{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,5,27]],"date-time":"2024-05-27T15:10:40Z","timestamp":1716822640502},"reference-count":24,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"12","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Inf. & Syst."],"published-print":{"date-parts":[[2018,12,1]]},"DOI":"10.1587\/transinf.2017edp7424","type":"journal-article","created":{"date-parts":[[2018,11,30]],"date-time":"2018-11-30T22:27:17Z","timestamp":1543616837000},"page":"3083-3091","source":"Crossref","is-referenced-by-count":3,"title":["BareUnpack: Generic Unpacking on the Bare-Metal Operating System"],"prefix":"10.1587","volume":"E101.D","author":[{"given":"Binlin","family":"CHENG","sequence":"first","affiliation":[{"name":"Faculty School of Computer Science, Hubei Normal University"},{"name":"Faculty College of Arts and Science, Hubei Normal University"}]},{"given":"Pengwei","family":"LI","sequence":"additional","affiliation":[{"name":"School of Technology, Nanjing Audit University"}]}],"member":"532","reference":[{"key":"1","doi-asserted-by":"publisher","unstructured":"[1] F. Guo, P. Ferrie, and T.C. Chiueh, \u201cA study of the packer problem and its solutions,\u201d Proc. 11th International Symposium on Recent Advances in Intrusion Detection (RAID'08), 2008. 10.1007\/978-3-540-87403-4_6","DOI":"10.1007\/978-3-540-87403-4_6"},{"key":"2","doi-asserted-by":"crossref","unstructured":"[2] X. Ugarte-Pedrero, D. Balzarotti, I. Santos, and P.G. Bringas, \u201cSok: Deep packer inspection: A longitudinal study of the complexity of run-time packers,\u201d 2015 IEEE Symposium on Security and Privacy (SP), pp.659-673, IEEE, 2015. 10.1109\/sp.2015.46","DOI":"10.1109\/SP.2015.46"},{"key":"3","doi-asserted-by":"crossref","unstructured":"[3] P. Royal, M. Halpin, D. Dagon, R. Edmonds, and W. Lee, \u201cPolyUnpack: Automating the hidden-code extraction of unpack-executing malware,\u201d Proc. 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006. 10.1109\/acsac.2006.38","DOI":"10.1109\/ACSAC.2006.38"},{"key":"4","doi-asserted-by":"crossref","unstructured":"[4] M.G. Kang, P. Poosankam, and H. Yin, \u201cRenovo: A hidden code extractor for packed executables,\u201d Proc. 5th ACM Workshop on Recurring Malcode (WORM'07), pp.46-53, Nov. 2007. 10.1145\/1314389.1314399","DOI":"10.1145\/1314389.1314399"},{"key":"5","doi-asserted-by":"crossref","unstructured":"[5] L. Martignoni, M. Christodorescu, and S. Jha, \u201cOmniUnpack: Fast, generic, and safe unpacking of malware,\u201d Proc. 23nd Annual Computer Security Applications Conference (ACSAC'07), 2007. 10.1109\/acsac.2007.15","DOI":"10.1109\/ACSAC.2007.15"},{"key":"6","doi-asserted-by":"crossref","unstructured":"[6] D. Kirat and G. Vigna, \u201cMalgene: Automatic extraction of malware analysis evasion signature,\u201d Proc. 22nd ACM SIGSAC Conference on Computer and Communications Security, pp.769-780, ACM, 2015. 10.1145\/2810103.2813642","DOI":"10.1145\/2810103.2813642"},{"key":"7","unstructured":"[7] D. Kirat, G. Vigna, and C. Kruegel, \u201cBarecloud: Bare-metal analysis-based evasive malware detection,\u201d USENIX Security Symposium, pp.287-301, 2014."},{"key":"8","doi-asserted-by":"crossref","unstructured":"[8] C. Wressnegger, K. Freeman, F. Yamaguchi, and K. Rieck, \u201cAutomatically inferring malware signatures for anti-virus assisted attacks,\u201d Proc. 2017 ACM on Asia Conference on Computer and Communications Security, pp.587-598, ACM, 2017. 10.1145\/3052973.3053002","DOI":"10.1145\/3052973.3053002"},{"key":"9","doi-asserted-by":"crossref","unstructured":"[9] L. Sun, T. Ebringer, and S. Boztas, \u201cAn automatic anti-anti-vmware technique applicable for multi-stage packed malware,\u201d 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE), pp.17-23, IEEE, 2008. 10.1109\/malware.2008.4690853","DOI":"10.1109\/MALWARE.2008.4690853"},{"key":"10","doi-asserted-by":"crossref","unstructured":"[10] M. Lindorfer, C. Kolbitsch, and P.M. Comparetti, \u201cDetecting environment-sensitive malware,\u201d Recent Advances in Intrusion Detection, pp.338-357, Springer, 2011. 10.1007\/978-3-642-23644-0_18","DOI":"10.1007\/978-3-642-23644-0_18"},{"key":"11","unstructured":"[11] H. Father, \u201cHooking windows api-technics of hooking api functions on windows,\u201d CodeBreakers J., vol.1, no.2, 2004."