{"id":"https://openalex.org/W2807637148","doi":"https://doi.org/10.1007/978-3-319-93411-2_8","title":"Evasive Malware via Identifier Implanting","display_name":"Evasive Malware via Identifier Implanting","publication_year":2018,"publication_date":"2018-01-01","ids":{"openalex":"https://openalex.org/W2807637148","doi":"https://doi.org/10.1007/978-3-319-93411-2_8","mag":"2807637148"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-319-93411-2_8","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-93411-2_8","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-3-319-93411-2_8.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://link.springer.com/content/pdf/10.1007%2F978-3-319-93411-2_8.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082125949","display_name":"Rui Tanabe","orcid":"https://orcid.org/0000-0002-0246-5720"},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Rui Tanabe","raw_affiliation_strings":["Yokohama National University, YNU, Yokohama, Japan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Yokohama National University, YNU, Yokohama, Japan","institution_ids":["https://openalex.org/I180203408"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064042076","display_name":"Wataru Ueno","orcid":null},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Wataru Ueno","raw_affiliation_strings":["Yokohama National University, YNU, Yokohama, Japan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Yokohama National University, YNU, Yokohama, Japan","institution_ids":["https://openalex.org/I180203408"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5027961656","display_name":"Kou Ishii","orcid":null},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Kou Ishii","raw_affiliation_strings":["Yokohama National University, YNU, Yokohama, Japan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Yokohama National University, YNU, Yokohama, Japan","institution_ids":["https://openalex.org/I180203408"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028367744","display_name":"Katsunari Yoshioka","orcid":"https://orcid.org/0000-0003-0964-8631"},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Katsunari Yoshioka","raw_affiliation_strings":["Yokohama National University, YNU, Yokohama, Japan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Yokohama National University, YNU, Yokohama, Japan","institution_ids":["https://openalex.org/I180203408"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108109302","display_name":"Tsutomu Matsumoto","orcid":null},"institutions":[{"id":"https://openalex.org/I180203408","display_name":"Yokohama National University","ror":"https://ror.org/03zyp6p76","country_code":"JP","type":"education","lineage":["https://openalex.org/I180203408"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Tsutomu Matsumoto","raw_affiliation_strings":["Yokohama National University, YNU, Yokohama, Japan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Yokohama National University, YNU, Yokohama, Japan","institution_ids":["https://openalex.org/I180203408"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038230397","display_name":"Takahiro Kasama","orcid":null},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Takahiro Kasama","raw_affiliation_strings":["National Institute of Information and Communications Technology, NICT, Koganei, Japan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology, NICT, Koganei, Japan","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071687365","display_name":"Daisuke Inoue","orcid":"https://orcid.org/0000-0002-4373-0834"},"institutions":[{"id":"https://openalex.org/I90023481","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349","country_code":"JP","type":"facility","lineage":["https://openalex.org/I90023481"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Daisuke Inoue","raw_affiliation_strings":["National Institute of Information and Communications Technology, NICT, Koganei, Japan"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National Institute of Information and Communications Technology, NICT, Koganei, Japan","institution_ids":["https://openalex.org/I90023481"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033589837","display_name":"Christian Rossow","orcid":"https://orcid.org/0000-0003-2470-8444"},"institutions":[{"id":"https://openalex.org/I91712215","display_name":"Saarland