidost: a static machine-learning-based detector of malicious files"],"prefix":"10.1186","volume":"2016","author":[{"given":"Nedim","family":"\u0160rndi\u0107","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pavel","family":"Laskov","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,9,26]]},"reference":[{"key":"45_CR1","unstructured":"Symantec, 2014 Internet Security Threat Report, Volume 19 (2014). https:\/\/www.symantec.com\/content\/en\/us\/enterprise\/other_resources\/b-istr_main_report_v19_21291018.en-us.pdf . Accessed 13 Apr 2015."},{"key":"45_CR2","unstructured":"Cisco, 2014 Annual Security Report (2014). http:\/\/www.cisco.com\/web\/offer\/gist_ty2_asset\/Cisco_2014_ASR.pdf . Accessed 13 Apr 2015."},{"key":"45_CR3","unstructured":"Sophos, Security Threat Report 2014 (2014). http:\/\/www.sophos.com\/en-us\/medialibrary\/pdfs\/other\/sophos-security-threat-report-2014.pdf . Accessed 13 Apr 2015."},{"key":"45_CR4","unstructured":"Symantec, 2014 Internet Security Threat Report, Volume 19, Appendix (2014). https:\/\/www.symantec.com\/content\/en\/us\/enterprise\/other_resources\/b-istr_appendices_v19_221284438.en-us.pdf . Accessed 13 Apr 2015."},{"key":"45_CR5","unstructured":"Symantec, 2015 Internet Security Threat Report, Volume 20 (2015). http:\/\/know.symantec.com\/LP=1123 . Accessed 15 Apr 2015."},{"key":"45_CR6","unstructured":"Recorded Future, Gone in a Flash: Top 10 Vulnerabilities Used by Exploit Kits (2015). https:\/\/www.recordedfuture.com\/top-vulnerabilities-2015\/ . Accessed 15 Nov 2015."},{"key":"45_CR7","doi-asserted-by":"publisher","unstructured":"W-J Li, SJ Stolfo, A Stavrou, E Androulaki, AD Keromytis, in Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). A study of malcode-bearing documents (Springer, 2007), pp. 231\u2013250.","DOI":"10.1007\/978-3-540-73614-1_14"},{"key":"45_CR8","doi-asserted-by":"publisher","unstructured":"ZM Shafiq, SA Khayam, M Farooq, in Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA). Embedded malware detection using markov n-grams (Springer, 2008), pp. 88\u2013107.","DOI":"10.1007\/978-3-540-70542-0_5"},{"key":"45_CR9","unstructured":"Document management - Portable document format - Part 1: PDF 1.7 (2008). https:\/\/www.adobe.com\/devnet\/pdf\/pdf_reference.html . Accessed 23 Jan 2015."},{"key":"45_CR10","doi-asserted-by":"crossref","unstructured":"P Laskov, N \u0160rndi\u0107, in Annual Computer Security Applications Conference (ACSAC). Static detection of malicious JavaScript-bearing PDF documents (ACM, 2011), pp. 373\u2013382.","DOI":"10.1145\/2076732.2076785"},{"key":"45_CR11","doi-asserted-by":"crossref","unstructured":"D Maiorca, G Giacinto, I Corona, in International Workshop on Machine Learning and Data Mining in Pattern Recognition. A pattern recognition system for malicious PDF files detection (Springer, 2012), pp. 510\u2013524.","DOI":"10.1007\/978-3-642-31537-4_40"},{"key":"45_CR12","doi-asserted-by":"crossref","unstructured":"C Smutz, A Stavrou, in Proceedings of the 28th Annual Computer Security Applications Conference. Malicious PDF detection using metadata and structural features (ACM, 2012), pp. 239\u2013248.","DOI":"10.1145\/2420950.2420987"},{"key":"45_CR13","doi-asserted-by":"crossref","unstructured":"N \u0160rndi\u0107, P Laskov, in Proceedings of the 2014 IEEE Symposium on Security and Privacy. Practical evasion of a learning-based classifier: a case study (IEEE Computer Society, 2014), pp. 197\u2013211.","DOI":"10.1109\/SP.2014.20"},{"key":"45_CR14","doi-asserted-by":"crossref","unstructured":"M