},{"key":"12","doi-asserted-by":"publisher","unstructured":"[12] C. Willems, T. Holz, and F. Freiling, \u201cToward automated dynamic malware analysis using cwsandbox,\u201d IEEE Security & Privacy, vol.5, no.2, pp.32-39, 2007. 10.1109\/msp.2007.45","DOI":"10.1109\/MSP.2007.45"},{"key":"13","unstructured":"[13] H.c. WANG, Y. SHI, and Z. XUE, \u201cResearch and implementation of secure password input under windows,\u201d Information Security and Communications Privacy, vol.4, pp.53-55, 2011."},{"key":"14","doi-asserted-by":"crossref","unstructured":"[14] J. Berdajs and Z. Bosni\u0107, \u201cExtending applications using an advanced approach to dll injection and api hooking,\u201d Software: Practice and Experience, vol.40, no.7, pp.567-584, June 2010. 10.1002\/spe.973","DOI":"10.1002\/spe.973"},{"key":"15","doi-asserted-by":"publisher","unstructured":"[15] K.A. Roundy and B.P. Miller, \u201cBinary-code obfuscations in prevalent packer tools,\u201d ACM Comput. Surv. (CSUR), vol.46, no.1, p.4, Oct. 2013. 10.1145\/2522968.2522972","DOI":"10.1145\/2522968.2522972"},{"key":"16","doi-asserted-by":"crossref","unstructured":"[16] D. Korczynski, \u201cRepeconstruct: reconstructing binaries with self-modifying code and import address table destruction,\u201d 2016 11th International Conference on Malicious and Unwanted Software (MALWARE), pp.1-8, IEEE, 2016. 10.1109\/malware.2016.7888727","DOI":"10.1109\/MALWARE.2016.7888727"},{"key":"17","doi-asserted-by":"crossref","unstructured":"[17] G. Bonfante, J. Fernandez, J.Y. Marion, B. Rouxel, F. Sabatier, and A. Thierry, \u201cCodisasm: medium scale concatic disassembly of self-modifying binaries with overlapping instructions,\u201d Proc. 22nd ACM SIGSAC Conference on Computer and Communications Security, pp.745-756, ACM, 2015. 10.1145\/2810103.2813627","DOI":"10.1145\/2810103.2813627"},{"key":"18","unstructured":"[18] S. D'Alessio and S. Mariani, \u201cPindemonium: a dbi-based generic unpacker for windows executables,\u201d Proc. 13th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'16), 2016."},{"key":"19","doi-asserted-by":"publisher","unstructured":"[19] C.K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V.J. Reddi, and K. Hazelwood, \u201cPin: building customized program analysis tools with dynamic instrumentation,\u201d Acm sigplan notices, pp.190-200, 2005. 10.1145\/1064978.1065034","DOI":"10.1145\/1064978.1065034"},{"key":"20","doi-asserted-by":"publisher","unstructured":"[20] M. Sharif, V. Yegneswaran, H. Saidi, P. Porras, and W. Lee, \u201cEureka: A framework for enabling static malware analysis,\u201d Proc. 13th European Symposium on Research in Computer Security (ESORICS'08), vol.5283, pp.481-500, 2008. 10.1007\/978-3-540-88313-5_31","DOI":"10.1007\/978-3-540-88313-5_31"},{"key":"21","doi-asserted-by":"crossref","unstructured":"[21] S. Shin and G. Gu, \u201cConficker and beyond: a large-scale empirical study,\u201d Proc. 26th Annual Computer Security Applications Conference, pp.151-160, ACM, 2010. 10.1145\/1920261.1920285","DOI":"10.1145\/1920261.1920285"},{"key":"22","doi-asserted-by":"publisher","unstructured":"[22] S. Shin, G. Gu, N. Reddy, and C.P. Lee, \u201cA large-scale empirical study of conficker,\u201d IEEE Trans. Inf. Forensics Security, vol.7, no.2, pp.676-690, April 2012. 10.1109\/tifs.2011.2173486","DOI":"10.1109\/TIFS.2011.2173486"},{"key":"23","unstructured":"[23] G.L. Garcia, \u201cForensic physical memory analysis: An overview of tools and techniques,\u201d TKK T-110.5290 Seminar on Network Security, pp.305-320, 2007."},{"key":"24","unstructured":"[24] S. Sparks and J. Butler, \u201cShadow Walker: Raising the bar for windows rootkit detection,\u201d Black Hat Japan, vol.11, no.63, pp.504-533, 2005."}],"container-title":["IEICE Transactions on Information and Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E101.D\/12\/E101.D_2017EDP7424\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T12:39:46Z","timestamp":1573043986000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transinf\/E101.D\/12\/E101.D_2017EDP7424\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,12,1]]},"references-count":24,"journal-issue":{"issue":"12","published-print":{"date-parts":[[2018]]}},"URL":"https:\/\/doi.org\/10.1587\/transinf.2017edp7424","relation":{},"ISSN":["0916-8532","1745-1361"],"issn-type":[{"value":"0916-8532","type":"print"},{"value":"1745-1361","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,12,1]]}}}