University","ror":"https://ror.org/01jdpyv68","country_code":"DE","type":"education","lineage":["https://openalex.org/I91712215"]},{"id":"https://openalex.org/I4210128801","display_name":"Helmholtz Center for Information Security","ror":"https://ror.org/02njgxr09","country_code":"DE","type":"facility","lineage":["https://openalex.org/I1305996414","https://openalex.org/I4210128801"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Christian Rossow","raw_affiliation_strings":["Center for IT-Security, Privacy, and Accountability, CISPA, Saarland University, Saarbr\u00fccken, Germany"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Center for IT-Security, Privacy, and Accountability, CISPA, Saarland University, Saarbr\u00fccken, Germany","institution_ids":["https://openalex.org/I4210128801","https://openalex.org/I91712215"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5082125949"],"corresponding_institution_ids":["https://openalex.org/I180203408"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":{"value":5000,"currency":"EUR","value_usd":5392},"fwci":2.6031,"has_fulltext":true,"cited_by_count":13,"citation_normalized_percentile":{"value":0.92709706,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"162","last_page":"184"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8707162141799927},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.797398567199707},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.738244891166687},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6247738599777222},{"id":"https://openalex.org/keywords/identifier","display_name":"Identifier","score":0.5657511949539185},{"id":"https://openalex.org/keywords/cryptovirology","display_name":"Cryptovirology","score":0.4861876368522644},{"id":"https://openalex.org/keywords/cache","display_name":"Cache","score":0.4574204981327057},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.22928807139396667},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.11633899807929993}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8707162141799927},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.797398567199707},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.738244891166687},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6247738599777222},{"id":"https://openalex.org/C154504017","wikidata":"https://www.wikidata.org/wiki/Q853614","display_name":"Identifier","level":2,"score":0.5657511949539185},{"id":"https://openalex.org/C84525096","wikidata":"https://www.wikidata.org/wiki/Q3506050","display_name":"Cryptovirology","level":3,"score":0.4861876368522644},{"id":"https://openalex.org/C115537543","wikidata":"https://www.wikidata.org/wiki/Q165596","display_name":"Cache","level":2,"score":0.4574204981327057},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.22928807139396667},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.11633899807929993}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1007/978-3-319-93411-2_8","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-93411-2_8","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-3-319-93411-2_8.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"}],"best_oa_location":{"id":"doi:10.1007/978-3-319-93411-2_8","is_oa":true,"landing_page_url":"https://doi.org/10.1007/978-3-319-93411-2_8","pdf_url":"https://link.springer.com/content/pdf/10.1007%2F978-3-319-93411-2_8.pdf","source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.6899999976158142}],"awards":[{"id":"https://openalex.org/G8128106390","display_name":"Secure Information Sharing Sensor Delivery event Network","funder_award_id":"700176","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"},{"id":"https://openalex.org/F4320324891","display_name":"Iran Telecommunication Research Center","ror":"https://ror.org/01a3g2z22"},{"id":"https://openalex.org/F4320335839","display_name":"National Institute of Information and Communications