Polychronakis, KG Anagnostakis, EP Markatos, in Annual Computer Security Applications Conference (ACSAC). Comprehensive shellcode detection using runtime heuristics (ACM, 2010), pp. 287\u2013296.","DOI":"10.1145\/1920261.1920305"},{"key":"45_CR15","doi-asserted-by":"crossref","unstructured":"P Akritidis, EP Markatos, M Polychronakis, KG Anagnostakis, in 20th International Conference on Information Security. STRIDE: Polymorphic sled detection through instruction sequence analysis (Springer, 2005), pp. 375\u2013392.","DOI":"10.1007\/0-387-25660-1_25"},{"key":"45_CR16","unstructured":"Wepawet (2015). http:\/\/wepawet.iseclab.org\/ . Accessed 16 Apr 2015."},{"key":"45_CR17","doi-asserted-by":"crossref","unstructured":"M Cova, C Kruegel, G Vigna, in International Conference on World Wide Web (WWW). Detection and analysis of drive-by-download attacks and malicious JavaScript code (ACM, 2010), pp. 281\u2013290.","DOI":"10.1145\/1772690.1772720"},{"issue":"2","key":"45_CR18","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MSP.2007.45","volume":"5","author":"C Willems","year":"2007","unstructured":"C Willems, T Holz, F Freiling, CWSandbox: towards automated dynamic binary analysis. IEEE Secur. Privacy. 5(2), 32\u201339 (2007).","journal-title":"IEEE Secur. Privacy"},{"key":"45_CR19","unstructured":"KZ Snow, S Krishnan, F Monrose, N Provos, in USENIX Security Symposium. ShellOS: enabling fast detection and forensic analysis of code injection attacks (USENIX Association, 2011)."},{"key":"45_CR20","doi-asserted-by":"crossref","unstructured":"A Tang, S Sethumadhavan, SJ Stolfo, in Research in Attacks, Intrusions and Defenses: 17th International Symposium, RAID 2014, Gothenburg, Sweden, September 17\u201319, 2014, Proceedings, 8688. Unsupervised anomaly-based malware detection using hardware features (Springer, 2014), p. 109.","DOI":"10.1007\/978-3-319-11379-1_6"},{"key":"45_CR21","doi-asserted-by":"crossref","unstructured":"Z Tzermias, G Sykiotakis, M Polychronakis, EP Markatos, in European Workshop on System Security (EuroSec). Combining static and dynamic analysis for the detection of malicious documents (ACM, 2011).","DOI":"10.1145\/1972551.1972555"},{"key":"45_CR22","doi-asserted-by":"crossref","unstructured":"X Lu, J Zhuge, R Wang, Y Cao, Y Chen, in System Sciences (HICSS), 2013 46th Hawaii International Conference On. De-obfuscation and detection of malicious PDF files with high accuracy (IEEE Computer Society, 2013), pp. 4890\u20134899.","DOI":"10.1109\/HICSS.2013.166"},{"issue":"0","key":"45_CR23","doi-asserted-by":"publisher","first-page":"246","DOI":"10.1016\/j.cose.2014.10.014","volume":"48","author":"N Nissim","year":"2015","unstructured":"N Nissim, A Cohen, C Glezer, Y Elovici, Detection of malicious PDF files and directions for enhancements: a state-of-the art survey. Comput. Secur.48(0), 246\u2013266 (2015).","journal-title":"Comput. Secur."},{"key":"45_CR24","doi-asserted-by":"crossref","unstructured":"S Ford, M Cova, C Kruegel, G Vigna, in Computer Security Applications Conference, 2009. ACSAC\u201909. Annual. Analyzing and detecting malicious flash advertisements (IEEE Computer Society, 2009), pp. 363\u2013372.","DOI":"10.1109\/ACSAC.2009.41"},{"key":"45_CR25","doi-asserted-by":"crossref","unstructured":"TV Overveldt, C Kruegel, G Vigna, in Recent Adances in Intrusion Detection (RAID). FlashDetect: ActionScript 3 malware detection (Springer, 2012), pp. 274\u2013293.","DOI":"10.1007\/978-3-642-33338-5_14"},{"key":"45_CR26","unstructured":"N \u0160rndi\u0107, P Laskov, in 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, February 24\u201327, 2013. Detection of malicious PDF files based on hierarchical document structure, (2013). http:\/\/internetsociety.org\/doc\/detection-malicious-pdf-files-based-hierarchical-document-structure ."},{"key":"45_CR27","unstructured":"SWF File Format Specification (version 19) (2012). https:\/\/www.adobe.com\/devnet\/swf.html . Accessed 23 Jan 2015."},{"key":"45_CR28","unstructured":"SWFRETools - A collection of tools for reverse engineering Flash files. https:\/\/github.com\/sporst\/SWFREtools . Accessed 4 Feb 2015."},{"key":"45_CR29","unstructured":"Hidost - Toolset for extracting document structures from PDF and SWF files. https:\/\/github.com\/srndic\/hidost . Accessed 29 Nov 2015."},{"key":"45_CR30","doi-asserted-by":"crossref","unstructured":"Poppler. http:\/\/poppler.freedesktop.org\/ . Accessed 10 Feb 2015.","DOI":"10.1007\/s11552-014-9699-6"},{"key":"45_CR31","unstructured":"K Rieck, T Kr\u00fcger, A Dewald, in Annual Computer Security Applications Conference (ACSAC). Cujo: efficient detection and prevention of drive-by-download attacks, (2010), pp. 31\u201339."},{"issue":"1","key":"45_CR32","first-page":"69","volume":"23","author":"G Widmer","year":"1996","unstructured":"G Widmer, M Kubat, Learning in the presence of concept drift and hidden contexts. Mach. Learn.23(1), 69\u2013101 (1996).","journal-title":"Mach. Learn."},{"key":"45_CR33","doi-asserted-by":"crossref","unstructured":"A Kantchelian, S Afroz, L Huang, AC Islam, B Miller, MC Tschantz, R Greenstadt, AD Joseph, J Tygar, in Proceedings of the 2013 ACM Workshop on Artificial Intelligence and Security. Approaches to adversarial drift (ACM, 2013), pp. 99\u2013110.","DOI":"10.1145\/2517312.2517320"},{"key":"45_CR34","first-page":"2825","volume":"12","author":"F Pedregosa","year":"2011","unstructured":"F Pedregosa, G Varoquaux, A Gramfort, V Michel, B Thirion, O Grisel, M Blondel, P Prettenhofer, R Weiss, V Dubourg, J Vanderplas, A Passos, D Cournapeau, M Brucher, M Perrot, E Duchesnay, scikit-learn: machine learning in Python. J. Mach. Learn. Res.12:, 2825\u20132830 (2011).","journal-title":"J. Mach. Learn. Res."},{"issue":"1","key":"45_CR35","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"L Breiman, Random forests. Mach. Learn.45(1), 5\u201332 (2001).","journal-title":"Mach. Learn."},{"key":"45_CR36","unstructured":"Hidost Reproduction. https:\/\/github.com\/srndic\/hidost-reproduction . Accessed 29 Nov 2015."},{"key":"45_CR37","unstructured":"VirusTotal - Free Online Virus, Malware and URL Scanner. https:\/\/www.virustotal.com\/ . Accessed 6 Mar 2015."}],"container-title":["EURASIP Journal on Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-016-0045-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s13635-016-0045-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s13635-016-0045-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,9]],"date-time":"2022-07-09T05:06:57Z","timestamp":1657343217000},"score":1,"resource":{"primary":{"URL":"https:\/\/jis-eurasipjournals.springeropen.com\/articles\/10.1186\/s13635-016-0045-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,9,26]]},"references-count":37,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2016,12]]}},"alternative-id":["45"],"URL":"https:\/\/doi.org\/10.1186\/s13635-016-0045-0","relation":{},"ISSN":["1687-417X"],"issn-type":[{"value":"1687-417X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,9,26]]},"article-number":"22"}}