Technology","ror":"https://ror.org/016bgq349"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2807637148.pdf","grobid_xml":"https://content.openalex.org/works/W2807637148.grobid-xml"},"referenced_works_count":40,"referenced_works":["https://openalex.org/W7103708","https://openalex.org/W23711711","https://openalex.org/W78162143","https://openalex.org/W170652726","https://openalex.org/W191656338","https://openalex.org/W1630225947","https://openalex.org/W1650881334","https://openalex.org/W1851403712","https://openalex.org/W1910686388","https://openalex.org/W1992181084","https://openalex.org/W2015790908","https://openalex.org/W2032151752","https://openalex.org/W2054897983","https://openalex.org/W2065339563","https://openalex.org/W2066220442","https://openalex.org/W2067547021","https://openalex.org/W2075338504","https://openalex.org/W2084944235","https://openalex.org/W2090534521","https://openalex.org/W2115175195","https://openalex.org/W2117030266","https://openalex.org/W2120297918","https://openalex.org/W2125743503","https://openalex.org/W2126881776","https://openalex.org/W2131726714","https://openalex.org/W2140807364","https://openalex.org/W2145688371","https://openalex.org/W2158874007","https://openalex.org/W2159764755","https://openalex.org/W2163292449","https://openalex.org/W2176830056","https://openalex.org/W2193838104","https://openalex.org/W2199478250","https://openalex.org/W2211880739","https://openalex.org/W2233063544","https://openalex.org/W2256284630","https://openalex.org/W2517430515","https://openalex.org/W2712617220","https://openalex.org/W2742844465","https://openalex.org/W2914982603"],"related_works":["https://openalex.org/W2477251628","https://openalex.org/W4249009605","https://openalex.org/W4238812282","https://openalex.org/W2614215062","https://openalex.org/W2955025905","https://openalex.org/W3135367783","https://openalex.org/W2056920038","https://openalex.org/W10035208","https://openalex.org/W43384612","https://openalex.org/W2785643584"],"abstract_inverted_index":{"To":[0,222],"cope":[1],"with":[2,72],"the":[3,27,32,102,107,132,140,146,163,183,190,219],"increasing":[4],"number":[5],"of":[6,192],"malware":[7,43,61,79,109,156,209],"attacks":[8],"that":[9,42,80,106,157,188,202],"organizations":[10],"face,":[11],"anti-malware":[12],"appliances":[13,24,238],"and":[14,47,60,119,166,231],"sandboxes":[15,178,193],"have":[16,25,40],"become":[17,26],"an":[18,53,97],"integral":[19],"security":[20,210],"defense.":[21],"In":[22],"particular,":[23],"de":[28],"facto":[29],"standard":[30],"in":[31,52,115,139],"fight":[33],"against":[34,224],"targeted":[35,88,220],"attacks.":[36,244],"Yet":[37],"recent":[38],"incidents":[39],"demonstrated":[41],"can":[44,67,110,179],"effectively":[45],"detect":[46,186],"thus":[48],"evade":[49],"sandboxes,":[50],"resulting":[51],"ongoing":[54],"arms":[55,70],"race":[56,71],"between":[57],"sandbox":[58],"developers":[59],"authors.":[62],"We":[63,90,126,151],"show":[64,201],"how":[65],"attackers":[66],"escape":[68],"this":[69,112,203,225],"what":[73],"we":[74,228],"call":[75],"customized":[76,108,155],"malware,":[77],"i.e.,":[78],"only":[81,120,213],"exposes":[82,122],"its":[83,123,215],"malicious":[84,124],"behavior":[85,217],"on":[86,101,162,207,218],"a":[87,92,116,154,195,232],"system.":[89,221],"present":[91],"web-based":[93],"reconnaissance":[94],"strategy,":[95],"where":[96],"actor":[98],"leaves":[99],"marks":[100],"target":[103,133],"system":[104,114,197],"such":[105,135,243],"recognize":[111],"particular":[113],"later":[117],"stage,":[118],"then":[121,152],"behavior.":[125],"propose":[127],"to":[128,185,236,240],"implant":[129],"identifiers":[130],"into":[131],"system,":[134],"as":[136,174],"unique":[137],"entries":[138],"browser":[141],"history,":[142],"cache,":[143],"cookies,":[144],"or":[145,194],"DNS":[147],"stub":[148],"resolver":[149],"cache.":[150],"prototype":[153,204],"searches":[158],"for":[159,242],"these":[160],"implants":[161,170],"executing":[164],"environment":[165],"denies":[167],"execution":[168],"if":[169],"do":[171],"not":[172],"exist":[173],"expected.":[175],"This":[176],"way,":[177],"be":[180],"evaded":[181],"without":[182],"need":[184],"artifacts":[187],"witness":[189],"existence":[191],"real":[196,216],"environment.":[198],"Our":[199],"results":[200],"remains":[205],"undetected":[206],"commercial":[208],"appliances,":[211],"while":[212],"exposing":[214],"defend":[223],"novel":[226],"attack,":[227],"discuss":[229],"countermeasures":[230],"responsible":[233],"disclosure":[234],"process":[235],"allow":[237],"vendors":[239],"prepare":[241]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":4},{"year":2019,"cited_by_count":1},{"year":2018,"cited_by_count":1}],"updated_date":"2026-06-14T07:44:22.658603","created_date":"2025-10-10T00:00:00"}